Cannot retrieve AD groups in ACS 5.1

Unanswered Question
Jun 15th, 2010
User Badges:

Hi, I'm evaluating ACS 5.1 with latest patch before a rollout but I'm having problems trying to retrieve groups from the AD. The ACS status is CONNECTED to the AD, and ACS appears as a computer in the AD, but if I try doing a search for groups I get following error message in logs:

Jun 11 2010 17:35:20 CisACS_33206 39 1 1 BL AD Operation information , ADOperati
onResult=Encountered Centrify warning while getting groups for domain:DC=prebuil
d,DC=local Warning: SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: unknown LDAP result code (-50)
        additional info: SASL(-1): generic failure:
, DomainName=DC=prebuild,DC=local, AdminName=acsadmin, AdminSession=0156D4002CE8
61075181D7C036B20F0B, AdminInterface=GUI, AdminIPAddress=

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rcullum Tue, 06/15/2010 - 00:37
User Badges:

By the way, I have installed patch 3 and rebooted so dont think I'm hitting bug  CSCtf39158. Anyway this is a single AD environment for eval purposes. AD is win2003 server.

Jatin Katyal Tue, 06/15/2010 - 18:33
User Badges:
  • Cisco Employee,

If you have applied patch 3 and still it didn't work then could you please check if there is any firewall between the domain abd ACS and if you have then please make sure that all ports in FW are opened according to table below.

LDAP 389/tcp

LDAP 389/udp

SMB   445/tcp

KDC 88/tcp

Global catalog  3268/tcp

KPASS 464/tcp

NTP 123/udp  

Also, can you, please, take a sniffer capture between ACS and DC at the time you trying to retrieve groups and attach it with  ADAgent logs ?



Do rate helpful posts-


This Discussion