Link to home
Start Free TrialLog in
Avatar of Lenblock
Lenblock

asked on

Secure LDAP fails to additional domain controllers

Hi

We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.

Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.

But when I try to authenticate towards our two additional domain controllers it fails.

Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>

The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?


Regards.
SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Lenblock
Lenblock

ASKER

Hi

There is also an option for using STARTTLS in the Fortigate.
If I change to that with the two additional domain controllers, it works.
The weird thing is that when trying STARTTLS with our PDC, it fails.

I would like to be running STARTTLS or LDAPS for all 3 DC's.

The PDC is a 2012 server
Two additional DC's are: 2012 R2

Is there a difference in support pf STARTTLS or LDAPS in a 2012, 2012 R2 ?
Hi

Read up on this a bit more.
AS far as I get it. Our PDC  get certificate and LDAPS enabled automatically as it has the CA role.

Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates

What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?

Regards.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial