LDAP credentials error
We've been using the same credentials for LDAP since we got our KBox but now need to change them. We have a new AD account with the exact same permissions as the original but the KBox says the credentials are incorrect. The account is setup ok and behaves normally outside of the Kbox so I dont know why this is happening.
Oddly on the K1000 Settings Authentication page it says at the top Last Updated: May 11 2009 04:24pm
Test error:
Testing server connection to: 172.26.1.1 on Port: 389
OK Connection Successful.
OK Setting Protocol Version 3 Successful.
OK Setting LDAP REFERRALS Option 0 Successful.
Error Search Bind using LDAP supplied credentials Failed.
Error LDAP Test Failed. Closing connection.
Oddly on the K1000 Settings Authentication page it says at the top Last Updated: May 11 2009 04:24pm
Test error:
Testing server connection to: 172.26.1.1 on Port: 389
OK Connection Successful.
OK Setting Protocol Version 3 Successful.
OK Setting LDAP REFERRALS Option 0 Successful.
Error Search Bind using LDAP supplied credentials Failed.
Error LDAP Test Failed. Closing connection.
0 Comments
[ + ] Show comments
Answers (11)
Please log in to answer
Posted by:
airwolf
13 years ago
Posted by:
stubox
13 years ago
That would be useful! Thanks
Existing:
Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount1
Role: User
New:
Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount2
Role: User
In AD userAccount1 and userAccount2 are identical (apart from their names)
Existing:
Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount1
Role: User
New:
Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount2
Role: User
In AD userAccount1 and userAccount2 are identical (apart from their names)
Posted by:
GillySpy
13 years ago
Have you changed some information to protect the innocent here? The IP in your error message was 172.26.1.1 but the IP in the auth source is 192.168.1.1
Open the "LDAP Browser" on the K1000 and then see what search bases automatically come back. Click on the first one. Then proceed to step2 and get the details for the two users. Can you find both users? If so then use the search base the browser used. If not then something is likely different. Inactive?
Open the "LDAP Browser" on the K1000 and then see what search bases automatically come back. Click on the first one. Then proceed to step2 and get the details for the two users. Can you find both users? If so then use the search base the browser used. If not then something is likely different. Inactive?
Posted by:
stubox
13 years ago
Hi
Airwolf - yep rebooted the kbox but no difference, page still says last updated in 2009.
GillySpy - I have changed the address yes, the first 172 address was a fake as well.
The LDAP browser test for userAccount1 (the original account) reports:
Successfully connected to the server:
DC=ad,DC=woking,DC=gov,DC=uk
CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
CN=Schema,CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
DC=DomainDnsZones,DC=ad,DC=woking,DC=gov,DC=uk
DC=ForestDnsZones,DC=ad,DC=woking,DC=gov,DC=uk
The LDAP browser test for userAccount2 reports:
ERROR:Errno49 Invalid credentials
I've noticed that any account details I enter in on the LDAP browser page (except for userAccount1) returns Errno49. It also doesn't accept new accounts within the User Import pages (where you can set the LDAP criteria for scheduled user account imports).
Very odd, I've had other people check the AD accounts to make sure I'm not missing something really obvious.
Airwolf - yep rebooted the kbox but no difference, page still says last updated in 2009.
GillySpy - I have changed the address yes, the first 172 address was a fake as well.
The LDAP browser test for userAccount1 (the original account) reports:
DC=ad,DC=woking,DC=gov,DC=uk
CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
CN=Schema,CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
DC=DomainDnsZones,DC=ad,DC=woking,DC=gov,DC=uk
DC=ForestDnsZones,DC=ad,DC=woking,DC=gov,DC=uk
The LDAP browser test for userAccount2 reports:
I've noticed that any account details I enter in on the LDAP browser page (except for userAccount1) returns Errno49. It also doesn't accept new accounts within the User Import pages (where you can set the LDAP criteria for scheduled user account imports).
Very odd, I've had other people check the AD accounts to make sure I'm not missing something really obvious.
Posted by:
GillySpy
13 years ago
On step 1 enter the useraccount1 credentials no matter what and click on DC=ad,DC=woking,DC=gov,DC=uk
Step 2 is where you are going to have two different tests. One will be for samaccountname=useraccount1 and then a second test with samaccountname=useraccount2
If you find both make sure that:
your searchbase is DC=ad,DC=woking,DC=gov,DC=uk
Step 2 is where you are going to have two different tests. One will be for samaccountname=useraccount1 and then a second test with samaccountname=useraccount2
If you find both make sure that:
your searchbase is DC=ad,DC=woking,DC=gov,DC=uk
Posted by:
stubox
13 years ago
Posted by:
GillySpy
13 years ago
Posted by:
stubox
13 years ago
Posted by:
stubox
13 years ago
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.