https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27165#M19819 <HTML><HEAD></HEAD><BODY><P>Possibly your AD server prohibits plain text auth (simple bind). Modify server config to allow simple bind or setup SSL. Defer to your Server Team for assistance.</P></BODY></HTML> Thu, 17 Jan 2013 15:45:51 GMT gswcowboy 2013-01-17T15:45:51Z https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27163#M19817 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I been having trouble with GP authentication using LDAP server..</P><P>It seems like if i didnt set the SSL on the LDAP configuration, the AD is not able to communicate with the PAN..</P><P>Even if i did set both of non SSL or SSL, it still didnt show any users and authentication at GP page failed..</P><P></P><P>tail mp-log useridd.log</P><P>Jan 17 16:56:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind()&nbsp; failed</P><P>Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed</P><P>Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg Pixart-AD failed connecting to server 10.12.1.1 index 0</P><P>Jan 17 16:56:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed</P><P>Jan 17 16:57:24 connected to ldap server ldap://10.12.1.1</P><P>Jan 17 16:57:24 Error: pan_ldap_bind_simple(pan_ldap.c:431): ldap_sasl_bind result return(8) : Strong(er) authentication required</P><P>Jan 17 16:57:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind()&nbsp; failed</P><P>Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed</P><P>Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg XXX-AD failed connecting to server 10.12.1.1 index 0</P><P>Jan 17 16:57:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed</P><P></P><P>It stated that this connection need stronger authentication... What does this means? My password is only simple for the AD bind password.</P><P>I try use LDAP communication testing software, it i didnt set SSL authentication,it will shows me error (Stronger authentication required) just same as PAN log.</P><P>Is anyone encountered this before?</P></BODY></HTML> Thu, 17 Jan 2013 09:21:50 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27163#M19817 samsk 2013-01-17T09:21:50Z https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27164#M19818 <HTML><HEAD></HEAD><BODY><P>Do you have a certificate installed on your domain controller ?</P><P>The certificate is needed to create the SSL tunnel.</P></BODY></HTML> Thu, 17 Jan 2013 15:35:39 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27164#M19818 JohanL 2013-01-17T15:35:39Z https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27165#M19819 <HTML><HEAD></HEAD><BODY><P>Possibly your AD server prohibits plain text auth (simple bind). Modify server config to allow simple bind or setup SSL. Defer to your Server Team for assistance.</P></BODY></HTML> Thu, 17 Jan 2013 15:45:51 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-global-protect-using-ldap-authentication/m-p/27165#M19819 gswcowboy 2013-01-17T15:45:51Z