[Casper] LDAP binding to AD

Tue Sep 23 15:51:52 PDT 2008

Hi All,

Thanks for the help but I may not have worded my request properly. Binding
machines to the AD domain via casper is fine.  I am trying to setup the LDAP
server (under admin in the web console) to allow me to add policies based on
AD users and groups.

I have attached some of my settings but I get the original error that I
posted when I test the LDAP lookup for users and groups.

Regards,

Chris

Chris Lang
Support Services Advisor
Client Services
Information Technology Services

Phone: +61 3 9919 2735
Fax: +61 3 9919 2785
Mobile: +61 411 259 496
Email: Chris.Lang at vu.edu.au

On 24/09/08 12:02 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:

> One note...
> 
> You do not need rights to create computer objects in AD if the computer object
> you're binding to already exists.  In this case you just need to have rights
> to join the domain.
> 
> 
> 
> 2008/9/23 Ernst, Craig S. <ERNSTCS at uwec.edu>
>> Active Directory can sometimes be tricky depending on how you have yours
>> configured, but I've found ours to very plain fortunately and just basic
>> bindings work.
>> 
>> I've attached a screen, if it will go through anyway, of what my settings are
>> minus some actual details.
>> 
>> * Need to make sure the account you are using has the proper rights to add
>> computer accounts to the specific container or operational unit you have
>> specified in the Computer OU field.
>> * Need to make sure the server is accessible via the network for AD traffic
>> from where you are imaging.
>> * Can you manually bind a computer with Directory Utility (assuming Leopard)
>> with these settings?
>> * You don't need to fully qualify your username account for the binding, Mac
>> assumes the domain. So you typically don't need DOMAIN\username or
>> username at domain.edu <http://username@domain.edu>
>> 
>> Sorry if I'm not much help.
>> 
>> Craig E
>> 
>> 
>> 
>> On 9/23/08 12:25 AM, "Chris Lang" <Chris.Lang at vu.edu.au
>> <http://Chris.Lang@vu.edu.au> > wrote:
>> 
>>> Hi All,
>>> 
>>> I am still new to Casper and am trying to get it binding via LDAP to our AD
>>> domain...Keep getting the following error:
>>> 
>>> The following error
>>> was generated performing
>>> the LDAP Lookup:     Error performing LDAP Lookup:
>>> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
>>> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
>>> vece�]
>>> 
>>> 
>>> Possible Resoution/Cause:     The specified account does not exist.
>>> 
>>> I have chatted to our AD admins and have put in settings that they believe
>>> will work just wondered if anyone may be able to shed some light.
>>> 
>>> Chris
>>> 
>>> 
>>> Chris Lang
>>> Support Services Advisor
>>> Client Services
>>> Information Technology Services
>>> 
>>> Phone: +61 3 9919 2735
>>> Fax: +61 3 9919 2785
>>> Mobile: +61 411 259 496
>>> Email: Chris.Lang at vu.edu.au <http://Chris.Lang@vu.edu.au>
>>> 
>> 
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>> 
> 
> 
> 
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080924/47ba8e6c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ldapConnections.jpg
Type: application/octet-stream
Size: 68590 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080924/47ba8e6c/attachment-0002.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: searchandmappingsldap.jpg
Type: application/octet-stream
Size: 166179 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20080924/47ba8e6c/attachment-0003.obj 