[Casper] LDAP binding to AD

John Wetter john_wetter at hopkins.k12.mn.us
Tue Sep 23 18:45:35 PDT 2008 

Ok, so do I understand that you are trying to set up the JSS to use the LDAP settings based off of your AD?

One thing I immediately see is in your search base between staff and ad, there are two commas in a row.

Outside of that, it would probably be best to give support a call and they can help get you set up within your specific environment.

-John

--
John Wetter
Technology Support Administrator
Technology & Information Services
Hopkins Public Schools
952-988-5373
john_wetter at hopkins.k12.mn.us
________________________________
From: casper-bounces at list.jamfsoftware.com [casper-bounces at list.jamfsoftware.com] On Behalf Of Chris Lang [Chris.Lang at vu.edu.au]
Sent: Tuesday, September 23, 2008 5:51 PM
To: Miles Leacy; Ernst, Craig S.
Cc: Casper List
Subject: Re: [Casper] LDAP binding to AD

Hi All,

Thanks for the help but I may not have worded my request properly. Binding machines to the AD domain via casper is fine.  I am trying to setup the LDAP server (under admin in the web console) to allow me to add policies based on AD users and groups.

I have attached some of my settings but I get the original error that I posted when I test the LDAP lookup for users and groups.

Regards,

Chris


Chris Lang
Support Services Advisor
Client Services
Information Technology Services

Phone: +61 3 9919 2735
Fax: +61 3 9919 2785
Mobile: +61 411 259 496
Email: Chris.Lang at vu.edu.au<UrlBlockedError.aspx>



On 24/09/08 12:02 AM, "Miles Leacy" <miles.leacy at themacadmin.com<UrlBlockedError.aspx>> wrote:

One note...

You do not need rights to create computer objects in AD if the computer object you're binding to already exists.  In this case you just need to have rights to join the domain.



2008/9/23 Ernst, Craig S. <ERNSTCS at uwec.edu<UrlBlockedError.aspx>>
Active Directory can sometimes be tricky depending on how you have yours configured, but I've found ours to very plain fortunately and just basic bindings work.

I've attached a screen, if it will go through anyway, of what my settings are minus some actual details.


 *   Need to make sure the account you are using has the proper rights to add computer accounts to the specific container or operational unit you have specified in the Computer OU field.
 *   Need to make sure the server is accessible via the network for AD traffic from where you are imaging.
 *   Can you manually bind a computer with Directory Utility (assuming Leopard) with these settings?
 *   You don't need to fully qualify your username account for the binding, Mac assumes the domain. So you typically don't need DOMAIN\username or username at domain.edu<UrlBlockedError.aspx> <http://username@domain.edu>

Sorry if I'm not much help.

Craig E



On 9/23/08 12:25 AM, "Chris Lang" <Chris.Lang at vu.edu.au<UrlBlockedError.aspx> <http://Chris.Lang@vu.edu.au> > wrote:

Hi All,

I am still new to Casper and am trying to get it binding via LDAP to our AD domain...Keep getting the following error:

The following error
was generated performing
the LDAP Lookup:     Error performing LDAP Lookup: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�]


Possible Resoution/Cause:     The specified account does not exist.

I have chatted to our AD admins and have put in settings that they believe will work just wondered if anyone may be able to shed some light.

Chris


Chris Lang
Support Services Advisor
Client Services
Information Technology Services

Phone: +61 3 9919 2735
Fax: +61 3 9919 2785
Mobile: +61 411 259 496
Email: Chris.Lang at vu.edu.au<UrlBlockedError.aspx> <http://Chris.Lang@vu.edu.au>


_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com<UrlBlockedError.aspx>
http://list.jamfsoftware.com/mailman/listinfo/casper



________________________________
_______________________________________________
Casper mailing list
Casper at list.jamfsoftware.com<UrlBlockedError.aspx>
http://list.jamfsoftware.com/mailman/listinfo/casper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20080923/1a1de19b/attachment-0001.html

More information about the Casper mailing list