Re: LDAP Lookup failure

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

You verified that it can connect to the AD controller via TCP 389?
Did you enable failure audits on the DC and check the logs? What'd you see
there?

Simple bind for a security appliance?

If you're first log line is correct, then the format is incorrect. That
should be confirmed in the security event logs of the DC if you have logon
failure audits enabled. mark@server isn't the way it should look, but rather
it should be cn=mark,cn=users,dc=domain,dc=com

That would be bad because then you would never be able to move the user
objects in AD: a natural way to manage your AD.

If you have other options for authentication, now would be a good time to
explore them. I saw their web site for support and it basically is horrible
if you want to find information. Hopefully their documentation that comes
with is better.

Al


"Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:e%23Qv89TiFHA.3336@xxxxxxxxxxxxxxxxxxxxxxx
> It is an iGate SSL VPN appliance, which needs to retrieve auth data from
> the AD, to allow external users access through the VPN tunnel.
>
> Error log extract:
>
> [Fri Jul 8 17:08:34 2005] LDAP_INFO: Perform simple authentication for
> mark@server
> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap_simple_bind_s: Can't contact
> LDAP server
> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap bind error
>
> ## end ##
>
> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
> news:O%236qC2TiFHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
>> Mark, what's the application?
>> A lot of times, if you turn up the audit logging for failed logon
>> attempts, it's really helpful in determining what credentials are being
>> passed to the server by the application. You can often narrow it down
>> pretty quickly that way.
>>
>> Al
>>
>>
>> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%23QBBcMSiFHA.1412@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi,
>>>
>>> I am not hugely experienced in AD matters, and have had some trouble
>>> with an application that needs to authenticate against my AD on SBS2003.
>>>
>>> On the software I am getting communication and bind errors, when doing
>>> the lookup. It is a very strange situation, as it works for a while, and
>>> then with no changes will stop and give the communication and bind
>>> errors.
>>>
>>> I have also tried using the LDAP browser application, and cannot get
>>> this to work.
>>>
>>> The following settings were used:
>>>
>>> Host: server.domain.local
>>> Port 389
>>> Version 3
>>>
>>> (I can fetch DN's succesfully)
>>>
>>> Turned off anonymous bind (should this work with anon?)
>>>
>>> User DN: cn=%username%
>>> Password: %correct password for user%
>>>
>>> Thanks for any help advice you can give.
>>>
>>> Mark
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Attacks against SSH?
    ... It would be interesting to know what version of BIND and SSH he was ... If he was running the latest versions of BIND and OpenSSH that RedHat ... I saw several things in the logs which gave me the ... Did you restart sshd after upggrading it? ...
    (Incidents)
  • [SLE] BIND
    ... i know this is a bind question but i was hoping that i could get a hint ... as we all know bind logs events in its own log file under/var/log (when ... my question is that when it logs client queries, ...
    (SuSE)
  • Re: Turning off auditing for Windows Firewall on XP SP2
    ... logs are full of these failure audits due to apps listening. ... > The logs you are speaking of are not controlled by Windows firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • HEADS UP: BIND 9 imported, and working!
    ... BIND 9.3.0-REL has been imported into the base to replace BIND 8. ... it, so check the logs. ... I'd also like to thank Rober Watson and Peter Wemm for their advice and ... hard enough to admit that I needed help with this. ...
    (freebsd-current)