# diagnose debug disableIn case:
# diagnose debug reset
# diagnose debug application fnbamd -1
# diagnose debug enable
# diagnose test authserver ldap <servername> <username> <password>
# diagnose debug disableThere is an issue when below message show up:
# diagnose debug reset
# diagnose debug application fnbamd -1
# diagnose debug enable
# diagnose test authserver ldap <servername> <username> <password>
“error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol”From the full message:
[934] __ldap_connect-tcps_connect(x.x.x.x) failed: ssl_connect() failed: 5 (error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol).
[1139] __fnbamd_cfg_get_ldap_list_by_group-Loading LDAP server 'TEST24' for usergroup 'VPN-Degaudenz-C3-GR' (12)SOLUTION:
[1607] fnbamd_ldap_init-search filter is: sAMAccountName=testUser
[1616] fnbamd_ldap_init-search base is: dc=testgroup,dc=local
[991] __fnbamd_ldap_dns_cb-Resolved TEST24 (idx 0) to 10.10.24.15
[1059] __fnbamd_ldap_dns_cb-Still connecting.
[556] create_auth_session-Total 1 server(s) to try
[214:root:c2]fam_auth_send_req_internal:453 fnbam_auth return: 4
[934] __ldap_connect-tcps_connect(10.10.24.5) failed: ssl_connect() failed: 5 (error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol).
[770] __ldap_try_next_server-LDAP TEST24' conn failed, svr: 10.10.24.5.
[736] __ldap_error-
[725] __ldap_stop-svr ‘TEST24’
#config system globalOr configure minimum ssl version following LDAP server with:
set ssl-min-proto-version TLSv1
end
#config system global
set ssl-min-proto-version <version>
end
Version2) Check SSL minimum proto version on FortiGate unit with:
SSLv3 SSLv3.
TLSv1 TLSv1.
TLSv1-1 TLSv1.1.
TLSv1-2 TLSv1.2.
config system globalAnd check under:
get
ssl-min-proto-version:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.