- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
LDAP client authentication failed
03/26/2020 
612 People found this article helpful
115,246 Views
Description
One of the most common errors encountered when configuring LDAP is authentication failed. This article will detail what that error means as well as steps to resolving the issue in most LDAP deployments.
Resolution
Authentication to the LDAP server is done through a binding in the form of either a distinguished name or anonymous login. Having an incorrect bind is the most common reason for seeing the Authentication Failed error when attempting to import Users/Groups or test Users/Groups on the SonicWall.
CAUTION: Not all LDAP deployments support anonymous binding and for security reasons distinguished name is recommended.
NOTE: The examples in this article will be shown with active directory however all the steps presented will work with and be applicable to any LDAP methodology.
Verifying the Bind Account and Settings
- Navigate to Users | Settings | Configure LDAP.
- On the Settings Tab verify the following information.
Name or IP Address: This must point to the LDAP server directly. If necessary verify that the SonicWall can resolve the Server's DNS or simply use an IP address.
Port Number: By default this is set to 389 (LDAP) but can be set to 636 (LDAP over TLS). Use 389 when troubleshooting to establish baseline functionality.
Server Timeout: Set to 10 Seconds by default. If the LDAP server is reached over a VPN, MPLS, or a routed network then consider increasing this value.
Anonymous Login / Login Name / Bind Distinguished Name: Login Name/Distinguished Name can be any User but must be case sensitive.
NOTE: When using Active Directory it's usually best to assign a bind the domain admin role.
Password: It's best to use a simple but secure password for the bind account, longer/complex passwords can cause timeouts between the LDAP server and SonicWall. CAUTION: While Special Characters are supported by many LDAP implementations it's best to remove them from any Bind Names and/or Passwords while troubleshooting.
Verifying the Directory Path
- Navigate to Users | Settings | Configure LDAP.
- On the Directory tab verify the following information.
Primary Domain: This must exactly match the domain name as shown on the LDAP server.
User Tree for Login to Server: This refers to the OU that the Bind resides in. Again this must exactly match what's on the LDAP Server or the SonicWall's bind request will not be authenticated by the server.
Configuration Examples
- In the below examples you can see we're using rowley.com as the Primary Domain and SWAdmin as the Bind. This user resides under rowley.com/Users. This information is then entered on the SonicWall making sure to keep case sensitivity in mind.
Related Articles
- Analyzing TCP reset(RST)packets
- ‘Error sending one-time password’ encountered when connecting to NetExtender
- Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
Categories
- Firewalls > NSa Series > User Login
- Firewalls > TZ Series > User Login
- Firewalls > NSv Series > User Login
YES
NO