Subject: You cannot reach a Kerberized service with the IP Address
Author: authen
Posted on: 01/13/2009 09:53:52 PM

---

This problem occurs because on the client side the system gets the TGS based on the Kerberized service principal name (SPN). As no service registered at KDC with the IP address, the TGS fails and client get an error.

So, when you try to access the Active Directory with LDP.exe, you cannot use the IP Address of the domain controller, you have to use the name (either host name or FQDN). For example,


Server: myAD.myCompany.com
Port: 389

Bind Function Type: Generic
Bind method: SSPI

Note: In microsoft world, if you use IP Address instead, the Kerberos protocol fails but the connection is established with a weaker security protocol -- NTLM.

Replies:

• Error might occur #1 -- Synchronous  authen  03/23/2009 04:59:39 PM
• Error might occur #2 -- Port number rather than 389  authen  03/23/2009 05:33:38 PM
• Port number rather than 389 -- But the server support NTLM  authen  06/01/2009 08:03:24 PM
• Error might occur #3 -- Use auth. identit box unchecked  authen  02/08/2010 02:44:27 PM
• Error might occur #4 -- Wrong password  authen  02/08/2010 03:12:34 PM
• Error might occur #5 -- Wrong user identity  authen  02/08/2010 03:24:56 PM
• Error might occur #6 -- Wrong format of user identity  authen  02/08/2010 03:30:54 PM
• If everything goes right, what I can see?  authen  02/08/2010 03:39:18 PM
• SSO -- How can I use LDP to do Single Sign-On?  authen  02/08/2010 03:56:28 PM
• The Kerberos is too picky .........  eLDAP  04/20/2010 06:15:36 PM
• Re: You cannot reach a Kerberized service with the IP Address   eLDAP  07/02/2010 08:44:17 PM
• How about Softerra ldapbrowser?  eLDAP  10/18/2013 10:46:58 PM

---

References:

• Next Post: Error might occur #1 -- Synchronous  authen  03/23/2009 04:59:39 PM
• Previous Post: You cannot reach Active Directory (AD) on port 636 with the IP Address using LDP.exe  authen  01/13/2009 09:41:55 PM
• Next Topic: Virtual List View Control -- draft-ietf-ldapext-ldapv3-vlv-09.txt  SteveHB  03/04/2009 07:39:22 PM
• Previous Topic: You cannot reach Active Directory (AD) on port 636 with the IP Address using LDP.exe  authen  01/13/2009 09:41:55 PM
• Index: by Date
• Index: by Topic