Scratch this, I mistyped the LDAP Search String... all working now On Wednesday, July 13, 2016 at 1:44:48 PM UTC+1, Kev Johnson wrote: > > Hi > > I've deployed 2.0.3 from the OVA, and configured up LDAP with a service > account, which is lovely and everything works. > > The first time I tried to test the authentication for a test user account > it worked fine. I then tried using my domain account, and get "user found", > but "invalid credentials" > > MessageType : BIND_RESPONSE > Message ID : 5 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C0903D0, comment: > AcceptSecurityContext error, data 52e, v2580' > > > Interesting, I think. The credentials are *definitely* correct, so I have > a look into the logs on the domain controller and see that it's passing the > username of the test user but (presumably) the correct password data. If I > look further down the test page I can see that all the details (display > name, UPN etc) are indeed those of the test user account initially tried. > > So it looks like the username is being registered somewhere - any ideas > where I should check for this, and how I prevent this from happening > (because it looks to be doing the same when an LDAP user tries to login - > the test user account gets locked out in AD regardless of the username > entered). > > Thanks! >
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/5d5daa8f-0828-4d7c-8f13-3d2e6f5b906f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
