Unable to connecto to LDAP (Windows Server 2025)

Started by Tasagore, January 03, 2025, 03:57:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2025, 03:57:17 PM
Hi

I have a Windows Server 2025 as AD, the server has the policy Network security: LDAP client signing requirements as undefined (I've also tried with disabled), the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity has the value 1, so all seems to be configured to accept LDAP binding without SSL/TLS.

In OPNSense I configure all the LDAP settings but when I test the connection it shows this error:

Code Select
The following input errors were detected:
Authentication failed.
error: 00002028: LdapErr: DSID-0C090343, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v65f4
ldap_error: Strong(er) authentication required
Probably it's a Windows Server issue but I can't find how to solve it, seems that MS has disable the simple bind since when I try that from the server the same error appears (it works if I use bind with credentials).

Any idea?
January 03, 2025, 04:26:27 PM #1
Are you using LDAP (port 389) or LDAPS (port 636)? If not the latter, why not?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 03, 2025, 04:38:22 PM #2
Quote from: Patrick M. Hausen on January 03, 2025, 04:26:27 PMAre you using LDAP (port 389) or LDAPS (port 636)? If not the latter, why not?
I'm using LDAP (389) since it's how the AD server it's (apparently) configured.

Locally using bind with credentials works ok without SSL, simple bind is what fails and I guess that's the bind mode OPNSense is using.

I'm trying to setup with SSL but now the connection to the server fails (ldap_error: Can't contact LDAP server), I'm taking a look to the AD configuration in the Windows side.
January 03, 2025, 04:45:14 PM #3
Print
Go Up Pages1
User actions