question

Terrence-1804 avatar image
0 Votes"
Terrence-1804 asked Terrence-1804 commented

Bind failed when using Azure AD DS LDAPs.

Hello,

I have Azure AD DS enabled. LDAPs is enabled with publicly trust wildcard certificate. security group is updated to allow the LDAPs port.
I can also successfully connect to the LDAPs server via ldp.exe in my laptop, but when I tried a simple bind with an existing user (not Guest) in Azure AD, it failed binding with below error,

res = ldap_simple_bind_s(ld, 'xxxxxxxxxx', <unavailable>); // v.3
Error <49>: ldap_simple_bind_s() failed: Invalid Credentials
Server error: 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580
Error 0x80090308 The token supplied to the function is invalid


May I ask how I can fix it? thank you

azure-ad-domain-services
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

shashishailaj avatar image shashishailaj ·

@Terrence-1804 ,

I am building a lab to look into this. Meanwhile can you tell me if you have an environment where you are syncing users from on-prem to Azure AD to Azure AD domain services ? and If you have disabled the NTLM hash sync in your environment by disabling weak ciphers and NTLM password hash sync. Please check the related article. I have seen this behavior earlier after disabling NTLM hash sync and weak ciphers in order to secure the Azure AD DS environment. Also if you are trying with a cloud user from azure AD , can you change its password once and check again ?


0 Votes 0 ·
Terrence-1804 avatar image Terrence-1804 shashishailaj ·

Hi Shashi,
Thank you for the advice.
Yup. We have an environment syncing users from on-prem to Azure AD via Azure AD connect installed in on-premium domain controller. When I run troubleshooting for password synchronization, I can see that the password hash synchronization has been enabled and working fine.
25320-image.png

I also tried a Azure user (member, not guest account) without extra role, but still shows the same error.



0 Votes 0 ·
image.png (20.4 KiB)
Terrence-1804 avatar image Terrence-1804 shashishailaj ·

Hi,
I got it working with Bind with credentials now via ldp.exe, but Simple bind still does not work with error 'The token supplied to the function is invalid
'. did I missing anything for simple bind?

25667-image.png


0 Votes 0 ·
image.png (5.9 KiB)

0 Answers