Because of the convenience in managing user accounts on one server, more and more network administrators use Active Directory server or LDAP server to authenticate the clients for VPN or for Internet Access with Vigor Router. However, it is not easy to get the right configurations in the beginning because the Active Directory/LDAP servers' structures are various. This document provides some tips on troubleshooting LDAP issues.
Verify the Active Directory/LDAP account by Ldp tool
For verifying if the user accounts are created correctly on the Active Directory/LDAP server, we can use the Ldp tool, contained in the support tool package, that Microsoft provided to verify the account first.
The steps are:
1. Download support tool from Microsoft website: https://www.microsoft.com/en-us/download/details.aspx?id=15326
2. Install support tool by double clicking suptools.msi
3. Run ldp.exe via Program Files(x86) > Support Tools
4. Connect to the Active Directory/LDAP server
5. Send a Bind Request.
- Click Bind under Connection
- Enter the User name, such as cn=vivian,ou=vpnusers,dc=draytek,dc=com
- Enter the Password
- Click OK
6. Server will respond the result of the Bind Request.
a. If server responds "Bind Failed" and "Invalid Credentials", that means the account or the password is not correct. Please recheck the user settings on the server.
b. If server responds "Authenticated", it means the bind is successful and we can move forward to the next step.
Verify the Active Directory/LDAP settings on Vigor Router
1.Use Simple mode to verify if Vigor Router can bind the user account that have been tested with Ldp tool successfully first.
2. Check if cn is configured for Common Name Identifier, and use the user account without cn=vivian that has been authenticated by LDAP server with Ldp tool for Base Distinguished Name.
3. Verify by creating VPN connection.
For the detailed steps, please refer to How to authenticate Host to LAN VPN with Active Directory/LDAP server?
- Wireshark packets on the Active Directory/LDAP server
- Screenshots of the User account on the Active Directory/LDAP server, such as
- Screenshots of the Active Directory/LDAP configurations on Vigor Router
- Remote management info to Vigor Router
- An account/password that has passed the Ldp tool test on the Active Directory/LDAP server for testing remotely