Posted on 01-07-2010 07:59 AM
Hi-
Has anyone had issues with LDAP-based accounts not able to log in? I ran into this problem intermittently on Casper 6 but I’m now seeing it on Casper 7. My LDAP setup seems to be ok because I can test lookup successfully, but the web console and Apps all fail login. I’ve contact support, but thought I’d also post to the list.
Thanks
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 01-10-2010 04:01 PM
LDAP authentication of all my Casper Suite applications failed again. I went into the JSS Settings and did a test lookup on LDAP. It failed as well and presented me with the following error:
Error performing LDAP Lookup: javax.naming.CommunicationException: (MY AD SERVER IS LISTED HERE):389 [Root exception is java.net.SocketTimeoutException: connect timed out]
This is now the second time this has occurred this week so its been bumped up a priority or two on the list. We can still get in using Admin credentials but this obviously takes out all of our support staff, which is not a good scenario.
Any ideas or, Mr. Nichols, did you gleam anything from your support call on or before Jan7th?
Tim Winningham
Systems Manager
Math Dept MW-430
Posted on 01-11-2010 06:50 AM
Hi Tim-
I haven’t gotten anything from Jamf. They had me turn on Change Management so if it happens again, it will be logged better on the server. The difference from your situation and mine is that the test LDAP lookup worked in my case.
j
Posted on 01-11-2010 07:05 AM
I had the same problem. JAMF has me change the Authentication Type to
'simple' and add in the directory admin username and password. This fixed
it for us.
--
Brad Rellinger
Technology Specialist
Anthony Wayne Local Schools K-12
brellinger at anthonywayneschools.org << New Email Address
Posted on 01-11-2010 07:07 AM
Thank you for the update and the distinction between our issues Mr. Nichols. As an added update of my own, it appears the JSS server has sorted itself out between Saturday and today so all is well again. I will look to give more information when possible.
Thanks,
Tim Winningham
Systems Manager
Math Dept MW-430
Posted on 01-11-2010 07:14 AM
Mr. Rellinger,
I do have the LDAP authentication type set to simple and have a diradmin (DOMAINdir_admin_user), my timeouts are 15" and 60" respectively, and I am doing the 'follow' type of referrals. These settings have not changed, according to my documentation, since I set up the bind. Thanks for the hint though as it doesn't hurt to doublecheck.
Regards,
Tim Winningham
Systems Manager
Math Dept MW-430
Posted on 01-11-2010 07:59 AM
Try to change the Distinguished Name to this format:
uid=diradmin,cn=users,dc=server,dc=example,dc=com
--
Brad Rellinger
Technology Specialist
Anthony Wayne Local Schools K-12
brellinger at anthonywayneschools.org << New Email Address
Posted on 01-19-2012 11:44 AM
Jared did you ever get this issue resolved i am having the same problem with my active directory .
Regards,
Augusto Venegas '85
IT Administrator
Belen Jesuit Preparatory School
500 SW 127th Avenue
Miami, FL 33184
Tel. 786.621.4074
Cell. 786.295.1004
Fax. 786.621.4174
E-Mail avenegas@belenjesuit.org
Posted on 01-19-2012 12:08 PM
We see this, at least in Self Service, when we have to change the name of a person's account (after marriage or whatever). Still haven't found a resolution. We haven't tried it with any other apps.
Posted on 01-19-2012 12:29 PM
I've had logins solved for a long time now (look at the dates on my OP). Right now I'm running into account logouts on the first "fat fingering" instead of the third. I captured some logs with JAMF support help and they're looking at them now.
The JSS is definitely hitting our domain controllers many, *many*, times when someone puts in a bad password.
PS IIRC, My issue was down to certificates.