Problems with Active Directory, SBS 2003

David_Ethell · March 22, 2006, 12:29pm

I’'m having a hard time getting A/D integration to work. I have Wildfire 2.5.1 installed on our SBS 2003 server. Here is the conf file:

<?xml version="1.0" encoding="UTF-8"?>

No log files are created in the logs directory other than info.log. There is nothing in debug.log. When I try the admin console I skip the step for changing the Admin password. Is that what I should do? I get no console output or log output when trying to authenticate, but always tells me login failed.

Thanks for any help,

David

Patrick_Siu · March 22, 2006, 1:10pm

Hi David,

If you cannot enter the admin console after initialization, a problem can be that the account Administrator is not belonging to your baseDN. (your baseDN and your adminDN are from different branches)

Using more than one DNs may be a solution if you wish to keep Administrator as the admin account on Jive.

And for the typo in your baseDN, is that really in your config, or it’'s a matter of copy-and-paste?

David_Ethell · March 22, 2006, 8:41pm

The baseDN does not have a space in it as it appears from the copy-paste. I changed the admin user to one that is in the same baseDN. Now I get this error when I try to log into the admin console:

0000: 30 5C 02 01 01 60 57 02 01 03 04 47 63 6E 3D 6A 0…`W…Gcn=j

0010: 61 62 62 65 72 2C 4F 55 3D 53 42 53 55 73 65 72 abber,OU=SBSUser

0020: 73 2C 4F 55 3D 55 73 65 72 73 2C 4F 55 3D 4D 79 s,OU=Users,OU=My

0030: 42 75 73 69 6E 65 73 73 2C 64 63 3D 68 61 6C 6C Business,dc=hall

0040: 6D 65 63 68 61 6E 69 63 61 6C 2C 64 63 3D 6C 6F mechanical,dc=lo

0050: 63 61 6C 80 09 6A 61 62 62 65 72 33 32 31 cal…jabber321

<- 192.168.16.20:3268

0000: 30 84 00 00 00 67 02 01 01 61 84 00 00 00 5E 0A 0…g…a…^.

0010: 01 31 04 00 04 57 38 30 30 39 30 33 30 38 3A 20 .1…W80090308:

0020: 4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D 30 43 LdapErr: DSID-0C

0030: 30 39 30 33 30 46 2C 20 63 6F 6D 6D 65 6E 74 3A 09030F, comment:

0040: 20 41 63 63 65 70 74 53 65 63 75 72 69 74 79 43 AcceptSecurityC

0050: 6F 6E 74 65 78 74 20 65 72 72 6F 72 2C 20 64 61 ontext error, da

0060: 74 61 20 35 32 35 2C 20 76 65 63 65 00 ta 525, vece.

I really have no idea what that means.

Patrick_Siu · March 23, 2006, 5:06am

From a Google search, this error means “User invalid”. The CN in the debug trace (not your config) seems causing some trouble.

Message was edited by: Patrickov

Bobby58 · March 23, 2006, 1:11pm

Here’'s a snapshot of our working config AD/LDAP:

KevCar · March 28, 2006, 8:30pm

Were you able to get it working?

It took me a long time to get mine working because the documentation is not very good. I suggest trying this first. Use dc=hallmechanical,dc=local as your basDN at first. For your AdminDN I would use administrator@hallmechanical.local

This change should enable you to login to the console. Check your users. It should be populated with everything. Once you see those users you know its working. Now, adjust your BaseDN to your liking and make sure you are seeing users. Also, remember that the AdminDN is just the username that will be used to read AD.

David_Ethell · March 28, 2006, 10:04pm

Thanks very much, KevCar. Changing it to use just a minimal baseDN worked much better for finding the users and the Administrator change to using the email style for the adminDN worked.

Now I’‘m having another problem. Most of our user names have spaces in them. This was the case before I ever took over administration of the server. The usernames are all FirstName Lastname. So when Wildfire imported them they are in wildfire as Firstname\20Lastname. I am unable to log in with any of these accounts using Spark. I tried using firstname%20lastname, but that doesn’'t work.

What if I change the usernameField to be mail instead of sAMAccountName? That way it will just use their primary email add the JID, right?

Thanks,

David

David_Ethell · March 28, 2006, 10:08pm

Ok, I take that back, it works somewhat. I was able to log in with a space in the name, but I’'m having some trouble with Searches and with adding contacts with a space. Any thoughts?

KevCar · March 28, 2006, 10:32pm

You might want to change it to use the samaccountname. Give that a try and see what happens.

David_Ethell · March 29, 2006, 10:07am

We already use the sAMAccountName which is what has the spaces in the username.

David_Ethell · April 18, 2006, 10:56am

The solution for a “spaces in the names” problem was to use the mailNickname attribute as the username instead of using sAMAccountName. Then I just made sure that all the Exchange Alias settings (which feeds into the mailNickname attribute) were in the form Firstname.Lastname and now all the users are listed correctly and search works as well.

David