Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 38 subscribers
  • Views 1790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding ldap server for authentication fails

Shmulik Ahituv

Hi,
I'm trying to add an LDAP server to Sophos XG firewall version SFVH (SFOS 17.5.9 MR-9.HF062020.1) but no luck.
I'm getting "Device-LDAP server connectivity test failed"
Here is my setup:

 
When testing the LDAP server via the Linux command line tool ldapsearch it works fine.
I'm using the following command:

ldapsearch -x -LLL -H ldaps://<mydomain.com>:636 -D "uid=<user@mydomain.com>,dc=<mydomain>,dc=<mydomain>,dc=com" -w <mypassword> -b "dc=<mydomain>,dc=
<mydomain>,dc=com"

values surrounded by <> are of course being replaced when testing



how can i troubleshoot the faulty connection?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community!

    I would advise you to put the access_server process in debug, replicate the issue and provide access_server logs in debug. 

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug:

    • service access_server:debug -d -s nosync

    Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?

    Once you capture the access_server logs in debug, run the same command to put access_server service in normal running mode. 

    Run this command to check service status :

    •  service -S | grep access_server

    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Please PM me the logs and user name. 

    Thanks,

  • 0 in reply to FormerMember

    managed to figure this out. uid was wrong.
    i really suggest to put some informational error messages as these issues with ldap/ad/radius auth re-occurs to many users 
    Thanks

Unfiltered HTML