This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

LDAPS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

LDAPS

m.maldonado
L1 Bithead

‎07-13-2023 08:50 AM

 I am in the process of setting up LDAPS on an 850. I created an LDAPS server profile and pinted it to our server for credentials. Aftr creating that, I set up an Authentication profile and Authentication sequence (wasnt sure if it was needed but the documentation said it was optional. I created an admin account that has the authentication profile in it. I am still unable to use my AD credentials. Do I need to make a security and authentication profile as well?

 

I also went in to the command line and tested the authentication profile. I get this error message:

 

Failed to create a session with LDAP server

Authentication failed against LDAP server at <ip address> for user "user"

0 Likes Likes
4 REPLIES 4

PavelK
Cyber Elite
Cyber Elite

‎07-13-2023 02:23 PM

Hello @m.maldonado

 

thanks for posting.

 

To start with, could you go through this KB to perform basic diagnostic and collect more logs. The authd.log should give you ultimate answer what the problem is. Also make sure that Bind and Base DN are correct. Note: To use LDAPS you have to import certificates used by LDAPS server to Firewall to form LDAP over SSL session. If this server is part of the AD, then you should import to Firewall root, intermediate, site CA certificates to have full certificate trust.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

m.maldonado
L1 Bithead
In response to PavelK

‎07-13-2023 02:36 PM

I realized I said profilies when I meant to say policies. Will those need to created as well?

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎07-13-2023 02:41 PM

Hello @m.maldonado

 

thank you for reply.

 

By default the LDAP is using management interface for this communication, therefore there is no security policy required to allow this traffic. Have you set up a service route for LDAP to communicate over data plane interfaces? The reference is in this KB Point No.3

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite

‎07-14-2023 08:09 AM

Hello,

Check the logs to see if/where the traffic is getting blocked. If allowed on the Palo Alto, it could the LDAPS server blocking you so check its firewall if it has one. Also try just LDAP as a test and see if that works.

Regards,

0 Likes Likes
  • 1544 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks