Solved

ldap bind problem windows 2008 enteprise

Posted on 2011-02-15
7
741 Views
Last Modified: 2012-05-11
I have a customer that is having issues with ldap binding. I've installed ldap server admistrator and binding using the "current login account active directory only" works fine. If you try to manually create the login info using info from dsquery and the same domain admin account it fails saying something about must have a authorized binding. On a closer look it looks like the bind passed but it fails on the search. I ran portqry and 389 is listening on tcp but not on udp. I've turned on the windows firewall and was running the ldap test locally to the server. We got started on this trying to get LDAP to work on a set of ASA's. TAC spent 2hrs on it and couldn't figure anything out. They have two DC's in their parent domain and many child domains. DCDIAG looks clean.
0
Comment
Question by:bciengineer
  • 5
7 Comments
 
LVL 20

Expert Comment

by:brwwiggins
ID: 34909068
what is the LDAP query or search you are tying to perform?
0
 

Author Comment

by:bciengineer
ID: 34909151
using the ldapadministrator tool. Maybe a search was a bad term to use. When you succesfully bind with that tool it reads through AD and shows all items. It works when I use the current login account and doesn't when I manually try to credit the login info using the same account I'm logged in as. I've tested the ldap tool on other customers servers and setup several ASA's to use LDAP for VPN config and have never had a problem. It's something with the setup.
0
 

Assisted Solution

by:bciengineer
bciengineer earned 0 total points
ID: 34966245
debug ldap 255 on the asa shows this. I can bind to ldap using dcdiag without problems and other devices aren't having issues with ldap binding,

[2127] Session Start
[2127] New request Session, context 0xca6bb348, reqType = Other
[2127] Fiber started
[2127] Creating LDAP context with uri=ldap://x.x.x.x
[2127] Connect to LDAP server: ldap://x.x.x.x, status = Successful
[2127] supportedLDAPVersion: value = 3
[2127] supportedLDAPVersion: value = 2
[2127] Binding as username
[2127] Performing Simple authentication for username to x.x.x.x
[2127] LDAP Search:
        Base DN = [DC=domainname,DC=local]
        Filter  = [sAMAccountName=username]
        Scope   = [SUBTREE]
[2127] Request for username returned code (1) Operations error
[2127] Fiber exit Tx=241 bytes Rx=653 bytes, status=-1
[2127] Session End
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Accepted Solution

by:
bciengineer earned 0 total points
ID: 35325974
I haven't posted back since there weren't any suggested solutions. We ended up opening a case with Microsoft and they changed some Kerberos settings  in the registry and the LDAP bind works now. Before that I could add the suggested registry keys here http://social.technet.microsoft.com/Forums/pl-PL/winserverDS/thread/40755056-45c8-480f-9337-fbe2f18c8c15  and the bind would work until the servers were rebooted and something would remove the registry keys. Microsoft never did figure that out. Even with all that in the ASA we had to create a config for Kerberos authentication then when configuring LDAP authentication check the SASL Kerberos authentication check box and specify the Kerberos Server Group we created.
0
 

Assisted Solution

by:bciengineer
bciengineer earned 0 total points
ID: 35326051
I just replied back and appologize for not following up. There were never any suggested solutions posted to this question. I've followed up with a new post and solution that may be helpfull to someone else if they ever come across this problem so you may not want to delete the question.
0
 

Author Closing Comment

by:bciengineer
ID: 35360860
I never got any suggested solutions from any of the experts here. After working on this for a month and finally opening a ticket with Microsoft we were able to resolve the issue.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question