[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid credentials (49)
Hi,
Le 23/09/2010 12:35, Claudio Martella a écrit :
Hello,
I have a windows 2008 server, serving users auth with AD. I have another
windows 2003 server, serving other users. I'm trying to access them
through openldap and an PHP application.
I can easly access my 2003 server with this command:
ldapsearch -x -D "cn=cm,cn=TIS,dc=TIS,dc=local" -W -H ldap://192.168.10.206
but when i try to access the 2008 server with the same command i get:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903AA, comment:
AcceptSecurityContext error, data 525, v1772
in this case my user is "cm" and he is in the "TIS" folder and i can
login from a windows client with user TIS\cm successfully. I've tried
also with -Z and -ZZ, in that case i get a service unavailable error.
Do you have any idea why this would happen?
This is a little off topic, but the "data nnn" codes for Active
Directory are (somewhat) documented here:
http://www-01.ibm.com/support/docview.wss?rs=688&uid=swg21290631
In this case, it appears you're encountering a "user not found" error.
Check that all the elements in the DN are correct (is it called "cn=cm"?
is the "folder" TIS named "cn=TIS"? is the context DN "dc=TIS,dc=local"?).
Also, another hint: I have found that AD accepts the format of
userPrincipalName as a bind DN, so you may get success with something like:
ldapsearch -x -D "cm@TIS.local" -W -H ldap://192.168.10.206
Hope this helps,
Jonathan
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone: +33 (0)1 83 62 26 96
------------------------------------------
Web: http://www.normation.com/
==========================================