- ADAM & Proxy Bind
- Posted by Udo Fink on January 14th, 2004
I'm wondering what the exact requirements are for the ADAM proxy bind to work.
I have added a proxy user object to my directory, but when I try binding using that user I get an 'Invalid Credentials' error. I suspect that happens because the computer (win2k3) running ADAM is not in the same domain as the AD account. However there should be a trust relationship between the domain of the ADAM computer and the domain containing the user. I also tried setting up the user as a local user on the ADAM computer. This doesn't work either. Should it work?
Will proxy authentication work without SSL and without LDAP Sign&Crypt (I have set RequireSecureProxyBind to 0)?
Will I have to reinstall ADAM if I add the ADAM server to the domain containing the AD user I want to use for proxy authentication in order to make it work?
Is there a way to get some kind of debug/logging output from ADAM to see whats actually going wrong?
Thanks,
Udo
- Posted by Dmitri Gavrilov [MSFT] on January 14th, 2004
To get extra logging, you can
a) retrieve LDAP_OPT_SERVER_ERROR following the bind (easiest from LDP)
or
b) enable logon auditing
Post the extended error code.
Proxy bind should work with a user from a trusted domain. If it let you
create the user, then it was able to validate the SID, which is a good sign.
It should also work with a local user.
Most probably, it wants the secure channel still. When you set
RequireSecureProxyBind to zero, did you remove "RequireSecureProxyBind=1"
value?
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Udo Fink" <anonymous@discussions.microsoft.com> wrote in message
news:46599BB9-CEBC-452A-97A7-38FB7C8AE9AD@microsoft.com...
because the computer (win2k3) running ADAM is not in the same domain as the
AD account. However there should be a trust relationship between the domain
of the ADAM computer and the domain containing the user. I also tried
setting up the user as a local user on the ADAM computer. This doesn't work
either. Should it work?
make it work?
- I'm in a bind. Is there a good way to do this? (Small Business Solutions) by Doug B -db-
- I need to find out my HTTP Proxy and/or SOCKS Proxy configuration (Microsoft Windows) by colintasker
- ADAM reverse user proxy (Windows 2003) by Evan Battle
- ADAM : Performances differences between AD and ADAM (Windows 2003) by Eoin Mooney
- won't bind (Modems) by Plotinus8671
