DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2950 - LDAP Auth

More
30 May 2009 11:20 #56116 by louis-m
2950 - LDAP Auth was created by louis-m
fw. 3.2.4 now has LDAP authentication for users.

question is......
how does it work for a win2k3+ domain? you need to have a authenticated user to query AD.
and guess what? there's no fields in the 2950 to specify the account to be used. a wireshark tap shows the router failing with invalid credentials.

2820 = 3.3.2_RC5
2950 = 3.2.4

Please Log in or Create an account to join the conversation.

More
30 May 2009 12:58 #56119 by louis-m
Replied by louis-m on topic 2950 - LDAP Auth
ooooh look..... my 1000th post wahey!

right.... looking at the above. i've enable anomynous ldap requests via adsi edit for my win2k3 server.
i've now got a bind=sucess but still no joy. the router ain't letting me in even though windows is telling it to.
giving up for the day now.

2820 = 3.3.2_RC5
2950 = 3.2.4

Please Log in or Create an account to join the conversation.

More
30 May 2009 13:39 #56120 by rmccardal
Replied by rmccardal on topic 2950 - LDAP Auth
best way! get out in the sun!!!

I shall take a look at this on Monday too.

Please Log in or Create an account to join the conversation.

More
31 May 2009 11:16 #56126 by louis-m
Replied by louis-m on topic 2950 - LDAP Auth
just to let you know what i did.....

adsi to allow anonymous requests otherwise it won't work.
dsquery user to confirm correct user & ou.

in router:

Common Name Identifier = CN
Distinguished Name = OU=myou,DC=mydomain,DC=local

set user in router as case sensitive username from correct ou and set auth as LDAP in profile.

wireshark sees:
correct user/pass as bind = sucessful
wrong user/pass = invalid credentials

so the router is passing ldap and getting responses

2820 = 3.3.2_RC5
2950 = 3.2.4

Please Log in or Create an account to join the conversation.

More
30 Apr 2010 11:00 #61840 by vp6er
Replied by vp6er on topic LDAP / AD Authetication
Hi Folks,

Did anyone ever get to the bottom of the issue regarding authenticating against an AD domain?

I have a 2955 which I'm trying to setup LDAP authentication and I'm receiving the following error on the AD side:

LDAPMessage bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece)

Apparently the '525' error relates to user not found. I've tried all sort of additional OU info in the base Dn on the 2955 with no success.

Running out of ideas now (I did try the ldapedit hack mentioned on this thread) - can anyone offer further suggestions?

All advice greatly appreciated.

VP6er

Please Log in or Create an account to join the conversation.

More
14 Jul 2010 14:39 #62860 by chrisbell
Replied by chrisbell on topic 2950 - LDAP Auth
Did anyone ever get to the bottom of this ?

Might have to log it with support.

I can't get anything out of it on 2003 server.

Chris

Please Log in or Create an account to join the conversation.

Moderators: Sami