asked on
Secure LDAP fails to additional domain controllers
Hi
We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.
Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.
But when I try to authenticate towards our two additional domain controllers it fails.
Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>
The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?
Regards.
We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.
Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.
But when I try to authenticate towards our two additional domain controllers it fails.
Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>
The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?
Regards.
Active Directory
Last Comment
Mahesh
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi
Read up on this a bit more.
AS far as I get it. Our PDC get certificate and LDAPS enabled automatically as it has the CA role.
Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates
What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?
Regards.
Read up on this a bit more.
AS far as I get it. Our PDC get certificate and LDAPS enabled automatically as it has the CA role.
Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates
What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?
Regards.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
There is also an option for using STARTTLS in the Fortigate.
If I change to that with the two additional domain controllers, it works.
The weird thing is that when trying STARTTLS with our PDC, it fails.
I would like to be running STARTTLS or LDAPS for all 3 DC's.
The PDC is a 2012 server
Two additional DC's are: 2012 R2
Is there a difference in support pf STARTTLS or LDAPS in a 2012, 2012 R2 ?