We've been using the same credentials for LDAP since we got our KBox but now need to change them. We have a new AD account with the exact same permissions as the original but the KBox says the credentials are incorrect. The account is setup ok and behaves normally outside of the Kbox so I dont know why this is happening.

Oddly on the K1000 Settings Authentication page it says at the top Last Updated: May 11 2009 04:24pm

Test error:

Testing server connection to: 172.26.1.1 on Port: 389
OK Connection Successful.
OK Setting Protocol Version 3 Successful.
OK Setting LDAP REFERRALS Option 0 Successful.
Error Search Bind using LDAP supplied credentials Failed.
Error LDAP Test Failed. Closing connection.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

1
Paste your LDAP configuration for the old account AND the new account. It's hard to troubleshoot without that info. I'm just guessing here, but I would imagine it's either an issue with the filter or the CN string for the username.

EDIT: Obviously, leave out passwords - we don't need those.
Answered 10/18/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
1
That would be useful! Thanks

Existing:

Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount1
Role: User

New:

Server Friendly Name: serverName
Server Hostname (or IP): 192.168.1.1
LDAP Port Number: 389
Search Base DN: DC=ad,DC=domain,DC=uk
Search Filter: (&(objectcategory=User)(samaccountname=KBOX_USER))
LDAP Login: userAccount2
Role: User

In AD userAccount1 and userAccount2 are identical (apart from their names)
Answered 10/19/2011 by: stubox
Blue Belt

Please log in to comment
1
Have you rebooted your KBOX since the change?
Answered 10/20/2011 by: airwolf
Tenth Degree Black Belt

Please log in to comment
1
Have you changed some information to protect the innocent here? The IP in your error message was 172.26.1.1 but the IP in the auth source is 192.168.1.1

Open the "LDAP Browser" on the K1000 and then see what search bases automatically come back. Click on the first one. Then proceed to step2 and get the details for the two users. Can you find both users? If so then use the search base the browser used. If not then something is likely different. Inactive?
Answered 10/23/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
1
Hi

Airwolf - yep rebooted the kbox but no difference, page still says last updated in 2009.
GillySpy - I have changed the address yes, the first 172 address was a fake as well.

The LDAP browser test for userAccount1 (the original account) reports:

Successfully connected to the server:
DC=ad,DC=woking,DC=gov,DC=uk
CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
CN=Schema,CN=Configuration,DC=ad,DC=woking,DC=gov,DC=uk
DC=DomainDnsZones,DC=ad,DC=woking,DC=gov,DC=uk
DC=ForestDnsZones,DC=ad,DC=woking,DC=gov,DC=uk

The LDAP browser test for userAccount2 reports:

ERROR:Errno49 Invalid credentials

I've noticed that any account details I enter in on the LDAP browser page (except for userAccount1) returns Errno49. It also doesn't accept new accounts within the User Import pages (where you can set the LDAP criteria for scheduled user account imports).

Very odd, I've had other people check the AD accounts to make sure I'm not missing something really obvious.
Answered 10/25/2011 by: stubox
Blue Belt

Please log in to comment
1
On step 1 enter the useraccount1 credentials no matter what and click on DC=ad,DC=woking,DC=gov,DC=uk

Step 2 is where you are going to have two different tests. One will be for samaccountname=useraccount1 and then a second test with samaccountname=useraccount2

If you find both make sure that:
your searchbase is DC=ad,DC=woking,DC=gov,DC=uk
Answered 10/25/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
1
Hi GillySpy

In step 2 the search is able to return results for both user accounts. I've checked and the searchbase is still DC=ad,DC=woking,DC=gov,DC=uk

So the Kbox can see both accounts
Answered 10/27/2011 by: stubox
Blue Belt

Please log in to comment
1
Ok the user exists so the given credentials are no good for that OU then. Could you try a separate 3rd party LDAP client?
Answered 10/27/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
1
I've tried using an LDAP query app called Softerra LDAP Browser 4.5 and I can connect and load the AD schema using both accounts. To clarify ad.woking.gov.uk is our domain name rather than a specific OU.
Answered 10/28/2011 by: stubox
Blue Belt

Please log in to comment
1
A 3rd party test can help a lot. I suggest a tech support ticket.
Answered 10/28/2011 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
1
Thanks GillySpy, I'll log a ticket and see what they say. I'll post back here.
Answered 10/31/2011 by: stubox
Blue Belt

Please log in to comment
Answer this question or Comment on this question for clarity