Another thought; we service a second organization that is a tree domain off of ours; I wonder if this is adding to the complexity and why our AD doesn't work. Here's the 4 scenarios:
1) Port 389, bound to the root of the domain, search account credentials provided, Referral following disabled: WARN o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals are disabled. Error was: Referral WARN o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals are disabled. Error was: Referral WARN o.a.g.auth.ldap.ObjectQueryService - Given a referral, but referrals are disabled. Error was: Referral WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 10.1.18.39 for user "username" failed. 2) Port 389, bound to the root of the domain, search account credentials provided, Referral following enabled: ERROR o.a.g.auth.ldap.ObjectQueryService - Could not follow referral: null ERROR o.a.g.a.l.AuthenticationProviderService - Cannot bind with LDAP server: Unable to query list of objects from LDAP directory. WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 10.1.18.39 for user "username" failed. 3) Port 3268, bound to the root of the domain, search account credentials provided: DEBUG o.a.g.a.l.AuthenticationProviderService - Anonymous bind is not currently allowed by the LDAP authentication provider. DEBUG o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from 10.1.18.39 failed. DEBUG o.a.g.a.ldap.LDAPConnectionService - Connection to LDAP server without encryption. DEBUG o.a.g.auth.ldap.ObjectQueryService - Searching "DC=AD,DC=DOMAIN,DC=org" for objects matching "(&(objectClass=*)(cn=username))". DEBUG o.a.g.a.l.AuthenticationProviderService - Unable to determine DN for user "username". WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 10.1.18.39 for user "username" failed. 4) Port 389, bound to an OU 1 level off the root of the domain, search account credentials provided, Referral following enabled: Worked as expected. I am glad to hear another AD environment is working, especially on port 389/the non-GC configuration. It's that null referral that appears to be killing me, and I can't figure out how to troubleshoot. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
