Issue
When an Active Directory authentication server is configured on the Firebox, authentications fail with a log message such as:
Line 488: Jan 9 15:26:09 2025 T25 example.warn admd[2929]: msg_id="1100-0005" Authentication of Firewall user [test@example.local] from console was rejected, search binding error, check your searching username or password
Workaround/Solution
This issue might occur when LDAP client encryption is enabled in your default domain policy. This is enabled by default in Windows Server 2025.
To disable LDAP client encryption:
On the Windows Server, open Group Policy Management Editor.Go to Default Domain Controller Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.Set Domain controller: LDAP server channel binding token requirements to When Supported.Set Domain controller: LDAP server signing requirements to None.Set Domain controller: LDAP server enforce signing requirements to Disabled.Set Network Security: LDAP client encryption requirements to Negotiate Sealing.Set Network security: LDAP client signing requirements to Negotiate Signing.
Note: After a successful authentication, you can reverse these settings.
