If the authentication pop-up is triggered but the credentials don't work, it indicates that there may be an issue with the LDAP configuration or the credentials being used. This article details some steps to troubleshoot and resolve this issue.

SG/ISG-Proxy

Troubleshooting Steps:

Verify Bind DN and Password

• Ensure the Bind DN and password entered in the ProxySG configuration are correct and have sufficient permissions to search the LDAP directory.

• Format: cn=admin,cn=users,dc=<hostname_dc>,dc=com

Check LDAP Server Connectivity

• Ensure the ProxySG can communicate with the LDAP server. Check for network issues or firewall settings that might be blocking access.

• Use the "Test Connection" feature in the ProxySG LDAP settings to verify connectivity.

Review User Search Base and Filter

• Confirm the Base DN and User Search Filter settings are correctly configured to locate users in the LDAP directory.

• Example settings:
  • Base DN: dc=<hostname_dc>,dc=com
  • User Search Filter: (uid=%s) or (cn=%s)

Validate User Credentials

• Ensure the credentials being entered in the authentication pop-up are valid and exist in the LDAP directory.

• Use an LDAP browser tool to manually search for the user and verify the credentials.

Check LDAP Attributes

• Ensure the LDAP attributes used in the search filter match the attributes in your LDAP directory schema.

• For example, if using uid, make sure this attribute exists and is populated for all users.

Enable LDAP Debugging

• Enable LDAP debugging on the ProxySG to gather detailed logs about the authentication process. This can provide insights into where the process is failing.

Example LDAP Configuration on ProxySG

• LDAP Server: ldap.<hostname_dc>.com
• Port: 389 (or 636 for LDAPS)
• Bind DN: cn=admin,cn=users,dc=<hostname_dc>,dc=com
• Bind Password: password
• Base DN: dc=<hostname_dc>,dc=com
• User Search Filter: (uid=%s)

Testing and Verification

Test Connection:

• Use the test feature in the ProxySG LDAP settings to ensure it can successfully bind to the LDAP server with the provided credentials.

Test User Authentication:

• Attempt to authenticate with known valid credentials to ensure that the settings are correctly applied and functioning.

If these steps don't resolve the issue, consider consulting the ProxySG logs for more detailed error messages. This will include turning on the

auth debug log: (https://knowledge.broadcom.com/external/article/166436/collecting-authentication-debug-log.html)

PCAP (with the LDAP ports referenced in the PCAP filter): https://knowledge.broadcom.com/external/article/167108/using-packet-capture-for-proxysg-and-adv.html; https://knowledge.broadcom.com/external/article/167176/common-pcap-filters-used-on-a-edge-swg-p.html; 

entire eventlog: https://<proxy_ip_address>:8082/eventlog/statistics. Click on the "Download' button, to download the entire eventlog.

sysinfo file: https://knowledge.broadcom.com/external/article/166686/download-diagnostic-logs-manually-from-e.html