Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thor_br
New Contributor

SSL VPN: Authentication Failure LDAP

Hello friends. How are you? Can someone help me?

 

I am unable to authenticate users on VPN via LDAP. Initially I am configuring in LAB.

 

FortiGate-VM64 Firmware v6.0.6 build02729(GA)

[ul]
  • My config VPN SSL:[/ul]

    FortiGate-VM64-KVM # config vpn ssl settings

    FortiGate-VM64-KVM (settings) # show config vpn ssl settings set servercert "Fortinet_Factory" set idle-timeout 18800 set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set dns-server1 192.168.1.100 set port 443 set source-interface "port1" "port2" set source-address "all" set source-address6 "all" set default-portal "full-access" config authentication-rule edit 1 set groups "grp-vpn-ssl-local" set portal "full-access" next edit 2 set groups "grp-vpn-ssl-ldap" set portal "full-access" next end end

    [ul]
  • My config LDAP:[/ul]

    config user ldap edit "LDAP" set server "192.168.1.100" set cnid "sAMAccountName" set dn "DC=lab,DC=local" set type regular set username "srv_user_fortigate@lab.local" set password ENC <password> next end

    [ul]
  • My group LDAP:[/ul]

    config user group edit "SSO_Guest_Users" next edit "Guest-group" set member "guest" next edit "grp-vpn-ssl-local" set member "ish-vpn-ssl-local" next edit "grp-vpn-ssl-ldap" set member "LDAP" config match edit 1 set server-name "LDAP" set group-name "CN=VPN_SSL,CN=Users,DC=lab,DC=local" next edit 2 set server-name "LDAP" set group-name "CN=VPNSSL1,OU=VPN,DC=lab,DC=local" next end next end

    [ul]
  • test ldap auth met ldap server[/ul]

    diagnose test authserver ldap "LDAP" "user_vpn" <password> authenticate 'user_vpn' against 'LDAP' succeeded! Group membership(s) - CN=VPNSSL1,OU=VPN,DC=lab,DC=local CN=VPN_SSL,CN=Users,DC=lab,DC=local CN=Domain Users,CN=Users,DC=lab,DC=local

    [ul]
  • sslvpn debuggen[/ul]

    FortiGate-VM64-KVM # diagnose debug application sslvpn -1 Debug messages will be on for 30 minutes.

    FortiGate-VM64-KVM # diagnose debug enable

    FortiGate-VM64-KVM # [125:root:d8]allocSSLConn:281 sconn 0x7f0475c4f400 (0:root) [125:root:d9]allocSSLConn:281 sconn 0x7f0475d81400 (0:root) [125:root:d8]SSL state:before SSL initialization (192.168.1.2) [125:root:d8]SSL state:before SSL initialization (192.168.1.2) [125:root:d8]client cert requirement: no [125:root:d8]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:da]allocSSLConn:281 sconn 0x7f0475d83000 (0:root) [125:root:d9]SSL state:before SSL initialization (192.168.1.2) [125:root:d9]SSL state:before SSL initialization (192.168.1.2) [125:root:d9]client cert requirement: no [125:root:d9]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:db]allocSSLConn:281 sconn 0x7f0475d84c00 (0:root) [125:root:da]SSL state:before SSL initialization (192.168.1.2) [125:root:da]SSL state:before SSL initialization (192.168.1.2) [125:root:da]client cert requirement: no [125:root:da]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:db]SSL state:before SSL initialization (192.168.1.2) [125:root:db]SSL state:before SSL initialization (192.168.1.2) [125:root:db]client cert requirement: no [125:root:db]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:d8]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:d8]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:d8]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:d9]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:d9]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:d9]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:d9]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:db]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:db]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:db]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:db]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:da]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:da]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:da]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:da]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:d8]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475c4f400. [125:root:d8]Destroy sconn 0x7f0475c4f400, connSize=3. (root) [125:root:d9]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475d81400. [125:root:d9]Destroy sconn 0x7f0475d81400, connSize=2. (root) [125:root:db]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475d84c00. [125:root:db]Destroy sconn 0x7f0475d84c00, connSize=1. (root) [125:root:da]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475d83000. [125:root:da]Destroy sconn 0x7f0475d83000, connSize=0. (root) [125:root:dc]allocSSLConn:281 sconn 0x7f0475c4f400 (0:root) [125:root:dc]SSL state:before SSL initialization (192.168.1.2) [125:root:dc]SSL state:before SSL initialization (192.168.1.2) [125:root:dc]client cert requirement: no [125:root:dc]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:dd]allocSSLConn:281 sconn 0x7f0475dd6400 (0:root) [125:root:de]allocSSLConn:281 sconn 0x7f0475dd8000 (0:root) [125:root:dc]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:dc]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:dc]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:dc]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:dc]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475c4f400. [125:root:dc]Destroy sconn 0x7f0475c4f400, connSize=2. (root) [125:root:dd]SSL state:before SSL initialization (192.168.1.2) [125:root:dd]SSL state:before SSL initialization (192.168.1.2) [125:root:dd]client cert requirement: no [125:root:dd]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:de]SSL state:before SSL initialization (192.168.1.2) [125:root:de]SSL state:before SSL initialization (192.168.1.2) [125:root:de]client cert requirement: no [125:root:de]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:dd]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:dd]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:dd]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:dd]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dd6400. [125:root:dd]Destroy sconn 0x7f0475dd6400, connSize=1. (root) [125:root:de]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:de]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:de]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:de]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:df]allocSSLConn:281 sconn 0x7f0475c4f400 (0:root) [125:root:de]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dd8000. [125:root:de]Destroy sconn 0x7f0475dd8000, connSize=1. (root) [125:root:df]SSL state:before SSL initialization (192.168.1.2) [125:root:df]SSL state:before SSL initialization (192.168.1.2) [125:root:df]client cert requirement: no [125:root:df]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write certificate (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write key exchange (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write server done:system lib(192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write server done (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS read client key exchange (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write session ticket (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:df]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:df]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:df]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:df]req: / [125:root:df]mza: 0x25539f0 /rmt_index.html [125:root:df]def: 0x25539f0 /rmt_index.html [125:root:df]req: /remote/login [125:root:df]req: /remote/login?lang=en [125:root:df]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:df]rmt_web_get_access_cache:758 invalid cache, ret=4103 [125:root:df]req: /css/main-blue.css [125:root:df]mza: 0x25539a0 /css/main-blue.css [125:root:e0]allocSSLConn:281 sconn 0x7f0475dbf000 (0:root) [125:root:e0]SSL state:before SSL initialization (192.168.1.2) [125:root:e0]SSL state:before SSL initialization (192.168.1.2) [125:root:e0]client cert requirement: no [125:root:e0]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:e1]allocSSLConn:281 sconn 0x7f0475dbc400 (0:root) [125:root:e1]SSL state:before SSL initialization (192.168.1.2) [125:root:e1]SSL state:before SSL initialization (192.168.1.2) [125:root:e1]client cert requirement: no [125:root:e1]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e1]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e1]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e1]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:e2]allocSSLConn:281 sconn 0x7f0475dc2400 (0:root) [125:root:e1]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dbc400. [125:root:e1]Destroy sconn 0x7f0475dbc400, connSize=3. (root) [125:root:e0]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e0]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e0]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e0]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:e3]allocSSLConn:281 sconn 0x7f0475dbc400 (0:root) [125:root:e0]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dbf000. [125:root:e0]Destroy sconn 0x7f0475dbf000, connSize=3. (root) [125:root:e2]SSL state:before SSL initialization (192.168.1.2) [125:root:e2]SSL state:before SSL initialization (192.168.1.2) [125:root:e2]client cert requirement: no [125:root:e2]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e2]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e2]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e2]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:e3]SSL state:before SSL initialization (192.168.1.2) [125:root:e3]SSL state:before SSL initialization (192.168.1.2) [125:root:e3]client cert requirement: no [125:root:e3]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:e2]req: /sslvpn/js/login.js?q=5ab9372677fde45ab6 [125:root:e2]mza: 0x25539b0 /sslvpn/js/login.js [125:root:e3]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e3]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e3]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e3]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:e3]req: /remote/fgt_lang?lang=en [125:root:e3]req: /remote/logincheck [125:root:e3]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:e3]rmt_web_access_check:684 access failed, uri=[/remote/logincheck],ret=4103, [125:root:e3]rmt_logincheck_cb_handler:965 user 'user_vpn' has a matched local entry. [125:root:e3]sslvpn_auth_check_usrgroup:1773 forming user/group list from policy. [125:root:e3]sslvpn_auth_check_usrgroup:1815 got user (1) group (0:0). [125:root:e3]sslvpn_validate_user_group_list:1443 validating with SSL VPN authentication rules (2), realm (). [125:root:e3]sslvpn_validate_user_group_list:1491 checking rule 1 cipher. [125:root:e3]sslvpn_validate_user_group_list:1499 checking rule 1 realm. [125:root:e3]sslvpn_validate_user_group_list:1510 checking rule 1 source intf. [125:root:e3]sslvpn_validate_user_group_list:1549 checking rule 1 vd source intf. [125:root:e3]sslvpn_validate_user_group_list:1621 rule 1 done, got user (0) group (0:0). [125:root:e3]sslvpn_validate_user_group_list:1491 checking rule 2 cipher. [125:root:e3]sslvpn_validate_user_group_list:1499 checking rule 2 realm. [125:root:e3]sslvpn_validate_user_group_list:1510 checking rule 2 source intf. [125:root:e3]sslvpn_validate_user_group_list:1621 rule 2 done, got user (0) group (0:0). [125:root:e3]sslvpn_validate_user_group_list:1709 got user (1), group (0:0). [125:root:e3]two factor check for user_vpn: off [125:root:e3]sslvpn_authenticate_user:169 authenticate user: [user_vpn] [125:root:e3]sslvpn_authenticate_user:176 create fam state [125:root:e3]fam_auth_send_req:575 with server blacklist: [125:root:e3]fam_auth_send_req:685 clear local user flag and do authentication again. [125:root:e3]fam_auth_send_req:575 with server blacklist: [125:root:e3]fam_auth_send_req:695 task finished with 5 [125:root:e3]login_failed:330 user[user_vpn],auth_type=0 failed [sslvpn_login_unknown_user] [125:root:0]dump_one_blocklist:83 status=1;host=192.168.1.2;fails=1;logintime=1564767681 [125:root:e3]req: /remote/login?&err=sslvpn_login_permissi [125:root:e3]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:e3]rmt_web_get_access_cache:758 invalid cache, ret=4103 [125:root:e3]req: /css/main-blue.css [125:root:e3]mza: 0x25539a0 /css/main-blue.css [125:root:e2]req: /sslvpn/js/login.js?q=5ab9372677fde45ab6 [125:root:e2]mza: 0x25539b0 /sslvpn/js/login.js [125:root:e2]req: /remote/fgt_lang?lang=en

    [ul]
  • authenticatie debuggen[/ul]

    FortiGate-VM64-KVM # diagnose debug application fnbamd 255 Debug messages will be on for 26 minutes.

    FortiGate-VM64-KVM # diagnose debug console

    FortiGate-VM64-KVM # diagnose debug enable

    FortiGate-VM64-KVM # [125:root:e8]allocSSLConn:281 sconn 0x7f0475c4f400 (0:root) [125:root:e9]allocSSLConn:281 sconn 0x7f0475dce400 (0:root) [125:root:e8]SSL state:before SSL initialization (192.168.1.2) [125:root:e8]SSL state:before SSL initialization (192.168.1.2) [125:root:e8]client cert requirement: no [125:root:e8]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e8]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e8]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e8]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ea]allocSSLConn:281 sconn 0x7f0475dd0000 (0:root) [125:root:e8]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475c4f400. [125:root:e8]Destroy sconn 0x7f0475c4f400, connSize=2. (root) [125:root:e9]SSL state:before SSL initialization (192.168.1.2) [125:root:e9]SSL state:before SSL initialization (192.168.1.2) [125:root:e9]client cert requirement: no [125:root:e9]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:e9]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:e9]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:e9]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:eb]allocSSLConn:281 sconn 0x7f0475c4f400 (0:root) [125:root:e9]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dce400. [125:root:e9]Destroy sconn 0x7f0475dce400, connSize=2. (root) [125:root:ea]SSL state:before SSL initialization (192.168.1.2) [125:root:ea]SSL state:before SSL initialization (192.168.1.2) [125:root:ea]client cert requirement: no [125:root:ea]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:eb]SSL state:before SSL initialization (192.168.1.2) [125:root:eb]SSL state:before SSL initialization (192.168.1.2) [125:root:eb]client cert requirement: no [125:root:eb]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:eb]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:eb]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:eb]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ec]allocSSLConn:281 sconn 0x7f0475dce400 (0:root) [125:root:eb]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475c4f400. [125:root:eb]Destroy sconn 0x7f0475c4f400, connSize=2. (root) [125:root:ea]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:ea]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:ea]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:ea]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ea]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dd0000. [125:root:ea]Destroy sconn 0x7f0475dd0000, connSize=1. (root) [125:root:ec]SSL state:before SSL initialization (192.168.1.2) [125:root:ec]SSL state:before SSL initialization (192.168.1.2) [125:root:ec]client cert requirement: no [125:root:ec]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:ec]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:ec]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:ec]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ec]req: / [125:root:ec]mza: 0x25539f0 /rmt_index.html [125:root:ec]def: 0x25539f0 /rmt_index.html [125:root:ec]req: /remote/login [125:root:ec]req: /remote/login?lang=en [125:root:ec]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:ec]rmt_web_get_access_cache:758 invalid cache, ret=4103 [125:root:ec]req: /css/main-blue.css [125:root:ec]mza: 0x25539a0 /css/main-blue.css [125:root:ed]allocSSLConn:281 sconn 0x7f0475dd1000 (0:root) [125:root:ed]SSL state:before SSL initialization (192.168.1.2) [125:root:ed]SSL state:before SSL initialization (192.168.1.2) [125:root:ed]client cert requirement: no [125:root:ed]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:ed]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:ed]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:ed]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ee]allocSSLConn:281 sconn 0x7f0475c50000 (0:root) [125:root:ed]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dd1000. [125:root:ed]Destroy sconn 0x7f0475dd1000, connSize=2. (root) [125:root:ef]allocSSLConn:281 sconn 0x7f0475dd1000 (0:root) [125:root:ee]SSL state:before SSL initialization (192.168.1.2) [125:root:ee]SSL state:before SSL initialization (192.168.1.2) [125:root:ee]client cert requirement: no [125:root:ee]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:ee]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:ee]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:ee]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ef]SSL state:before SSL initialization (192.168.1.2) [125:root:ef]SSL state:before SSL initialization (192.168.1.2) [125:root:ef]client cert requirement: no [125:root:ef]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:ef]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:ef]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:ef]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:f0]allocSSLConn:281 sconn 0x7f0475dd4400 (0:root) [125:root:ef]sslvpn_read_request_common,639, ret=-1 error=-1, sconn=0x7f0475dd1000. [125:root:ef]Destroy sconn 0x7f0475dd1000, connSize=3. (root) [125:root:ee]req: /sslvpn/js/login.js?q=5ab9372677fde45ab6 [125:root:ee]mza: 0x25539b0 /sslvpn/js/login.js [125:root:f0]SSL state:before SSL initialization (192.168.1.2) [125:root:f0]SSL state:before SSL initialization (192.168.1.2) [125:root:f0]client cert requirement: no [125:root:f0]SSL state:SSLv3/TLS read client hello (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS write server hello (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS write change cipher spec (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS write finished:system lib(192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS write finished (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS read change cipher spec (192.168.1.2) [125:root:f0]SSL state:SSLv3/TLS read finished (192.168.1.2) [125:root:f0]SSL state:SSL negotiation finished successfully (192.168.1.2) [125:root:f0]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 [125:root:ee]req: /remote/fgt_lang?lang=en [125:root:ee]req: /remote/logincheck [125:root:ee]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:ee]rmt_web_access_check:684 access failed, uri=[/remote/logincheck],ret=4103, [125:root:ee]rmt_logincheck_cb_handler:965 user 'user_vpn' has a matched local entry. [125:root:ee]sslvpn_auth_check_usrgroup:1773 forming user/group list from policy. [125:root:ee]sslvpn_auth_check_usrgroup:1815 got user (1) group (0:0). [125:root:ee]sslvpn_validate_user_group_list:1443 validating with SSL VPN authentication rules (2), realm (). [125:root:ee]sslvpn_validate_user_group_list:1491 checking rule 1 cipher. [125:root:ee]sslvpn_validate_user_group_list:1499 checking rule 1 realm. [125:root:ee]sslvpn_validate_user_group_list:1510 checking rule 1 source intf. [125:root:ee]sslvpn_validate_user_group_list:1549 checking rule 1 vd source intf. [125:root:ee]sslvpn_validate_user_group_list:1621 rule 1 done, got user (0) group (0:0). [125:root:ee]sslvpn_validate_user_group_list:1491 checking rule 2 cipher. [125:root:ee]sslvpn_validate_user_group_list:1499 checking rule 2 realm. [125:root:ee]sslvpn_validate_user_group_list:1510 checking rule 2 source intf. [125:root:ee]sslvpn_validate_user_group_list:1621 rule 2 done, got user (0) group (0:0). [125:root:ee]sslvpn_validate_user_group_list:1709 got user (1), group (0:0). [125:root:ee]two factor check for user_vpn: off [125:root:ee]sslvpn_authenticate_user:169 authenticate user: [user_vpn] [125:root:ee]sslvpn_authenticate_user:176 create fam state [125:root:ee]fam_auth_send_req:575 with server blacklist: [125:root:ee]fam_auth_send_req:685 clear local user flag and do authentication again. [125:root:ee]fam_auth_send_req:575 with server blacklist: [125:root:ee]fam_auth_send_req:695 task finished with 5 [125:root:ee]login_failed:330 user[user_vpn],auth_type=0 failed [sslvpn_login_unknown_user] [125:root:0]dump_one_blocklist:83 status=1;host=192.168.1.2;fails=1;logintime=1564767960 [125:root:ee]req: /remote/login?&err=sslvpn_login_permissi [125:root:ee]rmt_web_auth_info_parser_common:441 no session id in auth info [125:root:ee]rmt_web_get_access_cache:758 invalid cache, ret=4103 [125:root:ee]req: /css/main-blue.css [125:root:ee]mza: 0x25539a0 /css/main-blue.css [125:root:ec]req: /sslvpn/js/login.js?q=5ab9372677fde45ab6 [125:root:ec]mza: 0x25539b0 /sslvpn/js/login.js [125:root:f0]req: /remote/fgt_lang?lang=en


    I appreciate who can help me.
    Thank You!
  • 0 REPLIES 0
    Labels
    Top Kudoed Authors