Options

Problems With Specific User When Try to test Active Directory

BrunoMaioBrunoMaio
in Firebox - Authentication

Hi,

When I try to test the authentication process in Active Directory, I receive this error

" is not authenticated[search binding error, check your searching username or password])"

This error only append with 3 user, all the other 100 users don't have this problem.

Best Regards,

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @BrunoMaio

    Under most circumstances (if you're using sAMaccountname, which is the default option) the user that is attempting to authenticate is the binding user. If the AD server is returning that the password is incorrect, and other users are able to authenticate, that is most often the issue.
    If you're sure the username and password are correct, check the authentication logs on your AD/LDAP server for more information. There will likely be a more detailed reason for the deny there.

    If an external authentication server is in use, the firewall passes the authentication to that server, and passes the response back. If your other users are working, that suggests the problem is likely somewhere at the auth server.

    -James Carson
    WatchGuard Customer Support

  • Options
    BrunoMaioBrunoMaio

    Hi @james.carson

    This client has four domain controllers and all respond to LDAP requests, I have already tested changing the configuration to request the requests to the four DC but, the answer is always the same.
    I am 100% sure that the username and password are correct.
    In fact, the client in question has Authpoint, if I try to authenticate by Authpoint, for example via IDPortal, I do not have this authentication problem. The problem only occurs when the firebox tries to authenticate directly in AD.

    Best Regards,

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @BrunoMaio The LDAP server is still going to be the one responding to that request and issuing the deny. The firewall is only showing you the response from it.
    If you want to verify this, you can run a packet capture (tcpdump) looking for port 389

    -i interface host IP and port number
    for example, -i eth1 host 10.0.1.250 and port 389

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html

    The issue may be due to group, the OU the user is in, or even group policy applied to that user. Looking at the logs on your LDAP server is the only way you're going to be able to find more information.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.