KB44557 - External Duo LDAP Server not Reachable

Printable View

« Go Back

Information

Last Modified Date	9/2/2020 4:40 PM

Synopsis

External Duo LDAP Server not Reachable

This article describes an issue where Duo LDAP server is not reachable when the the LDAP traffic is trying to reach it via the Internal interface.

Problem or Goal

Behavior: Users can ping the external (DUO) server from the PSA but will be unable to connect to it.

User Access Logs:
Minor AUT23391 2020-05-05 11:08:07 - ive - [10.3.160.17] user1(Realm)[role] -

Could not connect to LDAP server 'Duo-LDAP': Failed binding to admin DN: [81] Can't contact LDAP server: api-xxxxx:636

Cause

This happens when the internal interface does not have internet connectivity or reachability to the Duo LDAP server.

Solution

To enable Auth traffic control and set the Interface which has internet connectivity, follow the below steps:

On the Admin UI, select Authentication > Auth Servers

User-added image

Click Enable Auth Traffic Control. A new window appears.
User-added image

Click Enable Traffic Decoupling to confirm. The page navigates to the Auth server page that displays the options to configure the AAA traffic interfaces.

Select Global Setting to use same interface across all supported authentication servers or select Auth Server Level to select the interface for the LDAP server for the AAA traffic.
User-added image

Note: For 9.0R2 and previous releases, enable the Send AAA Traffic via Management Port to send AAA traffic through management port. From 9.0R3 release, this option is enhanced and modified. For more information see, AAA Traffic Management. Please refer 9.0R3 What's New Document for more information

Related Articles

KB44557 - External Duo LDAP Server not Reachable

Information

External Duo LDAP Server not Reachable

Feedback

Was this article helpful?