DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Active directory connection

  • jamescodefour
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
28 Apr 2017 17:48 #1 by jamescodefour
Active directory connection was created by jamescodefour
Hi, I am trying to get a 2860 to talk to our Win 2012 Active Directory. I cant for the life of me get it to communicate.

can someone advice what I should put in the BASE DN, and GROUP DN fields?

I've entered the IP of the server, the port is set to 389, common name identifier is set to CN but I'm really not sure what I should put it the base and group DN fields.

I have tried dc=domain,dc=local (where domain is our domain name)

Please Log in or Create an account to join the conversation.

  • gilbad
  • User
  • User
More
28 Apr 2017 22:17 #2 by gilbad
Replied by gilbad on topic Re: Active directory connection
*Edited as I think I missed the question*

Hi,

What bind mode are you using?

With simple binding:

If my domain is actdir.adam.com

My users are in Users (ou) under the domain.

The cn field would just be cn
The DN field would be cn=Users,dc=actdir,dc=adam,dc=com

Sorry it's short - on iPhone and it keeps trying to correct me. If your setup is a bit more fruity or you require regular/auth - reply with the structure and I'll have a stab at giving you the regular dn field.... I'm sure someone will correct me if I get it wrong!

Cheers
Adam

Please Log in or Create an account to join the conversation.

  • jamescodefour
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
29 Apr 2017 08:59 #3 by jamescodefour
Replied by jamescodefour on topic Re: Active directory connection
thanks Adam,

I've entered the following (my domain is james.local)

cn=users,dc=james,dc=local

I still get a connection error - Can't contact LDAP server(10.0.0.5:389)

Am i missing something fundamental?

Please Log in or Create an account to join the conversation.

  • gilbad
  • User
  • User
More
29 Apr 2017 21:11 #4 by gilbad
Replied by gilbad on topic Re: Active directory connection
Hi,

Not sure what the exclamation mark is prior to you server IP. Be worth checking its static/out of DHCP range unless bound, and that you can ping from the router. Pretty sure you've done this - but sometimes it's the simplest things :)

As a thought, as you're not using ssl; on your 2012 box look for the policy 'Domain controller: LDAP server signing requirements' and make sure it's set to none, this will rule out quite a few issues.

Is this a new/lab setup or is it a proven ad environment?

Cheers
Adam

Please Log in or Create an account to join the conversation.

  • jamescodefour
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Apr 2017 08:43 #5 by jamescodefour
Replied by jamescodefour on topic Re: Active directory connection
Hi, signing is set to None.

If I apply the settings the exclamation mark goes and the profile applies, yet when I click the preview button it shows as cant connect to that IP

I can ping the IP from the router and its 100% the IP of the server. I have tested trying to connect using domain creds and it fails. Local creds work just fine

Please Log in or Create an account to join the conversation.

  • jamescodefour
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
30 Apr 2017 08:57 #6 by jamescodefour
Replied by jamescodefour on topic Re: Active directory connection
update, now when I click preview I get a blank view - trying to connect using domain creds fails still

Please Log in or Create an account to join the conversation.