This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
redcrow
Contributor
‎2020-09-30 07:04 AM

SNX Authentication with User Directory (LDAP not AD)

Hello everybody,

I configured a Unit Account with profile "Domino_DS" and added it to User Directory (VPN Clients > Authentication > Multiple Authentication Clients Settings) since I want to use LDAP accounts (email addresses) to allow users to connect in VPN.

cp01.PNG

I mapped the email address as UID.

cp02.PNG

cp03.PNG

The connection using Check Point Mobile client under Windows works well, but SNX under Linux cannot authenticate:

cp04.png

If I use a local VPN account with SNX, then it works.

What am I doing wrong?

Thanks,
Francesco

0 Kudos
2 Replies
John_Fleming
Advisor
‎2020-10-01 06:34 AM

Do a packet capture between the gateway and the ldap server and check if its connecting. First make sure the connection is successful. Then look at the ldap conversation to see if its correct.

Could be

Firewall can't connect to ldap server.

Firewall can't login to ldap to generate a query. 

Ldap server is rejecting login request for client.

I will say I don't think I've seen many people using none MS AD ldap so possible bug but check the other things first.

0 Kudos
redcrow
Contributor
‎2020-10-01 06:56 AM
In response to John_Fleming

Thank you for your reply. I will check that. Anyway, if the problem is connection between Gateway and LDAP (I'm sure it isn't), the Windows Endpoint shouldn't work, but it works.

0 Kudos