USG-40 AD Auth "Wrong Bind DN or Base DN

Thysmith
Thysmith Posts: 16
First Comment Friend Collector Fourth Anniversary
 Freshman Member
in Security
Our AAA service setup using Active Directory is no longer working. Upgraded to firmware 4.62. Everything is setup the same with no major changes. Continually getting "Wrong Bind DN or Base DN". If I set the bind DN password to something I know is incorrect then I will get "Wrong Bind DN or Password".

Clearly the system is able to see that the info I am inputting is incorrect. Appears related to the Base DN info, but again nothing has changed. 

I assume it's the new firmware but are there any AD settings that might need to be verified or logs I can check?

Thanks. 

Best Answers

  • Zyxel_Can
    Zyxel_Can Posts: 342
    5 Answers First Comment Friend Collector
     Zyxel Employee
    Answer ✓

    Hi @Thysmith,

     

    In the provided packets I see;

    “The server requires binds to turn on integrity checking if SSL\TLS are not already activate on the connection.” as response from your AD server."



    Can you share your AAA Server settings? ( Configuration > Object > AAA Server > Active Directory)

    Can you share your startup-config.conf file with me by private message?

     

    Can you also try to switch "Use SSL" checkbox in the settings and try again?

  • Thysmith
    Thysmith Posts: 16
    First Comment Friend Collector Fourth Anniversary
     Freshman Member
    Answer ✓
    You nailed it! Good find.


    I needed to use port 686 to use SSL, but it is working now. Thank you for your assistance!

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342
    5 Answers First Comment Friend Collector
     Zyxel Employee

    Hi @Thysmith,

     

    Did you input Base DN and Bind DN information correctly?

    (Configuration > Object > AAA Server > Active Directory)

    (Active Directory Users and Computers > Properties > Attribute Editor > distinguishedName)


    (Active Directory Users and Computers > Users > Properties > Attribute Editor > distinguishedName)


    Here you can find related KB article;

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014326&lang=EN
  • Thysmith
    Thysmith Posts: 16
    First Comment Friend Collector Fourth Anniversary
     Freshman Member
    Yes, everything is correct. As I said, everything worked fine before. 
  • soul
    soul Posts: 29
    First Comment
     Freshman Member
    reboot your AD
  • Thysmith
    Thysmith Posts: 16
    First Comment Friend Collector Fourth Anniversary
     Freshman Member
    @soul

    I was hopeful that would work as I had not done that but I rebooted everything and it is still giving me the same error. 
  • Zyxel_Can
    Zyxel_Can Posts: 342
    5 Answers First Comment Friend Collector
     Zyxel Employee
    Hi @Thysmith,

    Did that issue start after upgrading to 4.62?

    Can you capture packets when you testing and adding your Active directory and send me by private message?

Categories

Security Highlight


Read more

Security Help Center

  • FAQ
  • New & Release
  • Monthly Express
  • Threat Intelligence
  • Video Tutorials
    • EnglishTiếng ViệtРусскийไทย中文(台灣)