Peter Wilson
asked on
LDAP Sending RST
Hi Experts,
I have an ldap to vpn configuration in my firewall and the ldap server, which is my active dir. server.
When I do a packet capture I see the request go to the ldap server and then the ldap server sends a RST (reset).
Server 2012r2
Thx.
I have an ldap to vpn configuration in my firewall and the ldap server, which is my active dir. server.
When I do a packet capture I see the request go to the ldap server and then the ldap server sends a RST (reset).
Server 2012r2
Thx.
Hi there,
Kindly confirm the firewall being used.
Is the client and the server on the different security zone interfaces on the firewall?
if yes, kindly verify the corresponding time stamp logs on the firewall.
Kindly confirm the firewall being used.
Is the client and the server on the different security zone interfaces on the firewall?
if yes, kindly verify the corresponding time stamp logs on the firewall.
ASKER
yes ldap works with the firewall.
sonic wall is the firewall, same zone/interface. timestamps are good.
sonic wall is the firewall, same zone/interface. timestamps are good.
Hi Peter,
There is not a lot of info to go on here, but I'll take a stab.
What model is the SonicWALL?
What port are you running LDAP on? If secured, is TLS or SSL enabled. Also if using secured on port 636 does your AD have a cert in the services store to encrypt the channel?
What is handling your authentication RADIUS or LDAP?
Can you successfully test a user in AD from the Test tab in the LDAP config?
What authentication do you have setup on the Users > Settings page next to User authentication method:, e.g. LDAP, LDAP + Local Users, RADIUS...?
Let me know how it goes!
There is not a lot of info to go on here, but I'll take a stab.
What model is the SonicWALL?
What port are you running LDAP on? If secured, is TLS or SSL enabled. Also if using secured on port 636 does your AD have a cert in the services store to encrypt the channel?
What is handling your authentication RADIUS or LDAP?
Can you successfully test a user in AD from the Test tab in the LDAP config?
What authentication do you have setup on the Users > Settings page next to User authentication method:, e.g. LDAP, LDAP + Local Users, RADIUS...?
Let me know how it goes!
ASKER
nsa5400
port3269, gcotls
I don't know what is authenticating but I setup radius too.
no, it fails says..busy, a test is already running.
ldap+users
port3269, gcotls
I don't know what is authenticating but I setup radius too.
no, it fails says..busy, a test is already running.
ldap+users
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
single domain & forest.
I don't know if my ad server has a cert. how do I check?
I can connect now thank you!!!!
I had upn in the distinguished name and 'user group memberships can be set locally by duplicating LDAP user names' was checked. Default LDAP User Group: was set to everyone.
I don't know if my ad server has a cert. how do I check?
I can connect now thank you!!!!
I had upn in the distinguished name and 'user group memberships can be set locally by duplicating LDAP user names' was checked. Default LDAP User Group: was set to everyone.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
there are no certs in the personal folder of my dc.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks for the points...glad I could help!
BTW, does the LDAP server actually work with he firewall?