cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

McAfee || Web Gateway || LDAPS Auth Fail

Jump to solution

Hi All,

 

I have setup an LDAP auth on MWG Gateway, which is work (https://community.mcafee.com/t5/Enterprise-Documents/Web-Gateway-Understanding-LDAP-Authentication/t...)

But when I change to LDAPS, it become fail

 

May someone have any hints? What does error -1 mean? error 1?

update 20201019:

         an Unknown CA alert show in TCP-dump

Update 20201020

      uploaded "outldapsearch.docx"

 

Error log

[2020-10-19 11:36:30.755 +08:00] [3909] LDAP (12972, 127.0.0.1) URL: http://127.0.0.1/plugin?target=Auth&reason=AdminAuth
[2020-10-19 11:36:30.755 +08:00] [3909] LDAP (12972, 127.0.0.1) Configuration: LDAP 2 Connection: 0x7f164809ada0 RR: 0x7f16b08ddc50
[2020-10-19 11:36:30.755 +08:00] [3909] LDAP (12972, 127.0.0.1) Incoming credentials: Basic dXNlcjE6UEBzc3cwcmQ=
[2020-10-19 11:36:33.028 +08:00] [1939] LDAP: Failed to connect to server bdldap.local Last error -1
[2020-10-19 11:36:35.757 +08:00] [1935] LDAP: Failed to connect to server bdldap.local Last error -1
[2020-10-19 11:36:36.756 +08:00] [3902] LDAP (12972, 127.0.0.1) Added authentication method: Basic realm="bdldap"
[2020-10-19 11:36:36.756 +08:00] [3902] LDAP (12972, 127.0.0.1) Authentication didn't return values, failure ID: 5, authentication failed: 1
[2020-10-19 11:37:22.762 +08:00] [3878] LDAP (12973, 127.0.0.1) URL: http://127.0.0.1/plugin?target=Auth&reason=AdminAuth
[2020-10-19 11:37:22.762 +08:00] [3878] LDAP (12973, 127.0.0.1) Configuration: LDAP 2 Connection: 0x7f15fc2aeab0 RR: 0x7f16b08ddc50
[2020-10-19 11:37:22.762 +08:00] [3878] LDAP (12973, 127.0.0.1) Incoming credentials: Basic dXNlcjE6UEBzc3cwcmQ=
[2020-10-19 11:37:22.767 +08:00] [1942] LDAP: Failed to connect to server bdldap.local Last error -1
[2020-10-19 11:37:27.768 +08:00] [1938] LDAP: Failed to connect to server bdldap.local Last error -1
[2020-10-19 11:37:28.763 +08:00] [3910] LDAP (12973, 127.0.0.1) Added authentication method: Basic realm="bdldap"
[2020-10-19 11:37:28.763 +08:00] [3910] LDAP (12973, 127.0.0.1) Authentication didn't return values, failure ID: 5, authentication failed: 1

 

What I have done

1. Change LDPA Specific Parameters to LDAPS

 

1.JPG

2. import cert get by command "# openssl s_client -showcerts -connect  LDAPS_SERVER_ADDRESS:PORT"

 (There are only one cert but not two https://community.mcafee.com/t5/Enterprise-Documents/Web-Gateway-Understanding-and-Configuring-Kerbe...

(LDAPS cert is self-signed)

2.JPG

 

1019 14:11 update

 

3. added crt file to /etc/ssl/certs

4.JPG

 

 

Other logs

Fail 5 seem are results compare false

https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/reference-pages/r...

 

By TCPDUMP, there is an unknown CA alert, may it be adding cert in list of ca not enough?

 

3.JPG

 

 

Regards

Tony

1 Solution

Accepted Solutions
Highlighted

Re: McAfee || Web Gateway || LDAPS Auth Fail

Jump to solution

Hi All,

 

Issue fixed by rebuild a new AD server, should be something wrong on Cert and FQDN

https://techcommunity.microsoft.com/t5/sql-server/step-by-step-guide-to-setup-ldaps-on-windows-serve...

https://ithelp.ithome.com.tw/articles/10229428?sc=rss.qu

 

There are some error during test

Authentication didn't return values, failure ID: 5,

In my test, it Mostly related on cert and hostname, the fqdn (ldaps://FQDN:636) is not complete

 

Authentication didn't return values, failure ID: 8

Base Distinguished name is incorrect

 

Regards

tony

View solution in original post

1 Reply
Highlighted

Re: McAfee || Web Gateway || LDAPS Auth Fail

Jump to solution

Hi All,

 

Issue fixed by rebuild a new AD server, should be something wrong on Cert and FQDN

https://techcommunity.microsoft.com/t5/sql-server/step-by-step-guide-to-setup-ldaps-on-windows-serve...

https://ithelp.ithome.com.tw/articles/10229428?sc=rss.qu

 

There are some error during test

Authentication didn't return values, failure ID: 5,

In my test, it Mostly related on cert and hostname, the fqdn (ldaps://FQDN:636) is not complete

 

Authentication didn't return values, failure ID: 8

Base Distinguished name is incorrect

 

Regards

tony

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community