Azure AD Domain Service - Bind user issue

Syed Faisal 21 Reputation points
2021-06-30T16:45:39.447+00:00

Hello Team,

I have installed and configured Azure AD Domain services and enabled successfully LDAP externally.
from LDAP.exe when i try to bind user with credential getting below error.

0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
{NtAuthIdentity: User='guest'; Pwd=<unavailable>; domain = 'secureyes.com'}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090590, comment: AcceptSecurityContext error, data 52e, v2580
Error 0x8009030C The logon attempt failed

I don't know what is blocking, even have reset the password as well.

Can you please help

Regards /Faisal

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-06-30T20:34:36.147+00:00

    Hello @Syed Faisal ,

    Thanks for reaching out.

    Could you please confirm, which type of account you are using to bind ldap? federated , synchronized from on-premises or cloud only account ?

    A) For Federated Account : Not supported

    B) For Synchronized from on-premises: Make sure Password hash synchronization is enabled for hybrid environments ,if its already enabled then run the following cmdlet to enforce hash synchronization on: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync#enable-synchronization-of-password-hashes

    Note: Users (and service accounts) can't perform LDAP simple binds if you have disabled NTLM password hash synchronization on your managed domain. For more information on disabling NTLM password hash synchronization, see Secure your managed domain.

    C) **For cloud only account: ** I would recommend you to create new account as explained below in detail :

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful