Hi, I'm evaluating ACS 5.1 with latest patch before a rollout but I'm having problems trying to retrieve groups from the AD. The ACS status is CONNECTED to the AD, and ACS appears as a computer in the AD, but if I try doing a search for groups I get following error message in logs:
Jun 11 2010 17:35:20 CisACS_33206 39 1 1 BL AD Operation information , ADOperati onResult=Encountered Centrify warning while getting groups for domain:DC=prebuil d,DC=local Warning: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: unknown LDAP result code (-50) additional info: SASL(-1): generic failure: , DomainName=DC=prebuild,DC=local, AdminName=acsadmin, AdminSession=0156D4002CE8 61075181D7C036B20F0B, AdminInterface=GUI, AdminIPAddress=192.168.1.74
If you have applied patch 3 and still it didn't work then could you please check if there is any firewall between the domain abd ACS and if you have then please make sure that all ports in FW are opened according to table below.
Global catalog 3268/tcp
Also, can you, please, take a sniffer capture between ACS and DC at the time you trying to retrieve groups and attach it with ADAgent logs ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...