Invalid Username/Password when authenticating using LDAP even with correct credentials

Invalid Username/Password when authenticating using LDAP even with correct credentials

67778
Created On 09/25/18 19:48 PM - Last Modified 06/07/23 00:42 AM


Symptom


Symptoms

When authenticating users using LDAP, for GlobalProtect and others, users are unable to connect, even though they are using the correct credentials. In the system logs, we can see Invalid Username or Password message:

 

1.jpeg

Diagnosis

The firewall is able to reach the LDAP server, the LDAP server profile configuration is proper as well. But checking the system logs and tailing authd.logs show Invalid Username/Password. Users are, in fact, using the correct credentials as they are able to RDP to their computers with the same credentials. Checking the LDAP authentication profile reveals that Login Attribute is empty.

 

2.png

Resolution


The LoginAttribute should have 'sAMAccountName' populated; else it won't work.

 

empty.png

 

Note: Also make sure the authentication profile associated with LDAP does not have spaces and that the username is part of the LDAP user group which is configured in the Allowed List.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleACAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language