Hello,
I recently have an issue with LDAP authentication on SSLVPN.
On GUI I tried to test user credential and it's work but when I tried to debug fnamd application, the authentication failed with error 34 :
Forti-1 (SSL_VPN) # diagnose test authserver ldap LDAP_SOSM steve.fillatreau password [1936] handle_req-Rcvd auth req 1577524297 for steve.fillatreau in LDAP_SOSM opt=0000001b prot=0 [424] __compose_group_list_from_req-Group 'LDAP_SOSM', type 1 [616] fnbamd_pop3_start-steve.fillatreau [976] __fnbamd_cfg_get_ldap_list_by_server- [982] __fnbamd_cfg_get_ldap_list_by_server-Loaded LDAP server 'LDAP_SOSM' [1137] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 1 [1715] fnbamd_ldap_init-search filter is: sAMAccountName=steve.fillatreau [1724] fnbamd_ldap_init-search base is: DC=sosm\2C DC=lan [1146] __fnbamd_ldap_dns_cb-Resolved LDAP_SOSM:172.17.100.100 to 172.17.100.100, cur stack size:1 [919] __fnbamd_ldap_get_next_addr- [1152] __fnbamd_ldap_dns_cb-Connection starts LDAP_SOSM:172.17.100.100, addr 172.17.100.100 [874] __fnbamd_ldap_start_conn-Still connecting 172.17.100.100. [591] create_auth_session-Total 1 server(s) to try [1103] __ldap_connect-tcps_connect(172.17.100.100) is established. [981] __ldap_rxtx-state 3(Admin Binding) [320] __ldap_build_bind_req-Binding to 'SOSM\4G.auth' [1041] fnbamd_ldap_send-sending 40 bytes to 172.17.100.100 [1053] fnbamd_ldap_send-Request is sent. ID 1 [981] __ldap_rxtx-state 4(Admin Bind resp) [1084] __fnbamd_ldap_read-Read 8 [1084] __fnbamd_ldap_read-Read 14 [1264] fnbamd_ldap_recv-Response len: 16, svr: 172.17.100.100 [945] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:bind [980] fnbamd_ldap_parse_response-ret=0 [1048] __ldap_rxtx-Change state to 'DN search' [981] __ldap_rxtx-state 11(DN search) [708] fnbamd_ldap_build_dn_search_req-base:'DC=sosm\2C DC=lan' filter:sAMAccountName=steve.fillatreau [1041] fnbamd_ldap_send-sending 84 bytes to 172.17.100.100 [1053] fnbamd_ldap_send-Request is sent. ID 2 [981] __ldap_rxtx-state 12(DN search resp) [1084] __fnbamd_ldap_read-Read 8 [1084] __fnbamd_ldap_read-Read 94 [1264] fnbamd_ldap_recv-Response len: 96, svr: 172.17.100.100 [945] fnbamd_ldap_parse_response-Got one MESSAGE. ID:2, type:search-result [style="background-color: #ffff00;"][967] fnbamd_ldap_parse_response-Error 34(0000208F: LdapErr: DSID-0C090787, comment: Error processing name, data 0, v1db1)[/style] [980] fnbamd_ldap_parse_response-ret=34 [785] __ldap_done-svr 'LDAP_SOSM' [755] __ldap_destroy- [style="background-color: #ffff00;"][725] __ldap_stop-Conn with 172.17.100.100 destroyed.[/style] [217] fnbamd_comm_send_result-Sending result 1 (nid 0) for req 1577524297, len=1960 [747] destroy_auth_session-delete session 1577524297 [755] __ldap_destroy- [1721] fnbamd_ldap_auth_ctx_free-Freeing 'LDAP_SOSM' ctx authenticate 'steve.fillatreau' against 'LDAP_SOSM' failed!
I'm running FortiOS 6.4.2 and Windows Server 2008 R2.
Thank you.
Best regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello!
You must remove the spaces between the dc entries in the "distinguished name" field in the LDAP profile. For example, the field should contain the following entry: dc=domain,dc=local
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1734 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.