Re: LDAP Lookup failure
- From: "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jul 2005 17:30:26 +0100
Hi Al
Thanks for your reply.
I thought that was incorrect as well, I think this must be incorrect logging
output.
I have failure auditing on on the DC policy, but no entries appear from the
iGate appliance. Unfortunately I have no other options for authentication,
other than installing a Radius server, which is something I do not want to
be doing.
Mark
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:utxmFqUiFHA.2156@xxxxxxxxxxxxxxxxxxxxxxx
> You verified that it can connect to the AD controller via TCP 389?
> Did you enable failure audits on the DC and check the logs? What'd you
> see there?
>
> Simple bind for a security appliance?
>
> If you're first log line is correct, then the format is incorrect. That
> should be confirmed in the security event logs of the DC if you have logon
> failure audits enabled. mark@server isn't the way it should look, but
> rather it should be cn=mark,cn=users,dc=domain,dc=com
>
> That would be bad because then you would never be able to move the user
> objects in AD: a natural way to manage your AD.
>
> If you have other options for authentication, now would be a good time to
> explore them. I saw their web site for support and it basically is
> horrible if you want to find information. Hopefully their documentation
> that comes with is better.
>
> Al
>
>
> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:e%23Qv89TiFHA.3336@xxxxxxxxxxxxxxxxxxxxxxx
>> It is an iGate SSL VPN appliance, which needs to retrieve auth data from
>> the AD, to allow external users access through the VPN tunnel.
>>
>> Error log extract:
>>
>> [Fri Jul 8 17:08:34 2005] LDAP_INFO: Perform simple authentication for
>> mark@server
>> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap_simple_bind_s: Can't contact
>> LDAP server
>> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap bind error
>>
>> ## end ##
>>
>> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
>> news:O%236qC2TiFHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
>>> Mark, what's the application?
>>> A lot of times, if you turn up the audit logging for failed logon
>>> attempts, it's really helpful in determining what credentials are being
>>> passed to the server by the application. You can often narrow it down
>>> pretty quickly that way.
>>>
>>> Al
>>>
>>>
>>> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:%23QBBcMSiFHA.1412@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Hi,
>>>>
>>>> I am not hugely experienced in AD matters, and have had some trouble
>>>> with an application that needs to authenticate against my AD on
>>>> SBS2003.
>>>>
>>>> On the software I am getting communication and bind errors, when doing
>>>> the lookup. It is a very strange situation, as it works for a while,
>>>> and then with no changes will stop and give the communication and bind
>>>> errors.
>>>>
>>>> I have also tried using the LDAP browser application, and cannot get
>>>> this to work.
>>>>
>>>> The following settings were used:
>>>>
>>>> Host: server.domain.local
>>>> Port 389
>>>> Version 3
>>>>
>>>> (I can fetch DN's succesfully)
>>>>
>>>> Turned off anonymous bind (should this work with anon?)
>>>>
>>>> User DN: cn=%username%
>>>> Password: %correct password for user%
>>>>
>>>> Thanks for any help advice you can give.
>>>>
>>>> Mark
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: LDAP Lookup failure
- From: Al Mulnick
- Re: LDAP Lookup failure
- References:
- LDAP Lookup failure
- From: Mark
- Re: LDAP Lookup failure
- From: Al Mulnick
- Re: LDAP Lookup failure
- From: Mark
- Re: LDAP Lookup failure
- From: Al Mulnick
- LDAP Lookup failure
- Prev by Date: Re: Cannot set permission for Local Group
- Next by Date: User profiles in AD domain
- Previous by thread: Re: LDAP Lookup failure
- Next by thread: Re: LDAP Lookup failure
- Index(es):
Relevant Pages
|
