USG-40 AD Auth "Wrong Bind DN or Base DN
Our AAA service setup using Active Directory is no longer working. Upgraded to firmware 4.62. Everything is setup the same with no major changes. Continually getting "Wrong Bind DN or Base DN". If I set the bind DN password to something I know is incorrect then I will get "Wrong Bind DN or Password".
Clearly the system is able to see that the info I am inputting is incorrect. Appears related to the Base DN info, but again nothing has changed.
I assume it's the new firmware but are there any AD settings that might need to be verified or logs I can check?
Thanks.
Clearly the system is able to see that the info I am inputting is incorrect. Appears related to the Base DN info, but again nothing has changed.
I assume it's the new firmware but are there any AD settings that might need to be verified or logs I can check?
Thanks.
0
Best Answers
-
Hi @Thysmith,
In the provided packets I see;
“The server requires binds to turn on integrity checking if SSL\TLS are not already activate on the connection.” as response from your AD server."Can you share your AAA Server settings? ( Configuration > Object > AAA Server > Active Directory)
Can you share your startup-config.conf file with me by private message?
0 -
You nailed it! Good find.
I needed to use port 686 to use SSL, but it is working now. Thank you for your assistance!1
All Replies
-
Hi @Thysmith,
Did you input Base DN and Bind DN information correctly?
(Configuration > Object > AAA Server > Active Directory)
(Active Directory Users and Computers > Properties > Attribute Editor > distinguishedName)
(Active Directory Users and Computers > Users > Properties > Attribute Editor > distinguishedName)Here you can find related KB article;
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014326&lang=EN
0 -
Yes, everything is correct. As I said, everything worked fine before.0
-
reboot your AD0
-
Hi @Thysmith,
In the provided packets I see;
“The server requires binds to turn on integrity checking if SSL\TLS are not already activate on the connection.” as response from your AD server."Can you share your AAA Server settings? ( Configuration > Object > AAA Server > Active Directory)
Can you share your startup-config.conf file with me by private message?
0 -
You nailed it! Good find.
I needed to use port 686 to use SSL, but it is working now. Thank you for your assistance!1
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight