This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with Auth. server

Hi,

I´ve a UTM 125 and two AD servers and I´d like to integrate this device with de AD

I tried to configure  like that:

DN : CN=ldap user,OU=Administrador,DC=xxxx,DC=NET but with those parameters,

Server exists and accepts connections, but  bind to xxxxxxx  failed with this BIND  and Password

Any idea?

Regards and thanks



This thread was automatically locked due to age.
Parents
  • Hi,

    Beside using full LDAP path (as stated in Help), you can also use username@domain.com format (I personally always use that one in my UTM implementations).

    Scott, user doesn't have to be Domain Admin it can be simple Domain User, and Base DN should be blank, unless all of the user accounts are buried somewhere deep in the organization units structure.

Reply
  • Hi,

    Beside using full LDAP path (as stated in Help), you can also use username@domain.com format (I personally always use that one in my UTM implementations).

    Scott, user doesn't have to be Domain Admin it can be simple Domain User, and Base DN should be blank, unless all of the user accounts are buried somewhere deep in the organization units structure.

Children
  • Hi,

    I tried both.. user@domain.net and ldapuser (without spaces) and domain right and same result... Server exists and accepts connections, but bind to xxxxxxx failed with this BIND and Password
  • The BIND DN user SHOULD be a domain administrator!

    For accounts created using Server 2003, this is not necessary.   With Server 2008 or 2008 R2, there was a permission change, and accounts created on those servers are locked down more tightly.   Your BIND will work, but when you query one of these newer users, your group membership list will be empty.

    I don't know why your BIND is not working.   Mine is configured using LDAP syntax for the BIND DN.   It connected easily when I set it up several years ago, and continues to work.  

    Next steps:

    • There is an LDP.EXE tool in the Server 2003 resource kit, and possibly elsewhere.   Verify that you can connect with that user outside of UTM.
    • Check the AD Server event log for login failures
    • Call Sophos Support.