Showing results for 
Search instead for 
Did you mean: 

MWG 7.0 problems proxy-auth with ldap

I'm trying to configure MWG 7.0 for proxy authentication with ldap. The ldap-configuration is running under MWG 6.8 without any problems. I have configured the authentication server settings like in the web gateway 6.8. But if I test the user authentication with the "Authentication Test" I get the following error:

Error: Authentication failed

If I test the ldap-connection with ldapsearch from another pc in the same network all is working fine.

How can I debug the authentication process? I can't find any error-log. Can I test the ldap from console (can't find any ldap-tools on console)?



4 Replies

Re: MWG 7.0 problems proxy-auth with ldap

Hi Janine,

I've had a similar problem with ntlm-agent authentication.

Is this a test-system or the main proxy? If it is a test system I would do this:

First of all take a look at the network traffic using the packet tracing tool and start a tcpdump (troubleshooting).

If you see the ldap requests and replies from the ldap server I would do the following:

@ Policy => Settings => Authentication. Add a new authentication setting,try the configuration again and test it with "Authentication Test". This worked for my ntlm-agent problem.

Perhaps you can post your sample configuration for ldap.




Re: MWG 7.0 problems proxy-auth with ldap

Hi Maik,

at the moment it is only a test installation (MWG vmware-appliance) with the ldap-configuration of our customer. In the tcpdump I can see that the communication between the webgateway and the ldap server is working. But the Authentication Test with the user shows:

LDAPMessage bindRequest(1) "test" simple
LDAPMessage bindResponse(1) invalidDNSyntax (invalid DN)

The dn to the user objects is the same like in web gateway 6.8.
In the ldap configuration the user-dn is "cn=test,ou=fwusers,dc=domain,dc=de". In Web Gateway I configured the base distinguished name to "ou=fwusers,dc=domain,dc=de" (same like in mwg 6.8).

In the tcpdump I can see that the login work for the ldap-user that is running the query:

LDAPMessage bindRequest(1) "cn=Webwasher,dc=domain,dc=de" simple
LDAPMessage bindResponse(1) success

I have create a new authentication method but the problem persist. The reinstallation of the web gateway was not successful.

What can I do to make it work?

Best regards,

Re: MWG 7.0 problems proxy-auth with ldap


can you verify if "Map user name to DN" is checked?



Re: MWG 7.0 problems proxy-auth with ldap

Hello Andre,

thanks for the tip. I have checked "Map user name to DN" but I have configured the wrong attribute (samaccountname=%u). After setting the right attribute "(cn=%u)" I get "Authentication OK".

Best regards,


More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community