topic Re: Unable to authenticate user to GlobalProtect using OpenLDAP in GlobalProtect Discussions

Unable to authenticate user to GlobalProtect using OpenLDAP

Jee.Khai — Thu, 08 Sep 2022 07:34:21 GMT

i've configured the LDAP profile, Authentication profile, User-ID Mapping, GP Portal and Gateway.

But when i use a user from the 'mapped-group', the globalprotect gave me 'authentication failed'

Please advice. TQ

Re: Unable to authenticate user to GlobalProtect using OpenLDAP

BPry — Thu, 08 Sep 2022 20:40:33 GMT

Have you actually validated the authentication profile that you're using by running the test authentication authentication-profile command and verified that this is working properly? You should also verify in the logs the actual failure reason being documented by the firewall.

Re: Unable to authenticate user to GlobalProtect using OpenLDAP

Jee.Khai — Fri, 09 Sep 2022 06:57:52 GMT

Hi, thanks for the feedback. I've checked by running the command and there's no problem here.

After doing more research, it appears that the settings on Authentication Profile, Portal and Gateway do not play nice with the 'ou=people,dc=domain,dc=local' as 'source user'. GlobalProtect connection will show 'Authentication Failed' with this setting.

But when i changed this to 'all' or 'any' on Authentication Profile, Portal and Gateway, GlobalProtect connection using the user 'dpot' works without any issue.

Please refer to the following screen shots;

User Mapping

Authentication ProfileGateway SettingPortal Setting

Perhaps you have any idea why?