Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

ldap bind problem windows 2008 enteprise

Posted on 2011-02-15
7
Medium Priority
?
748 Views
Last Modified: 2012-05-11
I have a customer that is having issues with ldap binding. I've installed ldap server admistrator and binding using the "current login account active directory only" works fine. If you try to manually create the login info using info from dsquery and the same domain admin account it fails saying something about must have a authorized binding. On a closer look it looks like the bind passed but it fails on the search. I ran portqry and 389 is listening on tcp but not on udp. I've turned on the windows firewall and was running the ldap test locally to the server. We got started on this trying to get LDAP to work on a set of ASA's. TAC spent 2hrs on it and couldn't figure anything out. They have two DC's in their parent domain and many child domains. DCDIAG looks clean.
0
Comment
Question by:bciengineer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 20

Expert Comment

by:brwwiggins
ID: 34909068
what is the LDAP query or search you are tying to perform?
0
 

Author Comment

by:bciengineer
ID: 34909151
using the ldapadministrator tool. Maybe a search was a bad term to use. When you succesfully bind with that tool it reads through AD and shows all items. It works when I use the current login account and doesn't when I manually try to credit the login info using the same account I'm logged in as. I've tested the ldap tool on other customers servers and setup several ASA's to use LDAP for VPN config and have never had a problem. It's something with the setup.
0
 

Assisted Solution

by:bciengineer
bciengineer earned 0 total points
ID: 34966245
debug ldap 255 on the asa shows this. I can bind to ldap using dcdiag without problems and other devices aren't having issues with ldap binding,

[2127] Session Start
[2127] New request Session, context 0xca6bb348, reqType = Other
[2127] Fiber started
[2127] Creating LDAP context with uri=ldap://x.x.x.x
[2127] Connect to LDAP server: ldap://x.x.x.x, status = Successful
[2127] supportedLDAPVersion: value = 3
[2127] supportedLDAPVersion: value = 2
[2127] Binding as username
[2127] Performing Simple authentication for username to x.x.x.x
[2127] LDAP Search:
        Base DN = [DC=domainname,DC=local]
        Filter  = [sAMAccountName=username]
        Scope   = [SUBTREE]
[2127] Request for username returned code (1) Operations error
[2127] Fiber exit Tx=241 bytes Rx=653 bytes, status=-1
[2127] Session End
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Accepted Solution

by:
bciengineer earned 0 total points
ID: 35325974
I haven't posted back since there weren't any suggested solutions. We ended up opening a case with Microsoft and they changed some Kerberos settings  in the registry and the LDAP bind works now. Before that I could add the suggested registry keys here http://social.technet.microsoft.com/Forums/pl-PL/winserverDS/thread/40755056-45c8-480f-9337-fbe2f18c8c15  and the bind would work until the servers were rebooted and something would remove the registry keys. Microsoft never did figure that out. Even with all that in the ASA we had to create a config for Kerberos authentication then when configuring LDAP authentication check the SASL Kerberos authentication check box and specify the Kerberos Server Group we created.
0
 

Assisted Solution

by:bciengineer
bciengineer earned 0 total points
ID: 35326051
I just replied back and appologize for not following up. There were never any suggested solutions posted to this question. I've followed up with a new post and solution that may be helpfull to someone else if they ever come across this problem so you may not want to delete the question.
0
 

Author Closing Comment

by:bciengineer
ID: 35360860
I never got any suggested solutions from any of the experts here. After working on this for a month and finally opening a ticket with Microsoft we were able to resolve the issue.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question