Authentication - domain server connection fails

Firebox M270
Version 12.6.2.B6311387
We have several customers with Firebox devices (T15, T30, M270)
Our standard setup includes adding domain authentication.
Via the GUI we do the following
Authentication
Servers
Active Directory
and add the active directory domain name, Enable secure SSL connections to your Active Directory server (LDAPS) is left unticked.
Normally after adding the active directory as an authentication server we run the "Test connection for LDAP and active directory" using an admin account.
This is a very simple configuration and test but on one customer (the Firebox M270) the test connection fails.

Results
Connect to server: Failed (can't connect to aohl.co.uk[server is down or unreachable])

Log in (bind): Failed (unknown)

Get group membership:

Any thoughts on how to troubleshoot / resolve this issue.
Thanks in advance
Willy

Comments

  • edited December 2020

    Verify that your firewall can resolve aohl.co.uk.

    You could enable logging of packets sent from the firewall temporarily, which may show something to help in Traffic Monitor.
    In the Web UI: System -> Logging -> select "Enable logging for traffic sent from this device"

    A packet capture on your AD server might also show something.

  • I have the same problem with the latest watchguard version release. 12.6.3.B633764

  • I fixed it. You must go to the Web UI: AUTHENTICATION -> Servers -> Active Directory then edit your server and uncheck Enable LDAPS. The correct connection port is 389.

    Try again in TEST CONNECTION FOR LDAP AND ACTIVE DIRECTORY and the result will be Connect to server: Ok

Sign In to comment.