Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1292
Views
0
Helpful
1
Replies

LDAP bind failed in DAG

Qingguo Zhang
Cisco Employee
Cisco Employee

‎01-31-2020 07:37 PM

Hi experts

I am installing DAG and encounter LDAP bind failure during integrating with AD (win 2012 server.

Here is my setting and errors in log. I changed username format to DUOTEST\ldapuser or shortname only, it doesn’t work

Attributes: distinguishedName,sAMAccountName,userPrincipalName
Search Base:CN=DUO,DC=DUOTEST,DC=local
Search attributes: sAMAccountName
Search username:ldapuser@DUOTEST.local

Feb 01 02:44:34 simplesamlphp DEBUG [f0c22eda30] Binded session success. The user’s IP address and User Agent has not changed since last login.
Feb 01 02:44:34 simplesamlphp DEBUG [f0c22eda30] Session: Valid session found with ‘admin’.
Feb 01 02:44:34 simplesamlphp DEBUG [f0c22eda30] Session: Valid session found with ‘admin’.
Feb 01 02:44:34 simplesamlphp ERROR [f0c22eda30] SimpleSAML_Error_Exception: Error 2 - ldap_bind(): Unable to bind to server: Invalid credentials|Backtrace:|9 C:\inetpub\wwwroot\dag\www_include.php:87 (SimpleSAML_error_handler)|8 [builtin] (ldap_bind)|7 C:\inetpub\wwwroot\dag\lib\SimpleSAML\Auth\LDAP.php:807 (SimpleSAML_Auth_LDAP::ldap_bind_test)|6 C:\inetpub\wwwroot\dag\modules\duosecurity\www\admin\duo_ad.php:99 (include)|5 C:\inetpub\wwwroot\dag\lib\SimpleSAML\Module.php:210 (SimpleSAML_Module::{closure})|4 C:\inetpub\wwwroot\dag\lib\SimpleSAML\Module.php:211 (SimpleSAML_Module::includeModuleFile)|3 C:\inetpub\wwwroot\dag\modules\duosecurity\templates\admin\duo_authsource.tpl.php:62 (require)|2 C:\inetpub\wwwroot\dag\lib\SimpleSAML\XHTML\Template.php:581 (SimpleSAML_XHTML_Template::show)|1 C:\inetpub\wwwroot\dag\modules\duosecurity\www\admin\duo_authsource.php:50 (require)|0 C:\inetpub\wwwroot\dag\www\module.php:140 (N/A)
Feb 01 02:44:34 simplesamlphp DEBUG [f0c22eda30] Error detected at shutdown: E_WARNING: ldap_bind(): Unable to bind to server: Invalid credentials in C:\inetpub\wwwroot\dag\lib\SimpleSAML\Auth\LDAP.php on line 807

thanks

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎02-04-2020 12:37 PM

The log you provided indicates that the LDAP credentials aren’t correct. Please double-check the name and password you configured in the AD authentication source settings. As per the instructions the bind username should be specified as DUOTEST\ldapuser, not the UPN or sAM only. Also verify that the Base DN is correct; that any user that needs to bind via the DAG (including the search username service account) are located under the DUO container in your directory. Is it possible that DUO is an organizational unit and not a container? If so, the DN would be OU=DUO,DC=DUOTEST,DC=local.

Duo, not DUO.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents