Hot!Error initializing SSL/TLS

Author
Roger Manich
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/04/04 03:12:34
  • Status: offline
2019/04/04 03:27:13 (permalink)
0

Error initializing SSL/TLS

Hi guys, 
I am trying to configure LDAP Authentication and there is an issue where I don't know where is the error.
 
- I configure LDAP Server on Fortinet which is Windows 2012 R2. 
- I add credentials for specific user [link=mailto:myldap@mydomain]myldap@mydomain[/link] and password. Bintype regular.
- Secure connection and STARTTLS.
- Test button works fine. If I can read the AD tree with no problems.
 
But when I try to test a user againt ldap I receive an error error initializing SSL/TLS (debug mode). All users cannot be authenticated fine. If I disable secure connection it works.
 
any ideas? I guess I need to do something in the server. But not sure.
 
thank you
 
Here the debug:
 
[2137] handle_req-Rcvd auth req 1935135789 for ldap-fortinet in XXXX opt=0000001b prot=0
[366] __compose_group_list_from_req-Group 'XXXX'
[605] fnbamd_pop3_start-ldap-fortinet
[1043] __fnbamd_cfg_get_ldap_list_by_server-Loading LDAP server 'XXXX'
[1552] fnbamd_ldap_init-search filter is: cn=ldap-fortinet
[1561] fnbamd_ldap_init-search base is: ou=myou,dc=mydomain,dc=corp
[974] __fnbamd_ldap_dns_cb-Resolved XXXX(idx 0) to 1xx.x.x.x
[1025] __fnbamd_ldap_dns_cb-Still connecting.
[508] create_auth_session-Total 1 server(s) to try
[941] __ldap_connect-tcps_connect(1XX.XX.X.X) is established.
[815] __ldap_rxtx-state 1(StartTLS)
[852] fnbamd_ldap_send-sending 31 bytes to 1XX.XX.X.X
[864] fnbamd_ldap_send-Request is sent. ID 1
[815] __ldap_rxtx-state 2(StartTLS resp)
[1056] fnbamd_ldap_recv-Response len: 125, svr: 1XX.XX.X.X
[756] fnbamd_ldap_parse_response-Got one MESSAGE. ID:1, type:extended-result
[778] fnbamd_ldap_parse_response-Error 52(00000000: LdapErr: DSID-0C09102C, comment: Error initializing SSL/TLS, data 0, v2580)
[791] fnbamd_ldap_parse_response-ret=52
[726] __ldap_stop-svr 'XXXX'
[182] fnbamd_comm_send_result-Sending result 1 (error 0, nid 0) for req 1935135789
authenticate 'ldap-fortinet' against 'XXXX' failed!
 
 
 
#1

1 Reply Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6028
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Error initializing SSL/TLS 2019/04/04 08:48:34 (permalink)
    0
    You need to import the certificate from your LDAP server into the FGT:
    https://cookbook.fortinet.com/setting-up-ldap-over-ssl-windows-ad-54/

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5