Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 HALP! Questions on Windows and Windows Server
 Active Directory
 User unable to log in as service		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

lacrosseboy
Old Timer

550 Posts
Status: offline
Posted - 12/07/2012 :  12:52:41 PM  Show Profile  Reply with Quote
12/07 10:41:15:878[97:btpool0-8]: (mem=3871574560/4116054016) LoginModule: Please verify user name and password. Credential cannot connect to ActiveDirectory[domaincontroller.somedomain.com] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 531, v1db1 ]

Service starts with ID ok but login in from the software, I get this error. From a 2012 server on a 2003 domain.

Thanks.
Thomas Deimel
Keeper of the Holy Potato

Btil Entrails
Here To Stay

USA
198 Posts
Status: offline
Posted - 12/07/2012 :  1:13:06 PM  Show Profile  Reply with Quote
When you enter in the user name for the login from the software, try using SamAccountName@corpname.com as the user instead of the standard full DN account.

This will help to point out if it is in the Java code or if it is AD account stuff.
Chris

"It takes a big man to cry, but it takes a bigger man to laugh at that man."
Jack Handy quotes (American Writer and cast member of Saturday Night Live from 1991-2003. Famous for his Deep Thoughts comedy sketches.)
Go to Top of Page

lacrosseboy
Old Timer

550 Posts
Status: offline
Posted - 12/07/2012 :  1:14:33 PM  Show Profile  Reply with Quote
I think they are but let me check. Thanks.
Thomas Deimel
Keeper of the Holy Potato
Go to Top of Page

wkasdo
Administrator

Netherlands
7405 Posts
Status: offline
Posted - 12/07/2012 :  4:33:43 PM  Show Profile  Click to see wkasdo's MSN Messenger address  Reply with Quote
Did this ever work?

The error indicates that you are trying to use a simple LDAP bind. This requires that you pass the full DN of the account, not UPN or samAccountName.

Also, AD will reject unencrypted simple binds by default because that will send a cleartext password over the network. Fix this by using LDAPS (LDAP over SSL). Alternatively, try turning off LDAP encryption requirements. less secure, of course.

Make it as simple as you can, but not simpler -- Albert Einstein
Go to Top of Page

lacrosseboy
Old Timer

550 Posts
Status: offline
Posted - 12/07/2012 :  4:35:08 PM  Show Profile  Reply with Quote
Yes, it work but only to the 2003 server and not the 2008r2 server. I think they are passing cleartext passwords but need to check. Thanks again.
Thomas Deimel
Keeper of the Holy Potato
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.16 seconds. Snitz Forums 2000