Management, Networking, Logging and Reporting Problems with Auth. server

UTM Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 23 replies
Answers 2 answers
Subscribers 12 subscribers
Views 61538 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with Auth. server

Edgar_Quintana over 8 years ago

Hi,

I´ve a UTM 125 and two AD servers and I´d like to integrate this device with de AD

I tried to configure like that:

DN : CN=ldap user,OU=Administrador,DC=xxxx,DC=NET but with those parameters,

Server exists and accepts connections, but bind to xxxxxxx failed with this BIND and Password

Any idea?

Regards and thanks

This thread was automatically locked due to age.

Parents

0 vilic over 8 years ago

Hi,

Beside using full LDAP path (as stated in Help), you can also use username@domain.com format (I personally always use that one in my UTM implementations).

Scott, user doesn't have to be Domain Admin it can be simple Domain User, and Base DN should be blank, unless all of the user accounts are buried somewhere deep in the organization units structure.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 vilic over 8 years ago

Hi,

Beside using full LDAP path (as stated in Help), you can also use username@domain.com format (I personally always use that one in my UTM implementations).

Scott, user doesn't have to be Domain Admin it can be simple Domain User, and Base DN should be blank, unless all of the user accounts are buried somewhere deep in the organization units structure.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Edgar_Quintana over 8 years ago in reply to vilic

Hi,

I tried both.. user@domain.net and ldapuser (without spaces) and domain right and same result... Server exists and accepts connections, but bind to xxxxxxx failed with this BIND and Password
Cancel
Vote Up 0 Vote Down

Cancel
0 DouglasFoster over 6 years ago in reply to vilic
The BIND DN user SHOULD be a domain administrator!

For accounts created using Server 2003, this is not necessary. With Server 2008 or 2008 R2, there was a permission change, and accounts created on those servers are locked down more tightly. Your BIND will work, but when you query one of these newer users, your group membership list will be empty.

I don't know why your BIND is not working. Mine is configured using LDAP syntax for the BIND DN. It connected easily when I set it up several years ago, and continues to work.

Next steps:

There is an LDP.EXE tool in the Server 2003 resource kit, and possibly elsewhere. Verify that you can connect with that user outside of UTM.

Check the AD Server event log for login failures

Call Sophos Support.
Cancel
Vote Up 0 Vote Down

Cancel