GlobalProtect LDAP Authentication Fails

Reply
L3 Networker

GlobalProtect LDAP Authentication Fails

I have succesfully set up local login for GP but struggling to set up LDAP authentication. The CLI test says that its succesfull, but it fails whne using GP

 

Any tips please?

L3 Networker

Re: GlobalProtect LDAP Authentication Fails

my specific error now is:

 

GlobalProtect gateway client configuration failed. User name: MY.NAME Client OS version: Microsoft Windows 10 Enterprise , 64-bit, error: Matching client config not found.

 

Also this is not letting me change to local login, the GP client locks down to using my domain username

L3 Networker

Re: GlobalProtect LDAP Authentication Fails

New Error:

You are not authorised to connect to globalprotect portal

L7 Applicator

Re: GlobalProtect LDAP Authentication Fails

@welly_59,

Doesn't really seem like it's failing at LDAP auth, sounds like you haven't configured a client config in the gateway configuration (or it isn't configured properly). Might want to verify that you have properly setup the client configuration and then verify that the 'Client Authentication' settings that you've configured on the Gateway are setup properly. 

L6 Presenter

Re: GlobalProtect LDAP Authentication Fails

Is your GP portal config restricted to certain users.... perhaps a group...  if so... try changing to “all”.

L3 Networker

Re: GlobalProtect LDAP Authentication Fails

It is set to certain groups. I can log into the web portal with ldap credentials no problem but I then get the error that there is no matching client config.

I’ll tale some screenshots tomorrow of my config if you guys will be good enough to assist
L3 Networker

Re: GlobalProtect LDAP Authentication Fails

IMG_20180702_212832.jpgIMG_20180702_213133.jpgIMG_20180702_213417.jpgIMG_20180702_213519.jpg

 

Could someone please take a look at my comfigs and see where I am going wrong? Local authenticated users work fine but I get a variety of errors when I authenticate with LDAP, ranging from no client config available to not authorized to access portal depending on what I change in these settings

L6 Presenter

Re: GlobalProtect LDAP Authentication Fails

firstly, do you have the same group settings in portal agent, i can only see gateway agent?

 

so....

 

from cli.

 

show user group list

 

this should display all relative groups and hopefully you will see the one thats blanked out in you agent config.

 

then...

 

show user group name "<the relevant group from above>"

 

this will list all known members of that group. If you check on the gui monitor/system you can see the user authenticating, make sure that user can be seen in the group within cli. 

Highlighted
L3 Networker

Re: GlobalProtect LDAP Authentication Fails

Got to the bottom of it......

I had not added allowed groups in the group mapping section.
L6 Presenter

Re: GlobalProtect LDAP Authentication Fails

Nice one Mr Welly...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!