Link to home
Start Free TrialLog in
Avatar of Peter Wilson
Peter WilsonFlag for France

asked on

LDAP Sending RST

Hi Experts,

I have an ldap to vpn configuration in my firewall and the ldap server, which is my active dir. server.

When I do a packet capture I see the request go to the ldap server and then the ldap server sends a RST (reset).

Server 2012r2

Thx.
Avatar of bbao
bbao
Flag of Australia image

better have a screenshot of log lines showing the full details.

BTW, does the LDAP server actually work with he firewall?
Hi there,

Kindly confirm the firewall being used.
Is the client and the server on the different security zone interfaces on the firewall?
if yes, kindly verify the corresponding time stamp logs on the firewall.
Avatar of Peter Wilson

ASKER

yes ldap works with the firewall.

sonic wall is the firewall, same zone/interface. timestamps are good.
Hi Peter,

There is not a lot of info to go on here, but I'll take a stab.

What model is the SonicWALL?

What port are you running LDAP on? If secured, is TLS or SSL enabled. Also if using secured on port 636 does your AD have a cert in the services store to encrypt the channel?

What is handling your authentication RADIUS or LDAP?

Can you successfully test a user in AD from the Test tab in the LDAP config?

What authentication do you have setup on the Users > Settings page next to User authentication method:, e.g. LDAP, LDAP + Local Users, RADIUS...?

Let me know how it goes!
nsa5400
port3269, gcotls
I don't know what is authenticating but I setup radius too.
no, it fails says..busy, a test is already running.
ldap+users
ASKER CERTIFIED SOLUTION
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
single domain & forest.
I don't know if my ad server has a cert. how do I check?

I can connect now thank you!!!!

I had upn in the distinguished name and 'user group memberships can be set locally by duplicating LDAP user names' was checked. Default LDAP User Group: was set to everyone.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
there are no certs in the personal folder of my dc.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the points...glad I could help!