[j-nsp] SRX100 LDAP

Шепелев Андрей xamalon4eg at gmail.com
Tue Mar 25 22:45:19 EDT 2014


so my mistake was in the following:

ge-0/0/2 {
    unit 0 {
        family inet {
            address 10.15.10.3/24 {
                web-authentication http;
            }
            address 10.15.10.2/24;
        }
    }
}


i did not used

 address 10.15.10.3/24 {
                web-authentication http;
            }


but now i recieved the following error:

Mar 26 02:42:03 LDAP:AUTH: Admin search for user DN before bind,
auth_id=AUTH8c1a1c0:6
Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Result=49,
auth_id=AUTH8c1a1c0:6
Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr:
DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1,
auth_id=AUTH8c1a1c0:6
Mar 26 02:42:03 Framework - module(ldap) return: FAILURE
Mar 26 02:42:03 authd_advance_module_for_aaa_response_msg: r

there is an admin record in AD with the correct password
http://screenshot.su/show.php?img=e994b22915a388a3399b23d0d982da7a.jpg
http://screenshot.su/show.php?img=1748986a1a7aab2e7df5c0bea903b1ac.jpg

=((


2014-03-21 13:54 GMT+06:00 Bikram Singh <sbikram at live.com>:

>
>
>
>
>
> > From: sbikram at live.com
> > To: xamalon4eg at gmail.com
> > Date: Fri, 21 Mar 2014 13:14:31 +0530
> > CC: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] SRX100 LDAP
>
> >
> >
> >
> > > tried everything nothing helps... i`m begining to think that i have
> broken srx =)) or something like that. it did not want even trying to
> athorize the users .... very strange
>
> Are you able to get the webpage for authentication ? Is your ldap server
> fine ? I mean is there any other authentication happening on that from
> other device ?
> >distinguished-name cn=junos,dc=tp,dc=ru;
> In your configuration I see you are using junos as a user . Can you
> confirm who is this user ? This user must be the administrator of ldap
> server who can do ldap directory search .
> I see you have defined ldap-options twice in the configuration . Only
> define ldap-options under profile and delete it from global level .
> What ldap server are you using ?
> The Configuration I shared earlier are the working ones .
>  Bikram
>


More information about the juniper-nsp mailing list