Trying to determine if LDAP over SSL is working using LDP.exe

-

hi,

i wanted confirm ldap on ssl working on our domain controller.  when connect using ldp.exe on windows 7 computer, following output:

ld = ldap_sslinit("dc1.domain.com", 636, 1);

error 0 = ldap_set_option(hldap, ldap_opt_protocol_version, 3);

error 0 = ldap_connect(hldap, null);

error 0 = ldap_get_option(hldap,ldap_opt_ssl,(void*)&lv);

host supports ssl, ssl cipher strength = 128 bits

established connection dc1.domain.com.

retrieving base dsa information...

getting 1 entries:

dn: (rootdse)

<unnecessary details>

it looks working, wasn't sure if error 0's mean there sort of problem.

also, when run simple bind credentials, following output:

res = ldap_simple_bind_s(ld, 'myuseraccount-at-domaindotcom', <unavailable>); // v.3

authenticated as: 'domain\myuseraccount'.

finally, when run bind logged on user (with encrypt traffic after bind checked), following output:

53 = ldap_set_option(ld, ldap_opt_encrypt, 1)

res = ldap_bind_s(ld, null, &ntauthidentity, negotiate (1158)); // v.3

{ntauthidentity: user='null'; pwd=<unavailable>; domain = 'null'}

authenticated as: 'domain\myuseraccount'.

i followed instructions found in microsoft article kb-321051 ldap on ssl working valid 3rd party certificate on 1 of our windows 2008 r2 domain controllers.  however, when test active directory authentication on our watchguard management server after importing the ca certificate, test fails.  in order use active directory authentication, ldaps (ldap on ssl) must enabled in active directory domain , not 100% sure enabled properly.

any advice or additional insight appreciated.

thanks!

  1. the cert should imported dcs "personal" certificate, not "trusted root certificates"
  2. windows should not need intermediate certificates, watchguard might (but doesn't seems problem atm)
  3. based on logs posted, seems dns problem, dns settings dose watch guard have internal interface? dose point dc(s)?

enfo zipper
christoffer andersson – principal advisor
http://blogs.chrisse.se - directory services blog



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more