>> Hi, >> >> Can your debien server contact your AD (telnet on port 636) ? >> By the way, you have to install ssl extention on AD to get a valid >> certificate. >> >> Thomas. >> >> -- >> Thomas Chemineau >> Thx for your reply Thomas. Yes the LDAPS port is reachable on both server :
lenny:/usr/share/self-service-password# nmap -p 636 192.168.220.32 Starting Nmap 4.62 ( http://nmap.org ) at 2010-08-04 12:21 CEST Interesting ports on 192.168.220.32: PORT STATE SERVICE 636/tcp open ldapssl MAC Address: 52:54:00:25:A0:DA (QEMU Virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.169 seconds lenny:/usr/share/self-service-password# nmap -p 636 192.168.220.30 Starting Nmap 4.62 ( http://nmap.org ) at 2010-08-04 12:21 CEST Interesting ports on 192.168.220.30: PORT STATE SERVICE 636/tcp open ldapssl MAC Address: 54:52:00:A1:A5:25 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.098 seconds For information, they are 2 Active Directory 2008 Domain Controller (only used for lab tests), the .30 are has master FFSMO roles, .32 is a second Domain Controller for the same domain, both run Windows 2008 R2, on the same network segment. We have tried on the .30, with the same results, but normally each domain controllers can modified objects in the ldap tree. Do you know if the soft has been already tested on a windows active directory domain controller ? > Hum, by reading the error, it seems that your AD returns a referer. > Are you sure SSP binds on the good AD ? What do you mean by 'the good ad' ? > Thomas. > -- *Cedric** Lemarchand - iXSea SAS* Administrateur Système & Réseaux http://www.ixsea.com - <[email protected]> <mailto:[email protected]> Tel: +33 1 30 08 8888 - GSM : +33 6 37 23 40 93 _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
