06-15-2010 12:33 AM - edited 03-10-2019 05:11 PM
Hi, I'm evaluating ACS 5.1 with latest patch before a rollout but I'm having problems trying to retrieve groups from the AD. The ACS status is CONNECTED to the AD, and ACS appears as a computer in the AD, but if I try doing a search for groups I get following error message in logs:
Jun 11 2010 17:35:20 CisACS_33206 39 1 1 BL AD Operation information , ADOperati
onResult=Encountered Centrify warning while getting groups for domain:DC=prebuil
d,DC=local Warning: SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: unknown LDAP result code (-50)
additional info: SASL(-1): generic failure:
, DomainName=DC=prebuild,DC=local, AdminName=acsadmin, AdminSession=0156D4002CE8
61075181D7C036B20F0B, AdminInterface=GUI, AdminIPAddress=192.168.1.74
06-15-2010 12:37 AM
By the way, I have installed patch 3 and rebooted so dont think I'm hitting bug CSCtf39158. Anyway this is a single AD environment for eval purposes. AD is win2003 server.
06-15-2010 06:33 PM
If you have applied patch 3 and still it didn't work then could you please check if there is any firewall between the domain abd ACS and if you have then please make sure that all ports in FW are opened according to table below.
LDAP 389/tcp
LDAP 389/udp
SMB 445/tcp
KDC 88/tcp
Global catalog 3268/tcp
KPASS 464/tcp
NTP 123/udp
Also, can you, please, take a sniffer capture between ACS and DC at the time you trying to retrieve groups and attach it with ADAgent logs ?
Regds,
JK
Do rate helpful posts-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide