Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I check/test LDAP Setting on Windows Server 2003

Posted on 2010-08-20
8
Medium Priority
?
1,003 Views
Last Modified: 2013-12-24
We just installed a new SonicWall (TZ100) that we would like to integrate with our Active Directory on Windows Server 2003.

I have been following through the SonicWall Documentation, but I keep running into a connection issue.

Is there a way to check/test the LDAP setting on my Windows Server 2003 so that I can see what it is looking for an excepting?
0
Comment
Question by:AutomatedIT
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33485136
You want to communicate directly with LDAP on your domain controller?  
From your command prompt:
ldp <name.of.DC>
0
 
LVL 17

Accepted Solution

by:
Jimmy Larsson, CISSP, CEH earned 2000 total points
ID: 33485204
I recommend you using a freeware ldap browser (try any of the 5 first hits for "free ldap browser" on google) before trying to configure your sonicwall. It will come more clear to you about the syntax of ldap settings if you first succeed in connecting with a standalone browser.

In general when you talk ldap to a windows server you need these settings:

username: cn=administrator,ou=users (or similar. Specify username and the containter where this user is)
password: password
Use secure ldap.

When you managed to contact the AD with your ldap browser it will be much easier for you to configure ldap-settings in your firewall.

Good luck!

As a reference, here is how I configure my Cisco ASA to authenticate users in AD over LDAP at home:

aaa-server LDAP protocol ldap
aaa-server LDAP (outside) host 192.168.1.51
ldap-base-dn CN=Users,DC=kvistofta,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=admin,CN=Users,DC=kvistofta,DC=local
server-type microsoft

/Kvistofta
0
 
LVL 1

Author Comment

by:AutomatedIT
ID: 33485921
Okay,  I have narrowed down my issue.  

It is not accepting the Administrator credentials for LDAP.  I tested on another network using the administrator credentials and it worked fine.  Guess that the administrator permissions have been specifically changed somehow.

Question:  I would like to setup an AD account to be solely used for LDAP communication.  How to I assign the appropriate permissions?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 3

Expert Comment

by:superggg
ID: 33485935
0
 
LVL 1

Expert Comment

by:smtwkla
ID: 33486029
What exactly is the message you get from your firewall when you test the connection? Did you try connecting with some other user name?

Remember you must use the user's full name and not the logon username. Make sure that the administrator account you are trying to use is in the OU you expect. There is a setting "User tree for login to server" in the Directory tab of the LDAP config. Make sure you got it right.

What is the exact message you are getting?
0
 
LVL 1

Author Comment

by:AutomatedIT
ID: 33486218
Error 49: Invalid Credentials
0
 
LVL 17

Expert Comment

by:Jimmy Larsson, CISSP, CEH
ID: 33486337
The problem is probably NOT the password but instead the way you specify the username. You cannot just say "administrator" but must use an X500-format, like in my example above: "CN=admin,CN=Users,DC=kvistofta,DC=local".

/Kvistofta
0
 
LVL 1

Expert Comment

by:smtwkla
ID: 33486865
As Kvistofta says, It is not due to the password being wrong. It is due to the way you specify the credentials. Please read the sonicwall LDAP integration guide http://www.sonicwall.com/downloads/LDAP_Integration_Feature_Module.pdf
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question