Cannot retrieve AD groups in ACS 5.1

rcullum · ‎06-15-2010

Hi, I'm evaluating ACS 5.1 with latest patch before a rollout but I'm having problems trying to retrieve groups from the AD. The ACS status is CONNECTED to the AD, and ACS appears as a computer in the AD, but if I try doing a search for groups I get following error message in logs:

Jun 11 2010 17:35:20 CisACS_33206 39 1 1 BL AD Operation information , ADOperati
onResult=Encountered Centrify warning while getting groups for domain:DC=prebuil
d,DC=local Warning: SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: unknown LDAP result code (-50)
additional info: SASL(-1): generic failure:
, DomainName=DC=prebuild,DC=local, AdminName=acsadmin, AdminSession=0156D4002CE8
61075181D7C036B20F0B, AdminInterface=GUI, AdminIPAddress=192.168.1.74

rcullum · ‎06-15-2010

By the way, I have installed patch 3 and rebooted so dont think I'm hitting bug CSCtf39158. Anyway this is a single AD environment for eval purposes. AD is win2003 server.

Jatin Katyal · ‎06-15-2010

If you have applied patch 3 and still it didn't work then could you please check if there is any firewall between the domain abd ACS and if you have then please make sure that all ports in FW are opened according to table below.

LDAP 389/tcp

LDAP 389/udp

SMB 445/tcp

KDC 88/tcp

Global catalog 3268/tcp

KPASS 464/tcp

NTP 123/udp

Also, can you, please, take a sniffer capture between ACS and DC at the time you trying to retrieve groups and attach it with ADAgent logs ?

Regds,

JK

Do rate helpful posts-

~Jatin