Secure LDAP fails to additional domain controllers
Hi
We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.
Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.
But when I try to authenticate towards our two additional domain controllers it fails.
Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>
The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?
Regards.
We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.
Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.
But when I try to authenticate towards our two additional domain controllers it fails.
Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>
The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?
Regards.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Hi
There is also an option for using STARTTLS in the Fortigate.
If I change to that with the two additional domain controllers, it works.
The weird thing is that when trying STARTTLS with our PDC, it fails.
I would like to be running STARTTLS or LDAPS for all 3 DC's.
The PDC is a 2012 server
Two additional DC's are: 2012 R2
Is there a difference in support pf STARTTLS or LDAPS in a 2012, 2012 R2 ?
There is also an option for using STARTTLS in the Fortigate.
If I change to that with the two additional domain controllers, it works.
The weird thing is that when trying STARTTLS with our PDC, it fails.
I would like to be running STARTTLS or LDAPS for all 3 DC's.
The PDC is a 2012 server
Two additional DC's are: 2012 R2
Is there a difference in support pf STARTTLS or LDAPS in a 2012, 2012 R2 ?
Hi
Read up on this a bit more.
AS far as I get it. Our PDC get certificate and LDAPS enabled automatically as it has the CA role.
Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates
What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?
Regards.
Read up on this a bit more.
AS far as I get it. Our PDC get certificate and LDAPS enabled automatically as it has the CA role.
Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates
What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?
Regards.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Join our community and discover your potential
Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.
*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.