AD Authentication: Invalid DN syntax

Fabio_Dangelo
Fabio_Dangelo Posts: 14  Freshman Member
10 Comments Friend Collector
edited April 24 in USG FLEX H Series

Hello.

Just update to 1.20 firmware to enable AD authentication.

The firewall FLEX500H is allready joined to AD and I can see it as Computer in Active Directory users and computers.

When I try to test the configuration I get the error "Invalid DN syntax".

What's wrong?

Screenshot 2024-04-24 111200.png

thank you

Accepted Solution

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector
    Answer ✓

    Solved!

    You have to be shure that user's distinguishedName is shorter than 63 char.

    If not it will fails.

    You can check user's distinguishedName in user advanced attributes in Active Directory User And Computer enabling "Advanced Features".

«1

All Replies

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector

    any advise?

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Second Anniversary 500 Comments 100 Answers Zyxel Certified Sales Associate

    Please check on Advanced Settings, I suspect that you input the wrong information to Group Membership Attribute or something else.

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector

    this?

    I left the default values

    Screenshot 2024-04-30 084212.png

  • YanShadowGT
    YanShadowGT Posts: 11  Freshman Member
    Fourth Anniversary Friend Collector First Comment

    Hello,

    I have the same problem leaving the default values in advanced, the AD I want to connect to is Windows 2019

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector

    mine is 2016.

    I think the problem is this firewall (too young), not server OS.

    Let's see if ZyXEL can fix it.

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector
    Answer ✓

    Solved!

    You have to be shure that user's distinguishedName is shorter than 63 char.

    If not it will fails.

    You can check user's distinguishedName in user advanced attributes in Active Directory User And Computer enabling "Advanced Features".

  • YanShadowGT
    YanShadowGT Posts: 11  Freshman Member
    Fourth Anniversary Friend Collector First Comment

    Hello,

    It doesn't work for me, user's distinguishedName is shorter than 63 char and same error Invalid DN syntax

    image.png

  • Fabio_Dangelo
    Fabio_Dangelo Posts: 14  Freshman Member
    10 Comments Friend Collector

    Test is the user account with administration rights used to join the domain and used to query the DC?

    Did you added the required DNS forward rule too?

  • YanShadowGT
    YanShadowGT Posts: 11  Freshman Member
    Fourth Anniversary Friend Collector First Comment

    Thank you for your prompt help, I found the problem, it must be made clear that it only works in the Domain Users folder, if the user is in another folder it stops working.

    Everything working correctly!!!

  • fschenckel
    fschenckel Posts: 2  Freshman Member
    First Comment First Anniversary

    Hello,
    I get exactly the same error (Invalid DN syntax). The domain is correctly joined, but all user tested are failing !

    We have users organised in several OUs, so the limit with 63 chars may be over.
    But hey, what's this for a limit ?? I'm coming from a VPN 100 and wanted the Flex 200H the replace it, but what a mess, these are absolutly not compatible, need to reconfigure all manually, and many functions are missing !!
    This seems an unfinished product to me. Can't understand ! I'm thinking about returning it…

    ⇒ Did you added the required DNS forward rule too?
    What means exactly this, could oit be related ?

    I hope someone can help !

    Thanks !

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)