Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2160 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG constantly using LDAP (UDP 389) port to AD while LDAPS (port 636) is configured

apijnappels

In XG I have configured an AD server and when checking it checks fine. Also clients using CAA to authenticate generate traffic to the AD-server on port 636. However, there is an almost constant feed of traffic from the XG to the AD machine on UDP port 389. The traffic is accepted in the firewall, but our AD-servers do not accept unencrypted LDAP traffic and the authentication request therefor fails.

In Authentication Log this shows like this:

I expect that this might have something to do with STAS, but inside the XG I cannot find where to configure how STAS should communicate with the AD DC.

Anyone knows how I can make the XG to only use encrypted LDAP queries on port 636?



This thread was automatically locked due to age.
Parents
  • 0

    Do you guys use NTLM/Kerberos? 

    I found in the latest version, that NTLM/Kerberos seems to ignore the configured Port and uses Port 389. There is a Bug ID for this: NC-66450 

    Check if you are using NTLM/Kerberos = You can deactivate it, if not needed, by disable AD SSO for all zones in Device Access. 

  • 0 in reply to LuCar Toni

    Hi

    Deactivating AD SSO for all zones did indeed stop the traffic from appearing in the Authentication logs, the last log line is "AD SSO authentication disabled from device access".

    Will that also completely disable STAS or will STAS and CAA still work?

Reply Children