Troubleshooting Active Directory/LDAP server issues
Vigor Router supports using an Active Directory server or LDAP server to authenticate VPN clients or LAN clients. However, it is not easy to get the right configurations in the beginning because there are various Active Directory/LDAP servers' structures. This document provides some tips on troubleshooting LDAP issues.
Verify the Active Directory/LDAP account by Ldp tool
To check if the user accounts are created correctly on the Active Directory/LDAP server, we can use the Ldp tool, which is included in the support package provided by Microsoft.
The steps are:
- Download the ldp tool here.
- Unzip the file and run ldp.exe
- Connect to the Active Directory/LDAP server
- Send a Bind Request.
- Click Bind under Connection
- Enter the User name, such as
cn=vivian,ou=vpnusers,dc=draytek,dc=com - Enter the Password
- Click OK
- The server will respond to the result of the Bind Request.
- If the server responds
Bind FailedandInvalid Credentials, that means the account or the password is not correct. Please recheck the user settings on the server. - If the server responds
Authenticated,it means the binding is successful, and we can move forward to the next step.
- If the server responds
Verify the Active Directory/LDAP settings on Vigor Router
1. Use Simple mode to verify if Vigor Router can bind the user account that has been tested with the Ldp tool successfully first.
2. Check if cn is configured for Common Name Identifier, and use the user account without cn=vivian that has been authenticated by LDAP server with Ldp tool for Base Distinguished Name.
3. Verify by creating a VPN connection. For the detailed steps, please refer to Authenticate Remote Dial-In VPN Clients with AD/LDAP Server
Contacting Support
If Simple Bind by LDP tool works but VPN still cannot pass the Active Directory/LDAP authentication, please provide the information below and then email them to [email protected] for our analysis.
- Wireshark packets on the Active Directory/LDAP server
- Screenshots of the User account on the Active Directory/LDAP server, such as
- Screenshots of the Active Directory/LDAP configurations on Vigor Router
- Remote management info to Vigor Router
- An account/password that has passed the Ldp tool test on the Active Directory/LDAP server for testing remotely
Published On:2017-11-07
Was this helpful?