AuthPoint fail to start ldap binding
I've setup AuthPoint, and it works with Office 365 but I've got this error whit VPN SSL in traffic monitor
admd admLocalLdapStart: ldap binding failed, msgId=-1, err=(null) Debug
admd ready to end authentication session with error code 48 Debug
wgcgi SSL VPN user [email protected] from x.x.x.x was rejected - fail to start ldap binding. Debug
wgcgi User not authenticated Debug
I've made sure the group in FB was the same as in AuthPoint group
Wondering if someone can give me a hint before opening a case with WG.
Thanks,
0
Sign In to comment.
Comments
Hi @Doum88
The firewall is unable to complete the bind operation (which is a login in LDAP, basically.)
I would suggest checking your authentication logs for your AD domain (on AD itself) to see if there's a reason that the bind is being rejected by the server.
-James Carson
WatchGuard Customer Support
The LDAP test success in the WebUI and nowhere in the doc it ask for a functional LDAP but I’ve double check my Active Directory integration and it works.
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ssl-vpn-radius_authpoint.html
The logs I’ve put in my first post are the only one related I see related to my issue.
It’s strange MFA works with O365 but I got a BIND error for SSL VPN
The LDAP test in the webui is a simple bind from the firewall itself -- authpoint will attempt the bind from the gateway. They're two separate functions.
If you're not able to determine the cause, I'd suggest a support case.
-James Carson
WatchGuard Customer Support
If the values are incomplete or incorrect, the Bind request fails and you see the LDAP binding not successful message in your log files. If you receive this error, look at your Active Directory server settings and make sure you have configured the Search Base and DN of Searching User text boxes correctly.
WG support found the issue. The Firebox DNS was pointing to an external DNS. Changing it for AD DNS fixes the LDAP Bind issue.