Ldap problems.

Vote:
 
Hi! We are trying to get ldap authenticaion to work. We have followed all steps in Technical Note "Using Ldap for User Authentication" We have the Server on a DMZ domain and trying to connect to AD in our main domain. The Connection between the Domains works fine. We can import Groups in AdminMode, but when we try to authenticate with our ordinary domain accounts it fails... In AD it says "Successful Network Login" but we fail to login in to admin/edit mode... and after 3 tries it give as an ordinary IIS 401.1 page. We have tried both forms logon and windows logon. We have windows 2003 server with .NET Framework 2.0 EPi Server 4.61 Kindley Regards// Patrik
#16983
Mar 25, 2008 19:30
Vote:
 
Hi, Why use the ldapper. see appendix A in technote "security in episerver" on how to configure AD connection. Or this faq: http://www.episerver.com/en/EPiServer_Knowledge_Center/FAQ_EPiServer_4/901/Using-AD-groups-without-the-ldapper/ If you enable EPiServer Logging at Debug level you will get more detailed information on what goes wrong, For example maybe this?: "The trust relationship between the primary domain and the trusted domain failed" http://www.episerver.com/en/EPiServer_Knowledge_Center/FAQ_EPiServer_4/982/The-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed/ However, if you contact EPiServer Support we can send you a ldap connection test script. Regards Per
#17157
Mar 25, 2008 19:31
Vote:
 

Hi

We also have problems like teh one mentioned above. We are upgradi9ng our Intranet from 4.31 to 5 sp2.

We have installed EPi 5 sp2 on our web server, where our current intranet resides (Epi 4.31). The web server is in DMZ and the domain controller is inside on our production network.

After long time of research we have found that: System.Web.Security.ActiveDirectoryMembershipProvider demands that the firewall ports 137 to 139 must be opened (NETBios protocol)? Plus port 88 (Kerberos protocol). Maybe also port 445 (smb protocol)

4.31 has only used port 389 for accessing the AD?

Our network technicians want to know why the ports has to be open. Do anyone have documenattion why the ActiveDirectoryMembershipProvider needs thos ports open? We need that kind of documentation.

Best Regards

#20888
Jun 17, 2008 12:58