How about this as a way forward (nice clich�, eh? :) Have you logged LDAP connections on the dc? If not, the setting is in the registry under NTDS\diagnostics. Try increasing the logging (be sure the event log has the room and will overwrite) and see what gets logged when you attempt to connect.
As for the referral, I can't understand why it would try to refer elsewhere exactly. That's a mystery at the moment, but I think a better look at what gets logged during the attempt might be helpful here. When you say a special user, was it just a regular domain user then? Is this 2003 or 2000 you're dealing with? Al -----Original Message----- From: Jennifer Fountain [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 4:52 PM To: [EMAIL PROTECTED] Subject: RE: **POTENTIAL SPAM** RE: [ActiveDir] Issue with ldap over SSL Yes, I changed that to a special users instead of anonymous and still the same issue. What do you think the referral error is? I can change anything at this point. What do you think? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, March 17, 2004 4:29 PM To: '[EMAIL PROTECTED]' Subject: **POTENTIAL SPAM** RE: [ActiveDir] Issue with ldap over SSL Referral? Why the referral? And the binddn is anonymous? That looks questionable. Can you change that? -----Original Message----- From: Jennifer Fountain [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 2:41 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Issue with ldap over SSL I am currently trying to get AD authenitication for linux. I have everything working (login, groups, etc) but I cannot get ldapssl working correctly. I am currently getting this in my logs: nss_ldap: could not search LDAP server - Referral And I keep getting a segmentation fault when I try to su - user or id - etc. Here is my config: host x.x.x.x #port 636 base dc=xxx,dc=com ldap_version 3 binddn [EMAIL PROTECTED] scope sub ssl no #ssl yes pam_filter objectclass=user pam_login_attribute sAMAccountName pam_password ad nss_base_passwd ou=xx,dc=xxx,dc=com?one nss_base_shadow ou=xx,dc=xxx,dc=com?one nss_base_group ou=xx,dc=xxx,dc=com?one nss_map_objectclass posixAccount User nss_map_attribute uid sAMAccountName nss_map_attribute uniqueMember Member nss_map_attribute userPassword msSFUPassword nss_map_attribute homeDirectory msSFUHomeDirectory nss_map_objectclass posixGroup Group nss_map_attribute cn sAMAccountName My AD server is listening on port 636 and I can connect to it with the ldp.exe tool on that port. I have Cert Services installed and I verified the cert is in the personal and the trusted stores. Does anyone have any ideas on what I may be doing wrong? Kind Regards, List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
