AD/LDAP Server authentication

sajens — Fri, 26 Aug 2011 14:03:51 GMT

Does anyone have any tips for getting AD/LDAP bind request working at the server. I have the PaloAlto sending and receiving the bind request to authenticate, but the server reply packet says the credentials are invalid (error code 52e - invalid credential). My AD server administrator says the requests aren't making it to the server, but I have the packet traces to show they are sent and received by the PAN. Are there any aditional options to enable debugging at the server or are there additional options which need to be enabled in the AD server to allow LDAP interfacing. I realize this isn't a PAN issue, but I am exhausing all options.

Re: AD/LDAP Server authentication

bpappas — Mon, 29 Aug 2011 19:58:41 GMT

@sajens:

as you point out this is most likely an issue with the AD server, but one last test you might run is to bind to LDAP with a username and password that do not contain any special characters (just to rule out this as a source of the issue).

Once you have done that I would do a packet capture on the AD server to demonstrate to the AD admin that the packets are being sent and processed by the LDAP portion of AD.

-Benjamin

topic AD/LDAP Server authentication in General Topics

AD/LDAP Server authentication

Re: AD/LDAP Server authentication