LDAPS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

LDAPS

L1 Bithead

 I am in the process of setting up LDAPS on an 850. I created an LDAPS server profile and pinted it to our server for credentials. Aftr creating that, I set up an Authentication profile and Authentication sequence (wasnt sure if it was needed but the documentation said it was optional. I created an admin account that has the authentication profile in it. I am still unable to use my AD credentials. Do I need to make a security and authentication profile as well?

 

I also went in to the command line and tested the authentication profile. I get this error message:

 

Failed to create a session with LDAP server

Authentication failed against LDAP server at <ip address> for user "user"

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello @m.maldonado

 

thanks for posting.

 

To start with, could you go through this KB to perform basic diagnostic and collect more logs. The authd.log should give you ultimate answer what the problem is. Also make sure that Bind and Base DN are correct. Note: To use LDAPS you have to import certificates used by LDAPS server to Firewall to form LDAP over SSL session. If this server is part of the AD, then you should import to Firewall root, intermediate, site CA certificates to have full certificate trust.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

I realized I said profilies when I meant to say policies. Will those need to created as well?

Cyber Elite
Cyber Elite

Hello @m.maldonado

 

thank you for reply.

 

By default the LDAP is using management interface for this communication, therefore there is no security policy required to allow this traffic. Have you set up a service route for LDAP to communicate over data plane interfaces? The reference is in this KB Point No.3

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Hello,

Check the logs to see if/where the traffic is getting blocked. If allowed on the Palo Alto, it could the LDAPS server blocking you so check its firewall if it has one. Also try just LDAP as a test and see if that works.

Regards,

  • 1074 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!