Re: LDAP Kerberos Bind Error in Trace

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Al Mulnick (amulnick_No_SPAM_at_ncDOTrr.com)
Date: 08/17/04 

Date: Mon, 16 Aug 2004 20:39:28 -0400

Looks like a timeout.

Can you tell us what else is going on in the transaction?
You may want to actually check out the event logs for this one using audit
logging for security events, notable the successful/failure of logon, and
then for the LDAP diagnostics via the NTDS registry key. That may give you
some idea of what is going on.

Basically,
1) make sure you are actually binding as a client via kerberos
2) find out what the LDAP query is and why it's failing

Theory? It's possible that you are binding correctly, but that the query is
timing out. Could also be that you're not bound properly and the LDAP error
is just a symtpom.

Al

"Walsh" <walshmj@us.ibm.com> wrote in message
news:72a401c483cd$7bacc0f0$a401280a@phx.gbl...
> Hi, I am do Kerberos Bind to a Active Directory and then
> doing a search via a z/OS IBM client. I get the results
> back immediately but then the server seems to hand and the
> socket to the client is eventually closed. We turned on
> Active Directory Server trace on to capture some
> information and possibly debug this. I was not really
> sure what to make of the error messages or the associated
> return codes returned. I was wondering if someone could
> please give me some insight as to what these return codes
> and error messages could mean. Here are the error messages
> we found in the trace: "NTDS LDAP Warning LDAP
> Interface 1216 N/A KERB2000 The LDAP
> server closed a socket to a client because of an
> error condition, 995. (Internal ID c06028b::163470)."
>
> "NTDS LDAP Information LDAP Interface 1317 N/A
> KERB2000 The server has disconnected the
> LDAP connection from
> 9.12.20.157 due to timeout."
>
> Thank you in advance,
> Walsh

Relevant Pages

  • SUMMARY: How to authenticate a RHEL client to SunOne 5.2 Directory Server anybody done this???
    ... I got it working by running authconfig on the Linux client and selecting ... LDAP for the authentication. ... Is there anything on the LDAP server I should check?? ... # SSL enabled. ...
    (SunManagers)
  • Re: Antw: Re: LDAP Authentication Problem
    ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
    (de.comp.sys.novell)
  • Re: Kerberized authorization service
    ... whereas the LDAP solution is already what they do. ... the mail server could have an shell group with one ... that the authorization decision is no longer truly centralized. ... Kerberized conduit for passing the data from the client to some backend ...
    (comp.protocols.kerberos)
  • Re: Kerberized authorization service
    ... whereas the LDAP solution is already what they do. ... the mail server could have an shell group with one ... While this could no doubt be made to work, it would tie the authorization ... This client and server could conceivably be created ...
    (comp.protocols.kerberos)
  • Re: Directory Server LDAP/LDIF import - working yet not working???
    ... >> changes the ldap schema AND changes some of you existing ldap objects, ... The default install of DS 5.2 is plain jane LDAP server. ... >> and all your client machines, and set it to something reasonable. ... >> impossible to use the native Solaris 9 ldap client without it set) ...
    (comp.unix.solaris)