[IAG] AD domain user synchronization failed–StrongAuthRequired is required (strong authentication binding is required)

Problem Description

IAG12.0.R5, domain user synchronization failed.

Process——

1: Test the domain server connectivity, including ping and telnet domain IP 389;
2: Test effectiveness is as follows:

908115b82ac6a68427.png (41.74 KB)
3: [System Management] – [System Diagnosis] – [Capture Tool], conditionally capture the data packets of the domain server IP, and the captured packets are analyzed as follows:

165925b82ace87b689.png (482.99 KB)

4: The domain server does not support ordinary simple bind connection, but requires StrongAuthRequired (strong authentication binding). This means that other software such as ldap browser cannot complete the connection. Our IAG cannot support this authentication method for the time being, and the customer adjusts the domain server to solve the problem.

Root cause

The domain server does not support ordinary simple bind connection, but requires StrongAuthRequired (strong authentication binding), and the connection cannot be completed. Our IAG cannot support this authentication method for the time being.

solution

To remove strong authentication, you can set "Domain Controller: LDAP Server Signature Requirements" to "Not Defined" in the group policy of the authenticated user, as shown below: Then execute "gpupdate /force" to force the update of the group policy.

413455b82ad650e64c.png (437.56 KB)

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6386&isOpen=true