Help on Global Protect using LDAP Authentication..

cancel
Showing results for 
Search instead for 
Did you mean: 

Help on Global Protect using LDAP Authentication..

Not applicable

Hi,

I been having trouble with GP authentication using LDAP server..

It seems like if i didnt set the SSL on the LDAP configuration, the AD is not able to communicate with the PAN..

Even if i did set both of non SSL or SSL, it still didnt show any users and authentication at GP page failed..

tail mp-log useridd.log

Jan 17 16:56:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind()  failed

Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed

Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg Pixart-AD failed connecting to server 10.12.1.1 index 0

Jan 17 16:56:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed

Jan 17 16:57:24 connected to ldap server ldap://10.12.1.1

Jan 17 16:57:24 Error: pan_ldap_bind_simple(pan_ldap.c:431): ldap_sasl_bind result return(8) : Strong(er) authentication required

Jan 17 16:57:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind()  failed

Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed

Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg XXX-AD failed connecting to server 10.12.1.1 index 0

Jan 17 16:57:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed

It stated that this connection need stronger authentication... What does this means? My password is only simple for the AD bind password.

I try use LDAP communication testing software, it i didnt set SSL authentication,it will shows me error (Stronger authentication required) just same as PAN log.

Is anyone encountered this before?

2 REPLIES 2

L1 Bithead

Do you have a certificate installed on your domain controller ?

The certificate is needed to create the SSL tunnel.

L6 Presenter

Possibly your AD server prohibits plain text auth (simple bind). Modify server config to allow simple bind or setup SSL. Defer to your Server Team for assistance.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!