Never try to use Administrator account for DIGEST-MD5

Subject: Never try to use Administrator account for DIGEST-MD5
Author: SteveHB
In response to: i am unable to connect to the AD 2003
Posted on: 02/06/2008 08:12:31 PM

What you were trying to do was to bind with your domain controler account 'Administrator' via DIGEST-MD5. It never works!

In AD, Administrator is a critical account and its security should not be compromised in any kind (for which to make DIGEST-MD5 work). That is why it is marked as 'isCritialSystemObject=TRUE'. Try to use a normal user account and see how it works for your enviornment settings.

Good luck,
Steve

>
> On 01/29/2008 01:39:01 AM kishore.jv wrote:

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); env.put( Context.PROVIDER_URL, "ldap://iemqdc:389"); env.put( Context.SECURITY_PRINCIPAL, userName ); env.put( Context.SECURITY_CREDENTIALS, password ); env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); env.put("com.sun.jndi.ldap.trace.ber", System.err); -> iemqdc:389 0000: 30 18 02 01 01 60 13 02 01 03 04 00 A3 0C 04 0A 0....`.......... 0010: 44 49 47 45 53 54 2D 4D 44 35 DIGEST-MD5 <- iemqdc:389 0000: 30 84 00 00 00 DF 02 01 01 61 84 00 00 00 D6 0A 0........a...... 0010: 01 0E 04 00 04 00 87 82 00 CB 71 6F 70 3D 22 61 ..........qop="a 0020: 75 74 68 2C 61 75 74 68 2D 69 6E 74 2C 61 75 74 uth,auth-int,aut 0030: 68 2D 63 6F 6E 66 22 2C 63 69 70 68 65 72 3D 22 h-conf",cipher=" 0040: 33 64 65 73 2C 64 65 73 2C 72 63 34 2D 34 30 2C 3des,des,rc4-40, 0050: 72 63 34 2C 72 63 34 2D 35 36 22 2C 61 6C 67 6F rc4,rc4-56",algo 0060: 72 69 74 68 6D 3D 6D 64 35 2D 73 65 73 73 2C 6E rithm=md5-sess,n 0070: 6F 6E 63 65 3D 22 39 32 38 32 35 66 31 65 34 31 once="92825f1e41 0080: 36 32 63 38 30 31 66 62 61 61 30 31 33 62 32 64 62c801fbaa013b2d 0090: 37 30 31 64 30 64 64 35 38 31 61 37 35 66 33 36 701d0dd581a75f36 00A0: 33 30 62 61 30 34 30 37 30 37 32 65 65 66 38 35 30ba0407072eef85 00B0: 36 34 39 63 39 64 38 36 36 64 39 39 64 65 37 62 649c9d866d99de7b 00C0: 35 37 38 38 63 62 22 2C 63 68 61 72 73 65 74 3D 5788cb",charset= 00D0: 75 74 66 2D 38 2C 72 65 61 6C 6D 3D 22 69 65 6D utf-8,realm="iem 00E0: 71 2E 61 65 22 q.ae" -> iemqdc:389 0000: 30 82 01 46 02 01 02 60 82 01 3F 02 01 03 04 00 0..F...`..?..... 0010: A3 82 01 36 04 0A 44 49 47 45 53 54 2D 4D 44 35 ...6..DIGEST-MD5 0020: 04 82 01 26 63 68 61 72 73 65 74 3D 75 74 66 2D ...&charset=utf- 0030: 38 2C 75 73 65 72 6E 61 6D 65 3D 22 41 64 6D 69 8,username="Admi 0040: 6E 69 73 74 72 61 74 6F 72 22 2C 72 65 61 6C 6D nistrator",realm 0050: 3D 22 69 65 6D 71 2E 61 65 22 2C 6E 6F 6E 63 65 ="iemq.ae",nonce 0060: 3D 22 39 32 38 32 35 66 31 65 34 31 36 32 63 38 ="92825f1e4162c8 0070: 30 31 66 62 61 61 30 31 33 62 32 64 37 30 31 64 01fbaa013b2d701d 0080: 30 64 64 35 38 31 61 37 35 66 33 36 33 30 62 61 0dd581a75f3630ba 0090: 30 34 30 37 30 37 32 65 65 66 38 35 36 34 39 63 0407072eef85649c 00A0: 39 64 38 36 36 64 39 39 64 65 37 62 35 37 38 38 9d866d99de7b5788 00B0: 63 62 22 2C 6E 63 3D 30 30 30 30 30 30 30 31 2C cb",nc=00000001, 00C0: 63 6E 6F 6E 63 65 3D 22 48 70 4D 6A 42 31 78 4E cnonce="HpMjB1xN 00D0: 57 65 6B 69 4B 6E 31 59 34 61 58 6D 47 62 7A 46 WekiKn1Y4aXmGbzF 00E0: 32 34 6A 2B 6F 44 44 44 6A 78 72 47 78 72 70 66 24j+oDDDjxrGxrpf 00F0: 22 2C 64 69 67 65 73 74 2D 75 72 69 3D 22 6C 64 ",digest-uri="ld 0100: 61 70 2F 69 65 6D 71 64 63 22 2C 6D 61 78 62 75 ap/iemqdc",maxbu 0110: 66 3D 36 35 35 33 36 2C 72 65 73 70 6F 6E 73 65 f=65536,response 0120: 3D 65 36 36 31 31 61 39 37 34 64 64 64 34 62 39 =e6611a974ddd4b9 0130: 39 36 62 61 38 62 64 35 65 37 64 32 66 65 65 63 96ba8bd5e7d2feec 0140: 32 2C 71 6F 70 3D 61 75 74 68 2,qop=auth <- iemqdc:389 0000: 30 84 00 00 00 65 02 01 02 61 84 00 00 00 5C 0A 0....e...a....\. 0010: 01 31 04 00 04 55 38 30 30 39 30 33 30 43 3A 20 .1...U8009030C: 0020: 4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D 30 43 LdapErr: DSID-0C 0030: 30 39 30 34 33 45 2C 20 63 6F 6D 6D 65 6E 74 3A 09043E, comment: 0040: 20 41 63 63 65 70 74 53 65 63 75 72 69 74 79 43 AcceptSecurityC 0050: 6F 6E 74 65 78 74 20 65 72 72 6F 72 2C 20 64 61 ontext error, da 0060: 74 61 20 30 2C 20 76 65 63 65 00 ta 0, vece. javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece

References:

Next Post: Thanks that is working kishore.jv 02/07/2008 12:41:46 AM
Previous Post: i am unable to connect to the AD 2003 kishore.jv 01/29/2008 01:39:01 AM
Next Topic: Installing and Configuring DSML Services for Windows SteveHB 07/19/2006 02:39:14 PM
Previous Topic: DIGEST-MD5 -- Digest Authentication as a SASL Mechanism SteveHB 06/13/2006 01:08:03 PM
Index: by Date
Index: by Topic