[j-nsp] SRX100 LDAP
Шепелев Андрей
xamalon4eg at gmail.com
Tue Mar 25 23:16:16 EDT 2014
SOLVED!
need to use capital letters in distingushed name
2014-03-26 8:45 GMT+06:00 Шепелев Андрей <xamalon4eg at gmail.com>:
> so my mistake was in the following:
>
> ge-0/0/2 {
> unit 0 {
> family inet {
> address 10.15.10.3/24 {
> web-authentication http;
> }
> address 10.15.10.2/24;
> }
> }
> }
>
>
> i did not used
>
> address 10.15.10.3/24 {
> web-authentication http;
> }
>
>
> but now i recieved the following error:
>
> Mar 26 02:42:03 LDAP:AUTH: Admin search for user DN before bind,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Result=49,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr:
> DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1,
> auth_id=AUTH8c1a1c0:6
> Mar 26 02:42:03 Framework - module(ldap) return: FAILURE
> Mar 26 02:42:03 authd_advance_module_for_aaa_response_msg: r
>
> there is an admin record in AD with the correct password
> http://screenshot.su/show.php?img=e994b22915a388a3399b23d0d982da7a.jpg
> http://screenshot.su/show.php?img=1748986a1a7aab2e7df5c0bea903b1ac.jpg
>
> =((
>
>
> 2014-03-21 13:54 GMT+06:00 Bikram Singh <sbikram at live.com>:
>
>
>>
>>
>>
>>
>> > From: sbikram at live.com
>> > To: xamalon4eg at gmail.com
>> > Date: Fri, 21 Mar 2014 13:14:31 +0530
>> > CC: juniper-nsp at puck.nether.net
>> > Subject: Re: [j-nsp] SRX100 LDAP
>>
>> >
>> >
>> >
>> > > tried everything nothing helps... i`m begining to think that i have
>> broken srx =)) or something like that. it did not want even trying to
>> athorize the users .... very strange
>>
>> Are you able to get the webpage for authentication ? Is your ldap server
>> fine ? I mean is there any other authentication happening on that from
>> other device ?
>> >distinguished-name cn=junos,dc=tp,dc=ru;
>> In your configuration I see you are using junos as a user . Can you
>> confirm who is this user ? This user must be the administrator of ldap
>> server who can do ldap directory search .
>> I see you have defined ldap-options twice in the configuration . Only
>> define ldap-options under profile and delete it from global level .
>> What ldap server are you using ?
>> The Configuration I shared earlier are the working ones .
>> Bikram
>>
>
>
More information about the juniper-nsp
mailing list