Hot!User unable to connect to VPN - unknow user

Author
zorg1983
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/05/04 00:46:43
  • Status: offline
2015/05/05 03:12:22 (permalink)
0

User unable to connect to VPN - unknow user

Hello All,
 
I have a strange issue , i have a Fortigate 500D , with LDAP server configured .
 
I have a user X who can't the VPN. once he tries to connect it gives the error - Permission denied.
 
All other users from the same container in the AD are able to connect. only this user.
 
I tried to reset the password , unlocked the account . nothing.
 
Any suggestions?
 
Joe.
#1

9 Replies Related Threads

    Ralph1973
    Gold Member
    • Total Posts : 169
    • Scores: 9
    • Reward points: 0
    • Joined: 2012/02/03 06:50:33
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/05/05 04:04:50 (permalink)
    0
    Hi try to troubleshoot the sslvpn connection by debugging it to see what happens
     
    and test whether the authentication works, by using the following examples
    • ssl vpn ldap authenticatie
    test ldap auth met ldap server
    diag test authserver ldap "KA.companyname.local" "user1" "password123"
    • sslvpn debuggen
    diagnose debug application sslvpn -1
    • authenticatie debuggen
    dia deb app fnbamd 255
    dia deb console
    dia deb en
     
    Hopefully this makes things clear to you
     
    Kind regards,
    Ralph Willemsen
    #2
    zorg1983
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/04 00:46:43
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/05/05 04:58:21 (permalink)
    0
    Ralph
     
    This is what i got:
     
    fnbamd_ldap.c[485] get_all_dn-Found 1 DN's
    fnbamd_ldap.c[519] start_next_dn_bind-Trying DN 1:CN=משען אירית,OU=מח' מיחשוב ומערכות מידע,OU=בניין העירייה.נודאו 17,OU=משתמשים,DC=bat-yam,DC=local
    fnbamd_ldap.c[1778] fnbamd_ldap_get_result-Going to USERBIND state
    fnbamd_fsm.c[2473] auth_ldap_result-Continue pending for req 1903
    fnbamd_ldap.c[503] start_next_dn_bind-No more DN left
    fnbamd_ldap.c[2025] fnbamd_ldap_get_result-Auth denied
    fnbamd_auth.c[2351] fnbamd_auth_poll_ldap-Result for ldap svr 10.21.21.210 is denied
    fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 1 for req 1903
    fnbamd_fsm.c[565] destroy_auth_session-delete session 1903
    [94:root:3788]fam_auth_send_req:514 with server blacklist: #bat-yam_DC
    [94:root:3788]fnbamd_fsm.c[1879] handle_req-Rcvd auth req 1904 for irit in BAT_VPN_Users opt=00000100 prot=10
    fnbamd_fsm.c[336] __compose_group_list_from_req-Group 'BAT_VPN_Users'
    fnbamd_pop3.c[573] fnbamd_pop3_start-irit
    fnbamd_auth.c[303] radius_start-Didn't find radius servers (0)
    fnbamd_auth.c[688] auth_tac_plus_start-Didn't find tac_plus servers (0)
    fnbamd_auth.c[409] ldap_start-Didn't find ldap servers (0)
    fnbamd_fsm.c[417] create_auth_session-Error starting authentication
    fnbamd_fsm.c[1898] handle_req-Error creating session
    fnbamd_comm.c[169] fnbamd_comm_send_result-Sending result 3 for req 1904
    [94:root:3788]fam_auth_send_req:514 with server blacklist: #bat-yam_DC
    [94:root:3788]fam_auth_send_req:602 task finished with 5
    [94:root:3788]rmt_logincheck.c:250 user[irit],auth_type=1 failed [sslvpn_login_unknown_user]
    [94:root:0]rmt_websession.c:77 status=1;host=81.218.192.40;fails=1;logintime=1430826817
    [94:root:3788]rmt_authutil.c:418 no session id in auth info
    [94:root:3788]rmt_authutil.c:700 invalid cache, ret=4103
    [94:root:3788]Timeout for connection 0x2a98cc6c00.
    #3
    Ralph1973
    Gold Member
    • Total Posts : 169
    • Scores: 9
    • Reward points: 0
    • Joined: 2012/02/03 06:50:33
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/05/05 05:19:50 (permalink)
    0
    Hi, well it looks like your fortigate doesn't have access to the DC (ldap connection).
    Please also check whether there might be local users configured with same username?
     
    Regards,
    Ralph
    #4
    zorg1983
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/04 00:46:43
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/05/05 05:26:01 (permalink)
    0
    Ralph1973
    Hi, well it looks like your fortigate doesn't have access to the DC (ldap connection).
    Please also check whether there might be local users configured with same username?
     
    Regards,
    Ralph




     
    Hey,
     
    I just tested and the connection is successful .. also there is no local user with such name.
     
    Its weird.
     
    Joe.
    #5
    zorg1983
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/04 00:46:43
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/05/06 00:48:27 (permalink)
    0
    Problem solved. it was an issue with the user itself in the AD .
     
    Joe.
    #6
    JaapHoetmer
    Bronze Member
    • Total Posts : 56
    • Scores: 0
    • Reward points: 0
    • Joined: 2011/08/09 02:06:53
    • Location: Geneva, Switzerland
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2015/07/23 13:50:54 (permalink)
    0
    Hi there
     
    I had a similar issue and I found out that the user(s) need to be in a valid OU in Active Directory for it to work, they can't be in the Users folder. In Win2012 Essentials, users created via the Dashboard are by default created in the Users folder, strangely enough. They need to move to an OU before the Fotigate LDAP authentication can work.
     
    Cheers
    Jaap

    Kind regards,

    Jaap
    #7
    Anne
    Silver Member
    • Total Posts : 104
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/04/16 13:25:44
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2016/11/01 20:40:10 (permalink)
    0
    Hi Joe,
     
    I am running into a similar issue. Can you please update here how you fixed the issue?
     
    Thanks
    Anne
    #8
    michaeladriannewton
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/01/12 07:37:07
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2017/01/12 08:19:42 (permalink)
    0
    Hi Joe,
     
    Not really an answer to your question but just out of interest, what type of VPN are you using for your remote users with LDAP integration?
     
    I'm currently setting up an L2TP/IPsec VPN connection with LDAP user authentication but we little to no success so looking for another solution.
     
    Cheers
     
    Michael
    #9
    aaqibk
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/13 00:37:27
    • Status: offline
    Re: User unable to connect to VPN - unknow user 2019/03/13 03:09:41 (permalink)
    0
    [163:root:32]login_failed:260 user[test104],auth_type=1 failed [sslvpn_login_unknown_user]
     
    can anyone here explain this ? 
     
    The issue is happening with VPN connectivity with LDAP user. 
    #10
    Jump to:
    © 2019 APG vNext Commercial Version 5.5