No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

L2TP OVER IPSEC authentication with LDAP failed. The client shows authentication failed.

Publication Date:  2018-01-18 Views:  105 Downloads:  0
Issue Description

L2TP OVER IPSEC authentication with LDAP failed. The client shows authentication failed. 

Alarm Information

Debug aaa all information as below:


Jan 17 2018 10:42:15.635.15+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Pkt):] Make a packet of user bind(UserDN:uid=eric,ou=People,dc=ico,dc=local ).

Jan 17 2018 10:42:15.635.16+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Pkt):] status change to LDAP_FLAG_REQ_USR_BINDED.

Jan 17 2018 10:42:15.635.17+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Err):] Bind failed. Error number is [49].

Jan 17 2018 10:42:15.635.18+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Evt):] Receive a packet bind fail.

Jan 17 2018 10:42:15.635.19+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Pkt):] Receive a packet of user bind result fail.

Jan 17 2018 10:42:15.635.20+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Err):] BaseDN is empty.

Jan 17 2018 10:42:15.635.21+08:00 TG25FW01 LDAP/7/DEBUG:[LDAP(Err):] authentication rejected.

Handling Process

Do capture on firewall, finding the password it sent to LDAP is wrong.


Root Cause

L2TP only support PAP authentication type but not support CHAP. (All firewall version)

Solution
Change authentication from CHAP to PAP, it is working fine.


END