I'm trying to configure MWG 7.0 for proxy authentication with ldap. The ldap-configuration is running under MWG 6.8 without any problems. I have configured the authentication server settings like in the web gateway 6.8. But if I test the user authentication with the "Authentication Test" I get the following error:
Error: Authentication failed
If I test the ldap-connection with ldapsearch from another pc in the same network all is working fine.
How can I debug the authentication process? I can't find any error-log. Can I test the ldap from console (can't find any ldap-tools on console)?
I've had a similar problem with ntlm-agent authentication.
Is this a test-system or the main proxy? If it is a test system I would do this:
First of all take a look at the network traffic using the packet tracing tool and start a tcpdump (troubleshooting).
If you see the ldap requests and replies from the ldap server I would do the following:
@ Policy => Settings => Authentication. Add a new authentication setting,try the configuration again and test it with "Authentication Test". This worked for my ntlm-agent problem.
Perhaps you can post your sample configuration for ldap.
at the moment it is only a test installation (MWG vmware-appliance) with the ldap-configuration of our customer. In the tcpdump I can see that the communication between the webgateway and the ldap server is working. But the Authentication Test with the user shows:
LDAPMessage bindRequest(1) "test" simple
LDAPMessage bindResponse(1) invalidDNSyntax (invalid DN)
The dn to the user objects is the same like in web gateway 6.8.
In the ldap configuration the user-dn is "cn=test,ou=fwusers,dc=domain,dc=de". In Web Gateway I configured the base distinguished name to "ou=fwusers,dc=domain,dc=de" (same like in mwg 6.8).
In the tcpdump I can see that the login work for the ldap-user that is running the query:
LDAPMessage bindRequest(1) "cn=Webwasher,dc=domain,dc=de" simple
LDAPMessage bindResponse(1) success
I have create a new authentication method but the problem persist. The reinstallation of the web gateway was not successful.
What can I do to make it work?
thanks for the tip. I have checked "Map user name to DN" but I have configured the wrong attribute (samaccountname=%u). After setting the right attribute "(cn=%u)" I get "Authentication OK".