When using LDAP connection to import the external identity source(user names) in Deepnet Authentication Server, you must specify the correct user DN string and its password in order to connect LDAP server successfully. Otherwise you will get some errors like "AcceptSecurityContext error, data 525(or 52e etc)".
I often use two utilities to confirm the user DN string, dsquery and ADSIEdit.
Dsquery is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use dsquery, you must run the dsquery command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. On Windows 2003, you may need to install Support Tools on the domain controller to use dsquery.
Here is an example. the command "dsquery user" is executed on domain controller.
C:\>dsquery user
"CN=Administrator,CN=Users,DC=nanoart,DC=local"
"CN=Guest,CN=Users,DC=nanoart,DC=local"
"CN=SUPPORT_388945a0,CN=Users,DC=nanoart,DC=local"
"CN=krbtgt,CN=Users,DC=nanoart,DC=local"
Alternatively, we can use ADSIEdit. I prefer to run it on domain controller as well, although it can run on another machine, but you must know how to login.
References
LDAP Troubleshooting
Common Active Directory LDAP bind errors
No comments:
Post a Comment