Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Roger_Manich
New Contributor

Error initializing SSL/TLS

Hi guys, 

I am trying to configure LDAP Authentication and there is an issue where I don't know where is the error.

 

- I configure LDAP Server on Fortinet which is Windows 2012 R2. 

- I add credentials for specific user myldap@mydomain and password. Bintype regular.

- Secure connection and STARTTLS.

- Test button works fine. If I can read the AD tree with no problems.

 

But when I try to test a user againt ldap I receive an error error initializing SSL/TLS (debug mode). All users cannot be authenticated fine. If I disable secure connection it works.

 

any ideas? I guess I need to do something in the server. But not sure.

 

thank you

 

Here the debug:

 

[2137] handle_req-Rcvd auth req 1935135789 for ldap-fortinet in XXXX opt=0000001b prot=0 [366] __compose_group_list_from_req-Group 'XXXX' [605] fnbamd_pop3_start-ldap-fortinet [1043] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'XXXX' [1552] fnbamd_ldap_init-search filter is: cn=ldap-fortinet [1561] fnbamd_ldap_init-search base is: ou=myou,dc=mydomain,dc=corp [974] __fnbamd_ldap_dns_cb-Resolved XXXX(idx 0) to 1xx.x.x.x [1025] __fnbamd_ldap_dns_cb-Still connecting. [508] create_auth_session-Total 1 server(s) to try [941] __ldap_connect-tcps_connect(1XX.XX.X.X) is established. [815] __ldap_rxtx-state 1(StartTLS) [852] fnbamd_ldap_send-sending 31 bytes to 1XX.XX.X.X [864] fnbamd_ldap_send-Request is sent. ID 1 [815] __ldap_rxtx-state 2(StartTLS resp) [1056] fnbamd_ldap_recv-Response len: 125, svr: 1XX.XX.X.X [756] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:extended-result [778] fnbamd_ldap_parse_response-Error 52(00000000: LdapErr: DSID-0C09102C, comment: Error initializing SSL/TLS, data 0, v2580) [791] fnbamd_ldap_parse_response-ret=52 [726] __ldap_stop-svr 'XXXX' [182] fnbamd_comm_send_result-Sending result 1 (error 0, nid 0) for req 1935135789 authenticate 'ldap-fortinet' against 'XXXX' failed!

 

 

 

1 REPLY 1
ede_pfau
Esteemed Contributor III

You need to import the certificate from your LDAP server into the FGT:

https://cookbook.fortinet.com/setting-up-ldap-over-ssl-windows-ad-54/


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors