2,042 questions
Any updates on this? Is there anything else that I can try?
Unable to bind to secure LDAP - Invalid credentials
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 88%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DK
1
Reputation point
We had an existing Azure AD from our O365 subscription, lets say domain abc.com. Now we are trying to extend it with Azure AD DS.
I followed this documentation to setup AADDS.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance
While setting up AADDS, I couldn't use the same domain name abc.com (it exceeded the limit of allowed characters). So, the domain on AADDS was set to something.else.xyz.com.
The domain something.else.xyz.com was added as secondary domain on Azure AD.
I am able to join Windows machine to the Azure AD DS and login with my credentials, user@jaswant .com.
Next, I set up secure LDAP using this documentation.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps
I am using ldp.exe for testing. I can connect to LDAP fine, but while trying to bind I keep getting the below error.
53 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1) res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3 {NtAuthIdentity: User='user'; Pwd=<unavailable>; domain = 'abc.com'} Error <49>: ldap_bind_s() failed: Invalid Credentials. Server error: 80090346: LdapErr: DSID-0C090588, comment: AcceptSecurityContext error, data 80090346, v2580 Error 0x80090346 Client's supplied SSPI channel bindings were incorrect.
I have tried changing the domain for the user. For both user@jaswant .com and user@something .else.xyz.com, I get the same error.
Please help resolve this issue.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,581 Reputation points Microsoft Employee2020-09-03T07:08:52.133+00:00 @DK , Could you please share the options which you are using while binding in ldp.exe ?
-
DK 1 Reputation point
2020-09-03T13:43:13.713+00:00 I am using the same options.
-
James Hamil 22,766 Reputation points Microsoft Employee2020-09-21T23:24:12.783+00:00 Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 36%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Splinter 1 Reputation point2021-10-11T07:28:44.86+00:00 You probably solved this by now, but this is likely happening because you are trying to authenticate with a cloud-only user. If so, then you need to first change the password for that user before you can authenticate with LDAP. That is because AAD will not create the password hashes (it needs for NTLM and Kerberos authentication for LDAP) automatically for cloud-only users - but it creates them the next time the password is changed.
This topic is covered in the following article: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instanceHope this helps!
Sign in to comment