| |
Error might occur #2 -- Port number rather than 389 |
|
|
Subject: Error might occur #2 -- Port number rather than 389
Author: authen
In response to: Error might occur #1 -- Synchronous
Posted on: 03/23/2009 05:33:38 PM
389 is default port number for LDAP protocol and the SPN honors this default settings also. But if the LDAP service is running on non-default number, let's say 3389, what's going to happen?
Server: myAD.myCompany.com
Port: 3389
Bind Function Type: Generic
Bind method: SSPI
Synchronous: checked
You will get, on the client side, the following error:
res = ldap_bind_s(ld, 'NULL', <unavailable>, 1158); // v.3
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: NTLM authentication protocol used instead but the server failed to support it.
For non-default port number, the LDAP service's SPN which has 389 as default was not identified while LDP.exe requesting the service ticket. So, the Kerberos protocol fails and the connection is established with a weaker security protocol -- NTLM.
Note: The above obseration is viewed under LDP+AD2003+JRE1.5.0_07. The latest AD and JRE1.6.x may have resolved this problem.
>
> On 03/23/2009 04:59:39 PM authen wrote:
Also, the Synchronous checkbox has to be checked, otherwise Kerberos protocol will not go through and you will see, on the client side, the following error:
res = ldap_bind(ld, 'NULL', <unavailable, 1158); // v.3
Error <-1>: ldap_bind() failed: Local Error
Server error: <empty>
References:
|
|
|
|
