| |
Error might occur #1 -- Synchronous |
|
|
Subject: Error might occur #1 -- Synchronous
Author: authen
In response to: You cannot reach a Kerberized service with the IP Address
Posted on: 03/23/2009 04:59:39 PM
Also, the Synchronous checkbox has to be checked, otherwise Kerberos protocol will not go through and you will see, on the client side, the following error:
res = ldap_bind(ld, 'NULL', <unavailable, 1158); // v.3
Error <-1>: ldap_bind() failed: Local Error
Server error: <empty>
>
> On 01/13/2009 09:53:52 PM authen wrote:
This problem occurs because on the client side the system gets the TGS based on the Kerberized service principal name (SPN). As no service registered at KDC with the IP address, the TGS fails and client get an error.
So, when you try to access the Active Directory with LDP.exe, you cannot use the IP Address of the domain controller, you have to use the name (either host name or FQDN). For example,
Server: myAD.myCompany.com
Port: 389
Bind Function Type: Generic
Bind method: SSPI
Note: In microsoft world, if you use IP Address instead, the Kerberos protocol fails but the connection is established with a weaker security protocol -- NTLM.
References:
|
|
|
|
