FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ckumar_FTNT
Staff
Staff
Article Id 195337
Description
This article describes the LDAP most common authentication errors codes.

Solution
A quick list of common Active Directory LDAP bind errors and their meaning, If the bind fails, the LDAP server will return an error code that can be read from the debug/ Wireshark:
              Code
    0x525 <----- User not found.
    0x52e <----- Invalid credentials.
    0x530 <----- Not permitted to logon at this time.
    0x531 <----- Not permitted to logon from this workstation.
    0x532 <----- Password expired.
    0x533 <----- Account disabled.
    0x701 <----- Account expired.
    0x773 <----- User has to reset password.
      0x775  <----- Account locked out.

Results.

Sample output from Debug:
[829] fnbamd_ldap_parse_response-Got one MESSAGE. ID:3, type:bind
[851] fnbamd_ldap_parse_response-Error 49(80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v3839)    <----- Invalid credentials.
From Wireshark.




Related Articles

Troubleshooting Tip: Fortigate LDAP

Contributors