Problem connecting to Windows 2008 Domain Controller.

Greetings all,

I’m new to the forums, not new to Linux but not a strong user.

We have a script that used to connect to the Active Directory that holds our students accounts.

Our servers where HP UNIX based and migrated last week to SUSE Enterprise Server 11.

This is the code we are using:

[CODE]#!/opt/perl510/bin/perl

use strict;
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED);
use Authen::SASL qw(Perl);

my $ldap_server = “edited”;

my $user = ‘edited’;
my $pass = ‘edited’;

my $domain = “dc=edited,dc=edited,dc=edited”;
my $dn = ‘cn=$user,$domain’;

my $ldap = Net::LDAP->new($ldap_server) or warn "Can’t connect to ldap.
Reason: $!
";

if($ldap) {
my $sasl = Authen::SASL->new(
mechanism => ‘DIGEST-MD5’,
callback => {
user => $user,
pass => $pass,
},
);

my $page = Net::LDAP::Control::Paged->new(size => 100);
my @args = (
    base => "ou=edited,$domain",
    filter => "(cn=*)",
    attrs => ['cn'],
    scope => "one",
    control => [ $page ]
);


my $mesg = $ldap->bind(dn => $dn, sasl => $sasl);


$mesg->code and warn "Cannot bind to ldap: ",$mesg->error;


$mesg = $ldap->search(@args);


$mesg = $ldap->unbind;

}[/CODE]

This is the error:

Cannot bind to ldap: 80090303: LdapErr: DSID-0C0904B3, comment: The digest-uri does not match any LDAP SPN's registered for this server., data 0, v1772 at ldaptest.pl line 40, <DATA> line 465.

From the error and google I thought it was DNS, I checked my workstation which is running Windows 7 and I wasn’t able to connect to that Active Directory as well. It’s a different domain.
So, I manually entered the w.x.y.z FQDN in the hosts file in my Windows 7 and was able to connect to that active directory using DIGEST-MD5.

Thinking it would be the same in Linux I entered the IP and FQDN in /etc/hosts but still the error persists.

I can see the server logging in in Event Viewer in the Windows 2008 server.

My supervisor tells me it’s the Windows server that has the problem since the script stopped working on the UNIX server before the migration.

I’ve looked everywhere and found no solution.

On the other hand, I can do ldapsearch with the same user and password and get a connection and display information. I tried specifying the authentication mechanism DIGEST-MD5 using the -Y flag with ldapsearch but I get syntax errors.

Your time and help on this matter is much appreciated.

Good day,

Ed

novellpupr,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

• Visit http://www.suse.com/support and search the knowledgebase and/or check all
  the other support options available.
• You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your SUSE Forums Team
http://forums.suse.com