LDAP authentication for SonicWALL VPN

I'm trying to configure my SonicWALL to allow LDAP authentication for VPN users. I've done this before with another device, and I remember it being pretty simple. But I can't get it to work this time for the life of me.

When I enable "LDAP + Local Users" mode, enter the LDAP server information and AD group names, I constantly get either "LDAP authentication failed" or "Credentials not valid at LDAP server" errors. I've tried all different permutations of settings that make sense to me, with the same results. SonicWALL support is absolutely no help so far. I've followed their manual's instructions to a T, with no solution.

Has anyone here had this same situation? I feel like I'm missing a setting somewhere...


It may be small comfort, but it’s working for us. The server is Windows Server 2003 R2 and the SonicWALL has SonicOS Enhanced 4.2.0.1-12e.

Here are the settings:

  • Authentication method for login: LDAP + Local Users
  • LDAP Server tab:
    • Chose “Give bind distinguished name”
    • Bind distinguished name: [email protected] (a user we created to allow the SonicWALL to read LDAP)
    • Use TLS (SSL) checked
      • Send LDAP ‘Start TLS’ request: checked
      • Require valid certificate from server: unchecked (we use a self-signed cert)
      • Local certificate for TLS: None
  • Did not configure RADIUS as a fallback.

Now, before your logins will work you have to go to the Directory tab and click “Auto-configure.” If auto-configure fails, make sure the SonicWALL’s LDAP username and password (e.g. [email protected]) is correct.

After doing auto-configure make sure “Trees containing user groups:” includes the section of your AD tree that has the users who will be logging in. Once you do that, on the “Test” tab you should be able to test with:

  • User: username (Note:**AD domain name should **not be included in the username because the SonicWALL will search the user contexts that were specified on the Directory tab).
  • Password: (their password)