Support Center > Search Results > SecureKnowledge Details
"User account expired" error on LDAP user authentication failure Technical Level
Symptoms
  • LDAP user fails to authenticate for RA VPN, receiving the "User account expired" error, although the user account has not expired.

  • When connecting with the user, the error message might show "User is expired" although neither the user nor the certificate are about to expire.
  • The vpnd.elg file shows:
    [vpnd PID ...]@Host[DATE TIME][CPLDAPSDK] ldap_get_values
    [vpnd PID ...]@Host[DATE TIME][CPLDAPCL] Creating Fw Attribute expiration_date From Ldap Attribute accountExpires
    [vpnd PID ...]@Host[DATE TIME][CPLDAPCL] The date string to check: 0
    [vpnd PID ...]@Host[DATE TIME][CPLDAPCL] Attribute check failed
    [vpnd PID ...]@Host[DATE TIME][CPLDAPCL] Check Method Failed For Fw Attribute expiration_date
Cause

There are two different values that mean "Account never expires" on Microsoft Active Directory.

  • 1. 0x7FFFFFFFFFFFFFFF (9223372036854775807)
  • 2. 0
If the Gateway receives the second value, it will be ignored and the value from the user template on SmartConsole will be taken. If the expiration date on the template has passed, the user will get the error.
Solution
Note: To view this solution you need to Sign In .