- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-17-2013 01:21 AM
Hi,
I been having trouble with GP authentication using LDAP server..
It seems like if i didnt set the SSL on the LDAP configuration, the AD is not able to communicate with the PAN..
Even if i did set both of non SSL or SSL, it still didnt show any users and authentication at GP page failed..
tail mp-log useridd.log
Jan 17 16:56:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind() failed
Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed
Jan 17 16:56:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg Pixart-AD failed connecting to server 10.12.1.1 index 0
Jan 17 16:56:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed
Jan 17 16:57:24 connected to ldap server ldap://10.12.1.1
Jan 17 16:57:24 Error: pan_ldap_bind_simple(pan_ldap.c:431): ldap_sasl_bind result return(8) : Strong(er) authentication required
Jan 17 16:57:24 Error: pan_ldap_ctrl_connect(pan_ldap_ctrl.c:795): pan_ldap_bind() failed
Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:786): pan_ldap_ctrl_connect(XXX-AD, 10.12.1.1:389) failed
Jan 17 16:57:24 Error: pan_gm_data_connect_ctrl(pan_group_mapping.c:853): ldap cfg XXX-AD failed connecting to server 10.12.1.1 index 0
Jan 17 16:57:24 Error: pan_gm_data_ldap_proc(pan_group_mapping.c:1168): pan_gm_data_connect_ctrl() failed
It stated that this connection need stronger authentication... What does this means? My password is only simple for the AD bind password.
I try use LDAP communication testing software, it i didnt set SSL authentication,it will shows me error (Stronger authentication required) just same as PAN log.
Is anyone encountered this before?
01-17-2013 07:35 AM
Do you have a certificate installed on your domain controller ?
The certificate is needed to create the SSL tunnel.
01-17-2013 07:45 AM
Possibly your AD server prohibits plain text auth (simple bind). Modify server config to allow simple bind or setup SSL. Defer to your Server Team for assistance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!