Reset Search



KB44557 - External Duo LDAP Server not Reachable

« Go Back


Last Modified Date9/2/2020 4:40 PM

External Duo LDAP Server not Reachable

This article describes an issue where Duo LDAP server is not reachable when the the LDAP traffic is trying to reach it via the Internal interface.

Problem or Goal
Behavior:  Users can ping the external (DUO) server from the PSA but will be unable to connect to it.

User Access Logs:
Minor AUT23391 2020-05-05 11:08:07 - ive - [] user1(Realm)[role] -

Could not connect to LDAP server 'Duo-LDAP': Failed binding to admin DN: [81] Can't contact LDAP server: api-xxxxx:636

This happens when the internal interface does not have internet connectivity or reachability to the Duo LDAP server.

To enable Auth traffic control and set the Interface which has internet connectivity, follow the below steps:

On the Admin UI,  select Authentication > Auth Servers

User-added image

Click Enable Auth Traffic Control. A new window appears.
User-added image

Click Enable Traffic Decoupling to confirm. The page navigates to the Auth server page that displays the options to configure the AAA traffic interfaces.
User-added image

Select Global Setting to use same interface across all supported authentication servers or select Auth Server Level to select the interface for the LDAP server for the AAA traffic.
User-added image


Note: For 9.0R2 and previous releases, enable the Send AAA Traffic via Management Port to send AAA traffic through management port. From 9.0R3 release, this option is enhanced and modified. For more information see, AAA Traffic Management. Please refer 9.0R3 What's New Document for more information



Related Links
Attachment 1 
Created ByJayanth Chettidurai



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255