Re: Unable to bind with new ADAM accounts
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/24/04
- Next message: Paul Nelson: "Re: openldap and Active directory integration"
- Previous message: Dave Slinn: "Re: Determining how and why an object was updated."
- In reply to: Everest25: "Re: Unable to bind with new ADAM accounts"
- Next in thread: Lee Flight: "Re: Unable to bind with new ADAM accounts"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 09:52:17 -0600
There are a couple of things I can think of:
- You must use simple bind in ADSI/S.DS for ADAM users (don't use the
SECURE_AUTHENTICATION flag)
- Your user name must be a valid distinguished name for the ADAM user or
the UPN for the ADAM user IF you set it
- The password must be right (obviously)
- The account must not be disabled (which you already checked)
I'd try testing this out with ldp.exe to see if you can get it to work
there. Make sure you uncheck the "domain" box so that secure authentication
is not used like Lee said. Also, can you show us what the user name syntax
you are using is and what the DN and UPN of the user in question are?
Joe K.
"Everest25" <Everest25@discussions.microsoft.com> wrote in message
news:CC8CFCE1-7FD7-4705-B01A-102734AA0F8E@microsoft.com...
> We've checked the msDS-UserAccount Disabled attribute and it is FALSE.
> These machines are not in a domain so they are using the local password
> policy, which we've checked and they are good. We've been using command
> line
> utility ldapsearch.exe to check authentication, which we get the error
> invalid credentials.
>
> Everest25
>
> "Lee Flight" wrote:
>
>> If the account is a native ADAM user then a likely cause is that the
>> msDS-UserAccountDisabled attribute on the user is set to TRUE, it needs
>> to be set to FALSE for the account to be able to authenticate. If you are
>> running under W2K3, you will need to make sure that any passwords you
>> set satisfy the local machine or domain password complexity for the W2K3
>> server for the account to be created as enabled.
>>
>> You do not say how you are attempting to bind, recall that for the simple
>> bind of a native ADAM user the username must be the distinguishedName
>> of the user object (or the UPN if you have set one). You can check
>> binding
>> with ldp.exe:
>>
>> Connection menu -> Connect (specify your ADAM server and port)
>> Connection menu -> Bind (user: <distinguishedName of user>,Password (as
>> set), clear the Domain check box)
>>
>> Hope this helps
>> Lee Flight
>>
>> "Everest25" <Everest25@discussions.microsoft.com> wrote in message
>> news:7E55DB2A-6C0B-4D5B-BE0E-2C5F0DB06C25@microsoft.com...
>> > Recently we've noticed that whenever we create a new ADAM account and
>> > then
>> > try to bind to a ADAM instance that we get an error saying invalid
>> > credentials. We've checked all of the normal things (password,
>> > groups...etc.). Does anyone have any ideas what could be causing this?
>>
>>
>>
- Next message: Paul Nelson: "Re: openldap and Active directory integration"
- Previous message: Dave Slinn: "Re: Determining how and why an object was updated."
- In reply to: Everest25: "Re: Unable to bind with new ADAM accounts"
- Next in thread: Lee Flight: "Re: Unable to bind with new ADAM accounts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
