Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 1825 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP Authentication (authorization Failed)

Gianluca Gerunda

Hi all and good morning.

Hope to write in the right section.

I owning a XG210 Cluster and I'm trying to set up the authentication against an LDAP Server; the LDAP works fine because I've dozens of server that using it; the firewall, instead, refuse to authenticate.

Or better, from access_server.log I see the authentication phase works and the credentials are correctly validated; the process stucks on the authorization phase, where I receive the error:

ERROR Mar 11 09:11:56 [4141828736]: handle_pam_authorization: VPN/SSLVPN/MYACC Authorization Failed, result_code=1

Any idea on anything to check?

 

Thanks in advance,

Gianluca



This thread was automatically locked due to age.
Parents
  • 0

    You could put the access_server into Debug: service access_server:debug -ds nosync 

    Then perform your test and use the same command to disable the Debug Mode (will log much data).

    Take a look at the access_server and try to verify the issue. 

     

    My experience could be: VPN not selected the correct AD server. AD Server is denying the request, XG cannot use the selected AD Server, User is not in Group of the VPN permitted users. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Lucar,

     

    thanks for the nice trick.

    I use LDAP to authenticate administrators, but I didn't create the local user.

    I created it with a fake password and now I can join the device with LDAP credentials.

     

    Thanks a lot,

    Gianluca

Reply Children
No Data
Unfiltered HTML