https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/97924#M9828 <P>Hello everybody,</P><P>I configured a Unit Account with profile "Domino_DS" and added it to User Directory (VPN Clients &gt; Authentication &gt; Multiple Authentication Clients Settings) since I want to use LDAP accounts (email addresses) to allow users to connect in VPN.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp01.PNG" style="width: 847px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8221i7E1F0954D8F584E9/image-size/large?v=v2&amp;px=999" role="button" title="cp01.PNG" alt="cp01.PNG" /></span></P><P>I mapped the email address as UID.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp02.PNG" style="width: 831px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8222i9E019BC22F8E1A27/image-size/large?v=v2&amp;px=999" role="button" title="cp02.PNG" alt="cp02.PNG" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp03.PNG" style="width: 712px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8223i0070387E8BC8F405/image-size/large?v=v2&amp;px=999" role="button" title="cp03.PNG" alt="cp03.PNG" /></span></P><P>The connection using Check Point Mobile client under Windows works well, but SNX under Linux cannot authenticate:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp04.png" style="width: 530px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8224i485BA3FC91FFE927/image-size/large?v=v2&amp;px=999" role="button" title="cp04.png" alt="cp04.png" /></span></P><P>If I use a local VPN account with SNX, then it works.</P><P>What am I doing wrong?</P><P>Thanks,<BR />Francesco</P> Wed, 30 Sep 2020 14:04:45 GMT redcrow 2020-09-30T14:04:45Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/97924#M9828 <P>Hello everybody,</P><P>I configured a Unit Account with profile "Domino_DS" and added it to User Directory (VPN Clients &gt; Authentication &gt; Multiple Authentication Clients Settings) since I want to use LDAP accounts (email addresses) to allow users to connect in VPN.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp01.PNG" style="width: 847px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8221i7E1F0954D8F584E9/image-size/large?v=v2&amp;px=999" role="button" title="cp01.PNG" alt="cp01.PNG" /></span></P><P>I mapped the email address as UID.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp02.PNG" style="width: 831px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8222i9E019BC22F8E1A27/image-size/large?v=v2&amp;px=999" role="button" title="cp02.PNG" alt="cp02.PNG" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp03.PNG" style="width: 712px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8223i0070387E8BC8F405/image-size/large?v=v2&amp;px=999" role="button" title="cp03.PNG" alt="cp03.PNG" /></span></P><P>The connection using Check Point Mobile client under Windows works well, but SNX under Linux cannot authenticate:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp04.png" style="width: 530px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8224i485BA3FC91FFE927/image-size/large?v=v2&amp;px=999" role="button" title="cp04.png" alt="cp04.png" /></span></P><P>If I use a local VPN account with SNX, then it works.</P><P>What am I doing wrong?</P><P>Thanks,<BR />Francesco</P> Wed, 30 Sep 2020 14:04:45 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/97924#M9828 redcrow 2020-09-30T14:04:45Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/98004#M9829 <P>Do a packet capture between the gateway and the ldap server and check if its connecting. First make sure the connection is successful. Then look at the ldap conversation to see if its correct.</P><P>Could be</P><P>Firewall can't connect to ldap server.</P><P>Firewall can't login to ldap to generate a query.&nbsp;</P><P>Ldap server is rejecting login request for client.</P><P>I will say I don't think I've seen many people using none MS AD ldap so possible bug but check the other things first.</P> Thu, 01 Oct 2020 13:34:23 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/98004#M9829 John_Fleming 2020-10-01T13:34:23Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/98007#M9830 <P>Thank you for your reply. I will check that. Anyway, if the problem is connection between Gateway and LDAP (I'm sure it isn't), the Windows Endpoint shouldn't work, but it works.</P> Thu, 01 Oct 2020 13:56:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/SNX-Authentication-with-User-Directory-LDAP-not-AD/m-p/98007#M9830 redcrow 2020-10-01T13:56:49Z