SOLVED! need to use capital letters in distingushed name
2014-03-26 8:45 GMT+06:00 Шепелев Андрей <[email protected]>: > so my mistake was in the following: > > ge-0/0/2 { > unit 0 { > family inet { > address 10.15.10.3/24 { > web-authentication http; > } > address 10.15.10.2/24; > } > } > } > > > i did not used > > address 10.15.10.3/24 { > web-authentication http; > } > > > but now i recieved the following error: > > Mar 26 02:42:03 LDAP:AUTH: Admin search for user DN before bind, > auth_id=AUTH8c1a1c0:6 > Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Result=49, > auth_id=AUTH8c1a1c0:6 > Mar 26 02:42:03 LDAP:AUTH: Admin Bind failed. Error msg=80090308: LdapErr: > DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1, > auth_id=AUTH8c1a1c0:6 > Mar 26 02:42:03 Framework - module(ldap) return: FAILURE > Mar 26 02:42:03 authd_advance_module_for_aaa_response_msg: r > > there is an admin record in AD with the correct password > http://screenshot.su/show.php?img=e994b22915a388a3399b23d0d982da7a.jpg > http://screenshot.su/show.php?img=1748986a1a7aab2e7df5c0bea903b1ac.jpg > > =(( > > > 2014-03-21 13:54 GMT+06:00 Bikram Singh <[email protected]>: > > >> >> >> >> >> > From: [email protected] >> > To: [email protected] >> > Date: Fri, 21 Mar 2014 13:14:31 +0530 >> > CC: [email protected] >> > Subject: Re: [j-nsp] SRX100 LDAP >> >> > >> > >> > >> > > tried everything nothing helps... i`m begining to think that i have >> broken srx =)) or something like that. it did not want even trying to >> athorize the users .... very strange >> >> Are you able to get the webpage for authentication ? Is your ldap server >> fine ? I mean is there any other authentication happening on that from >> other device ? >> >distinguished-name cn=junos,dc=tp,dc=ru; >> In your configuration I see you are using junos as a user . Can you >> confirm who is this user ? This user must be the administrator of ldap >> server who can do ldap directory search . >> I see you have defined ldap-options twice in the configuration . Only >> define ldap-options under profile and delete it from global level . >> What ldap server are you using ? >> The Configuration I shared earlier are the working ones . >> Bikram >> > > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
