AuthPoint fail to start ldap binding

Doum88Doum88
in AuthPoint - General

I've setup AuthPoint, and it works with Office 365 but I've got this error whit VPN SSL in traffic monitor

admd admLocalLdapStart: ldap binding failed, msgId=-1, err=(null) Debug
admd ready to end authentication session with error code 48 Debug
wgcgi SSL VPN user [email protected] from x.x.x.x was rejected - fail to start ldap binding. Debug
wgcgi User not authenticated Debug

I've made sure the group in FB was the same as in AuthPoint group

Wondering if someone can give me a hint before opening a case with WG.
Thanks,

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Doum88
    The firewall is unable to complete the bind operation (which is a login in LDAP, basically.)

    I would suggest checking your authentication logs for your AD domain (on AD itself) to see if there's a reason that the bind is being rejected by the server.

    -James Carson
    WatchGuard Customer Support

  • Doum88Doum88
    Hi @james.carson
    The LDAP test success in the WebUI and nowhere in the doc it ask for a functional LDAP but I’ve double check my Active Directory integration and it works.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ssl-vpn-radius_authpoint.html

    The logs I’ve put in my first post are the only one related I see related to my issue.

    It’s strange MFA works with O365 but I got a BIND error for SSL VPN
  • james.carsonjames.carson Moderator, WatchGuard Representative

    The LDAP test in the webui is a simple bind from the firewall itself -- authpoint will attempt the bind from the gateway. They're two separate functions.

    If you're not able to determine the cause, I'd suggest a support case.

    -James Carson
    WatchGuard Customer Support

  • paanjii2paanjii2
    edited September 18

    If the values are incomplete or incorrect, the Bind request fails and you see the LDAP binding not successful message in your log files. If you receive this error, look at your Active Directory server settings and make sure you have configured the Search Base and DN of Searching User text boxes correctly.
    myfiosgateway.com
    mobdro

  • Doum88Doum88

    WG support found the issue. The Firebox DNS was pointing to an external DNS. Changing it for AD DNS fixes the LDAP Bind issue.

    1. Add the local DNS server to the Firebox global DNS settings (Policy Manager > Network Configuration > DNS/WINS or web UI > Network > DNS/WINS). Please make it the first DNS server on the list.
Sign In to comment.