USG-40 AD Auth "Wrong Bind DN or Base DN

Thysmith
Thysmith Posts: 16  Freshman Member
First Comment Friend Collector Fourth Anniversary
in Security
Our AAA service setup using Active Directory is no longer working. Upgraded to firmware 4.62. Everything is setup the same with no major changes. Continually getting "Wrong Bind DN or Base DN". If I set the bind DN password to something I know is incorrect then I will get "Wrong Bind DN or Password".

Clearly the system is able to see that the info I am inputting is incorrect. Appears related to the Base DN info, but again nothing has changed. 

I assume it's the new firmware but are there any AD settings that might need to be verified or logs I can check?

Thanks. 

Best Answers

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector
    Answer ✓

    Hi @Thysmith,

     

    In the provided packets I see;

    “The server requires binds to turn on integrity checking if SSL\TLS are not already activate on the connection.” as response from your AD server."



    Can you share your AAA Server settings? ( Configuration > Object > AAA Server > Active Directory)

    Can you share your startup-config.conf file with me by private message?

     

    Can you also try to switch "Use SSL" checkbox in the settings and try again?

  • Thysmith
    Thysmith Posts: 16  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    Answer ✓
    You nailed it! Good find.


    I needed to use port 686 to use SSL, but it is working now. Thank you for your assistance!

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector

    Hi @Thysmith,

     

    Did you input Base DN and Bind DN information correctly?

    (Configuration > Object > AAA Server > Active Directory)

    (Active Directory Users and Computers > Properties > Attribute Editor > distinguishedName)


    (Active Directory Users and Computers > Users > Properties > Attribute Editor > distinguishedName)


    Here you can find related KB article;

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=014326&lang=EN
  • Thysmith
    Thysmith Posts: 16  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    Yes, everything is correct. As I said, everything worked fine before. 
  • soul
    soul Posts: 29  Freshman Member
    First Comment
    reboot your AD
  • Thysmith
    Thysmith Posts: 16  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    @soul

    I was hopeful that would work as I had not done that but I rebooted everything and it is still giving me the same error. 
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector
    Hi @Thysmith,

    Did that issue start after upgrading to 4.62?

    Can you capture packets when you testing and adding your Active directory and send me by private message?
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    25 Answers First Comment Friend Collector
    Answer ✓

    Hi @Thysmith,

     

    In the provided packets I see;

    “The server requires binds to turn on integrity checking if SSL\TLS are not already activate on the connection.” as response from your AD server."



    Can you share your AAA Server settings? ( Configuration > Object > AAA Server > Active Directory)

    Can you share your startup-config.conf file with me by private message?

     

    Can you also try to switch "Use SSL" checkbox in the settings and try again?

  • Thysmith
    Thysmith Posts: 16  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    Answer ✓
    You nailed it! Good find.


    I needed to use port 686 to use SSL, but it is working now. Thank you for your assistance!

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)