- Jamf Nation Community
- Products
- Jamf Pro
- LDAP binding to AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP binding to AD
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2008 10:25 PM
Hi All,
I am still new to Casper and am trying to get it binding via LDAP to our AD
domain...Keep getting the following error:
The following error
was generated performing
the LDAP Lookup: Error performing LDAP Lookup:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece]
Possible Resoution/Cause: The specified account does not exist.
I have chatted to our AD admins and have put in settings that they believe
will work just wondered if anyone may be able to shed some light.
Chris
Chris Lang
Support Services Advisor
Client Services
Information Technology Services
Phone: +61 3 9919 2735
Fax: +61 3 9919 2785
Mobile: +61 411 259 496
Email: Chris.Lang at vu.edu.au
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2008 05:18 AM
Active Directory can sometimes be tricky depending on how you have yours configured, but I’ve found ours to very plain fortunately and just basic bindings work.
I’ve attached a screen, if it will go through anyway, of what my settings are minus some actual details.
Need to make sure the account you are using has the proper rights to add computer accounts to the specific container or operational unit you have specified in the Computer OU field. Need to make sure the server is accessible via the network for AD traffic from where you are imaging. Can you manually bind a computer with Directory Utility (assuming Leopard) with these settings? You don’t need to fully qualify your username account for the binding, Mac assumes the domain. So you typically don’t need DOMAINusername or username at domain.edu
Sorry if I’m not much help.
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2008 07:02 AM
One note...
You do not need rights to create computer objects in AD if the computer
object you're binding to already exists. In this case you just need to have
rights to join the domain.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2008 03:51 PM
Hi All,
Thanks for the help but I may not have worded my request properly. Binding
machines to the AD domain via casper is fine. I am trying to setup the LDAP
server (under admin in the web console) to allow me to add policies based on
AD users and groups.
I have attached some of my settings but I get the original error that I
posted when I test the LDAP lookup for users and groups.
Regards,
Chris
Chris Lang
Support Services Advisor
Client Services
Information Technology Services
Phone: +61 3 9919 2735
Fax: +61 3 9919 2785
Mobile: +61 411 259 496
Email: Chris.Lang at vu.edu.au
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2008 06:45 PM
Ok, so do I understand that you are trying to set up the JSS to use the LDAP settings based off of your AD?
One thing I immediately see is in your search base between staff and ad, there are two commas in a row.
Outside of that, it would probably be best to give support a call and they can help get you set up within your specific environment.
-John
--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-23-2008 10:36 PM
Hi All,
Thanks for all the replies our AD guys here helped out and it is all sorted
working a treat. Thanks again for all of your respones.
Chris
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2014 03:41 AM
Hi Guys,
Sounds like I have the same problem... can you send me any info?
Thanks.
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2014 07:56 AM
If you use the LDAP Server Assistant in the JSS, it makes some assumptions based on the LDAP service vendor's default/recommended settings. I have found that very few LDAP administrators use Apple or Microsoft defaults/standards. There is usually some customized element to an LDAP structure. For this reason, I always advise having a conversation with your LDAP administrator and ideally showing the LDAP connection's detailed settings in the JSS to this person to ensure that all mappings, OUs and other details are correct with respect to the directory service being used.
I hope this is helpful.
Miles
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2016 04:45 PM
HI
Guys
Can some one help me, Step by step configuration of LDAP server in JAMF portal?
After configuration if i lookup for username its showing below error message.
Error: javax.naming.CommunicationException: 10.20.104.20:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
Suggestion: Ensure you can connect to 10.20.104.20 on port 389
I cross checked the server is able to connect to port 389
Please help ASAP.
Thanks Ravi
