Reset Search
 

 

Article

KB44557 - External Duo LDAP Server not Reachable

« Go Back

Information

 
Last Modified Date9/2/2020 4:40 PM
Synopsis

External Duo LDAP Server not Reachable

This article describes an issue where Duo LDAP server is not reachable when the the LDAP traffic is trying to reach it via the Internal interface.

Problem or Goal
Behavior:  Users can ping the external (DUO) server from the PSA but will be unable to connect to it.

User Access Logs:
Minor AUT23391 2020-05-05 11:08:07 - ive - [10.3.160.17] user1(Realm)[role] -

Could not connect to LDAP server 'Duo-LDAP': Failed binding to admin DN: [81] Can't contact LDAP server: api-xxxxx:636

 
Cause
This happens when the internal interface does not have internet connectivity or reachability to the Duo LDAP server.
 
Solution

To enable Auth traffic control and set the Interface which has internet connectivity, follow the below steps:

On the Admin UI,  select Authentication > Auth Servers

User-added image


Click Enable Auth Traffic Control. A new window appears.
User-added image


Click Enable Traffic Decoupling to confirm. The page navigates to the Auth server page that displays the options to configure the AAA traffic interfaces.
User-added image


Select Global Setting to use same interface across all supported authentication servers or select Auth Server Level to select the interface for the LDAP server for the AAA traffic.
User-added image


 

Note: For 9.0R2 and previous releases, enable the Send AAA Traffic via Management Port to send AAA traffic through management port. From 9.0R3 release, this option is enhanced and modified. For more information see, AAA Traffic Management. Please refer 9.0R3 What's New Document for more information

 

 

Related Links
Attachment 1 
Created ByJayanth Chettidurai

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255