Does anyone know what restrictions FortiOS 3.0 MR7 places on LDAP bind passwords?
I' ve got our FG310B successfully authenticating with AD, but only when I use a short, weak bind password (8 characters). If I try a stronger passphrase (20 characters), user authentication fails with these debug messages:
fnbamd_fsm.c handle_req-Rcvd auth req 10354705 for <user> in SSL_VPN opt=19 prot=8
fnbamd_ldap.c resolve_ldap_FQDN-Resolved address <ldap-server>, result <ip-address>
fnbamd_ldap.c fnbamd_ldap_get_result-Auth denied
fnbamd_ldap.c fnbamd_ldap_get_result-Going to DONE state res=1
fnbamd_auth.c fnbamd_auth_poll-Result for ldap svr <ldap-server> is denied
fnbamd_comm.c fnbamd_comm_send_result-Sending result 1 for req 10354705
I' ve tested the stronger passphrase from LDP and it binds fine. It' s only the FG that can' t handle it.
Thanks - Simon
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.