Options

Cannot connect to the external identity

zertekzertek
in AuthPoint - General

Hi there,

I am scratching my head with this connectivity issue.

External identity Check connection gives "Cannot connect to the external identity".

The Gateway is ok (green dot) and has de external identity associated as ldap.

The external identity settings seem ok, proper syntax (domain.local dc=domain,dc=local), user and pw is using administrator account (I can test that account ok in the firebox authentication servers ldap). Actually I got it working with those settings before but now is not working anymore, I've deleted and redo the whole thing a couple of times but no avail

The log in the DC server is giving this errors

ldapSync.application.log

2024-03-15 12:52:40 INFO [https-jsse-nio-9002-exec-1] c.w.a.p.a.l.s.b.s.TestConnectivityService - Connectivity test request received - LDAPId: 17876. - Request-Id: 1-65f43661-2474646a214f6f7205861a39
2024-03-15 12:52:40 ERROR [https-jsse-nio-9002-exec-1] c.w.a.p.a.l.s.b.s.TestConnectivityService - Connectivity test failed - LDAPId: 17876 - Cause: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4f7c ] - Request-Id: 1-65f43661-2474646a214f6f7205861a39

gateway.application.log

2024-03-15 12:52:40 INFO [IoT-General-1] c.w.a.p.a.gateway.iot.IotExecutor - LDAP connectivity test message received.
2024-03-15 12:52:40 INFO [IoT-General-1] c.w.a.p.a.g.i.c.ConnectivityTestHandler - Processing connectivity test message. TransactionId: e09df51a-3cec-4069-aeee-4ecf49e2aec4, LdapId: 17876 - Request-Id: 1-65f43661-2474646a214f6f7205861a39
2024-03-15 12:52:40 INFO [IoT-General-1] c.w.a.p.a.g.h.l.LdapAgentHttpClient - Sending connectivity test to LDAP agent. - Request-Id: 1-65f43661-2474646a214f6f7205861a39
2024-03-15 12:52:40 INFO [IoT-General-1] c.w.a.p.a.g.c.r.RestTemplateResponseErrorHandler - HTTP status code: 400 BAD_REQUEST. - Request-Id: 1-65f43661-2474646a214f6f7205861a39
2024-03-15 12:52:40 INFO [IoT-General-1] c.w.a.p.a.g.h.g.GatewayServiceHttpClient - Sending connectivity test result to Gateway Service. - Request-Id: 1-65f43661-2474646a214f6f7205861a39

Any ideas, anybody?

Thanks in advance

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    In application.log, we're getting an error response back from your LDAP server:
    AcceptSecurityContext error, data 52e, v4f7c
    (52e is invalid credentials, which is about as generic as these errors can be.)

    I would suggest checking the logs on your LDAP server - they may have more information.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.