[j-nsp] SRX100 LDAP

Шепелев Андрей xamalon4eg at gmail.com
Tue Mar 25 23:16:16 EDT 2014


SOLVED!

need to use capital letters in distingushed name


2014-03-26 8:45 GMT+06:00 Шепелев Андрей <xamalon4eg at gmail.com>:

> so my mistake was in the following:
>
> ge-0/0/2 {
>     unit 0 {
>         family inet {
>             address 10.15.10.3/24 {
>                 web-authentication http;
>             }
>             address 10.15.10.2/24;
>         }
>     }
> }
>
>
> i did not used
>
>  address 10.15.10.3/24 {
>                 web-authentication http;
>             }
>
>
> but now i recieved the following error:
>
> Mar 26 02:42:03 LDAP:AUTH: Admin search for user DN before bind,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Result=49,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr:
> DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 Framework - module(ldap) return: FAILURE
> Mar 26 02:42:03 authd_advance_module_for_aaa_response_msg: r
>
> there is an admin record in AD with the correct password
> http://screenshot.su/show.php?img=e994b22915a388a3399b23d0d982da7a.jpg
> http://screenshot.su/show.php?img=1748986a1a7aab2e7df5c0bea903b1ac.jpg
>
> =((
>
>
> 2014-03-21 13:54 GMT+06:00 Bikram Singh <sbikram at live.com>:
>
>
>>
>>
>>
>>
>> > From: sbikram at live.com
>> > To: xamalon4eg at gmail.com
>> > Date: Fri, 21 Mar 2014 13:14:31 +0530
>> > CC: juniper-nsp at puck.nether.net
>> > Subject: Re: [j-nsp] SRX100 LDAP
>>
>> >
>> >
>> >
>> > > tried everything nothing helps... i`m begining to think that i have
>> broken srx =)) or something like that. it did not want even trying to
>> athorize the users .... very strange
>>
>> Are you able to get the webpage for authentication ? Is your ldap server
>> fine ? I mean is there any other authentication happening on that from
>> other device ?
>>  >distinguished-name cn=junos,dc=tp,dc=ru;
>> In your configuration I see you are using junos as a user . Can you
>> confirm who is this user ? This user must be the administrator of ldap
>> server who can do ldap directory search .
>>  I see you have defined ldap-options twice in the configuration . Only
>> define ldap-options under profile and delete it from global level .
>>  What ldap server are you using ?
>> The Configuration I shared earlier are the working ones .
>>  Bikram
>>
>
>


More information about the juniper-nsp mailing list