cancel
Showing results for 
Search instead for 
Did you mean: 
sec-wartung
Level 7

MWG 7.0 problems proxy-auth with ldap

I'm trying to configure MWG 7.0 for proxy authentication with ldap. The ldap-configuration is running under MWG 6.8 without any problems. I have configured the authentication server settings like in the web gateway 6.8. But if I test the user authentication with the "Authentication Test" I get the following error:

Authentication:
Error: Authentication failed

If I test the ldap-connection with ldapsearch from another pc in the same network all is working fine.

How can I debug the authentication process? I can't find any error-log. Can I test the ldap from console (can't find any ldap-tools on console)?

Regards

Janine

0 Kudos
4 Replies
MOberschelp
Level 7

Re: MWG 7.0 problems proxy-auth with ldap

Hi Janine,

I've had a similar problem with ntlm-agent authentication.

Is this a test-system or the main proxy? If it is a test system I would do this:

First of all take a look at the network traffic using the packet tracing tool and start a tcpdump (troubleshooting).

If you see the ldap requests and replies from the ldap server I would do the following:

@ Policy => Settings => Authentication. Add a new authentication setting,try the configuration again and test it with "Authentication Test". This worked for my ntlm-agent problem.

Perhaps you can post your sample configuration for ldap.

Regards,

Maik

0 Kudos
sec-wartung
Level 7

Re: MWG 7.0 problems proxy-auth with ldap

Hi Maik,

at the moment it is only a test installation (MWG vmware-appliance) with the ldap-configuration of our customer. In the tcpdump I can see that the communication between the webgateway and the ldap server is working. But the Authentication Test with the user shows:

LDAPMessage bindRequest(1) "test" simple
LDAPMessage bindResponse(1) invalidDNSyntax (invalid DN)

The dn to the user objects is the same like in web gateway 6.8.
In the ldap configuration the user-dn is "cn=test,ou=fwusers,dc=domain,dc=de". In Web Gateway I configured the base distinguished name to "ou=fwusers,dc=domain,dc=de" (same like in mwg 6.8).

In the tcpdump I can see that the login work for the ldap-user that is running the query:

LDAPMessage bindRequest(1) "cn=Webwasher,dc=domain,dc=de" simple
LDAPMessage bindResponse(1) success

I have create a new authentication method but the problem persist. The reinstallation of the web gateway was not successful.

What can I do to make it work?

Best regards,
Janine

0 Kudos
asabban
Level 17

Re: MWG 7.0 problems proxy-auth with ldap

Hello,

can you verify if "Map user name to DN" is checked?

best,

Andre

0 Kudos
sec-wartung
Level 7

Re: MWG 7.0 problems proxy-auth with ldap

Hello Andre,

thanks for the tip. I have checked "Map user name to DN" but I have configured the wrong attribute (samaccountname=%u). After setting the right attribute "(cn=%u)" I get "Authentication OK".

Best regards,

Janine

0 Kudos