Helpful ReplyHot!Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003)

Author
alaurent
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/09/01 09:46:53
  • Status: offline
2017/09/04 05:19:51 (permalink)
0

Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003)

I can not configure an LDAP Server on an FG-60E with FortiOS 5.6
 
I am trying to set up an FSSO from an FG-60E and a Windows Server 2003, but I can not add the LDAP server.
 
After placing the IP of the Windows 2003 Server, as well as the user and password of the domain administrator, when doing Browser to identify the Distinguished Name, the system indicates: "Invalid LDAP server"
 
If I put the Distinguished Name manually, and try to test the connection, it says "Invalid credentials"
 
All this despite the IP of the server is correct, as well as the user and password, which I am placing flat:
User = Administrator
Key = #####
 
Waiting for your comments
#1
alago
New Member
  • Total Posts : 20
  • Scores: 5
  • Reward points: 0
  • Joined: 2017/06/04 11:45:32
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/04 05:57:04 (permalink)
0
Hi alaurent,
 
If you use Distinguished Name as your Common Name Identifier you have to change your user to DN Format which is something like this: CN=User Name, OU=Users, DC=contoso, DC=com
 
If you want to use the user account name your have to change the common name identifier to sAMAccountName.
 
Hope it helps.
 
 

 

 
 
#2
alaurent
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/09/01 09:46:53
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/04 08:15:24 (permalink)
0
The Windows Server and the FG are in the same network, so there are no comunication limitations
 
My FG configurations is:
Name: Local_LDAP
Server IP/Name 192.168.1.29
Server Port: 389
Common Name Identifier: cn
Distinguished Name: DC=comapny1,DC=company,DC=com
Bind Type: Regular
Username: Administrator
Password: ••••••••
 
From de Windows Server
C:\Documents and Settings\>dsquery user
"CN=Administrator,CN=Users,DC=company1,DC=company,DC=com"
#3
alago
New Member
  • Total Posts : 20
  • Scores: 5
  • Reward points: 0
  • Joined: 2017/06/04 11:45:32
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/04 09:27:26 (permalink)
0
Did You tried change the Common name identifier as i suggested?

Change It from CN to sAMAccountName and you'll be just fine.
#4
alaurent
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/09/01 09:46:53
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/04 11:35:13 (permalink)
0
Yes I tried, but same error
 
Conf 1:
Name: Local_LDAP
Server IP/Name 192.168.1.29
Server Port: 389
Common Name Identifier: cn
Distinguished Name: DC=comapny1,DC=company,DC=com
Bind Type: Regular
Username: cn=Administrator,CN=Users,DC=comapny1,DC=company,DC=com
Password: ••••••••
 
Conf2:
Name: Local_LDAP
Server IP/Name 192.168.1.29
Server Port: 389
Common Name Identifier: sAMAccountName
Distinguished Name: DC=comapny1,DC=company,DC=com
Bind Type: Regular
Username: Administrator
Password: ••••••••
 
 
#5
alago
New Member
  • Total Posts : 20
  • Scores: 5
  • Reward points: 0
  • Joined: 2017/06/04 11:45:32
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/04 12:56:04 (permalink)
0
Hi!
 
Try to telnet your LDAP from fortigate using: execute telnet 192.168.1.29 389
 
if it doesnt work, it is probably the windows firewall or some antivirus blocking the connection. If it does we can dig more into this problem.
#6
Seppel
Silver Member
  • Total Posts : 70
  • Scores: 10
  • Reward points: 0
  • Joined: 2004/06/22 14:02:34
  • Location: Switzerland
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/05 00:17:46 (permalink) ☄ Helpfulby nick22d 2018/05/05 01:31:05
5 (1)
Hi
 
Please try Username with Domain in front
username: domain\administrator
 
regards

Fortigate 500E HA / 5.6.X
Fortimail 200E HA / 5.4.X
Fortimanager
FortiEMS / 1.2.X
FortiSandbox 1000D
Some other Models in use :-)
----------------------------------------------------
FCSE
----------------------------------------------------
#7
alaurent
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/09/01 09:46:53
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/12 08:58:47 (permalink) ☄ Helpfulby nick22d 2018/05/05 01:31:16
5 (1)
Hello
 
The domain\username solve the problem.
 
Final conf:
Name: Local_LDAP
Server IP/Name 192.168.1.29
Server Port: 389
Common Name Identifier: sAMAccountName
Distinguished Name: DC=comapny1,DC=company,DC=com
Bind Type: Regular
Username: domain\username
Password: ••••••••
 
Thanks
 
 
 
#8
alago
New Member
  • Total Posts : 20
  • Scores: 5
  • Reward points: 0
  • Joined: 2017/06/04 11:45:32
  • Status: offline
Re: Unable to add a LDAP Server (FOS 5.6 to Windows Server 2003) 2017/09/12 13:47:01 (permalink)
0
Good to Know!
 
Best Regards
#9
Jump to:
© 2018 APG vNext Commercial Version 5.5