i have recently updated my domain from 2008R2 to 2016. its a completely new domain unrelated to the old one, but all user names are identical to the old (email domain migrated, so all email addresses are identical).
My AD user can login, but others cannot. all the users show up when go to user management. i also know my account is not local, as i recently changed my AD password and it is allowing me to log in and see my own emails. i cannot figure out where to start troubleshooting this issue, as the only log message i get is baduser/password in httpd logs.
Some AD Users cannot log in
Re: Some AD Users cannot log in
- Change password of one of this users to a simple password without special characters
- Create new user with simple password
- Try other login - domain/username - only username - mailaddress
- Sure LDAP is working fine?
- Create new user with simple password
- Try other login - domain/username - only username - mailaddress
- Sure LDAP is working fine?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Some AD Users cannot log in
whats the best way to get that test file down to my box? (i know how to wget... i just dont know how to git... im not a programer)
Re: Some AD Users cannot log in
my password recently changed, so i know its not cacheing a password from the previous AD server, and thus also this confirms the new AD DN settings are correct (new domain has completely different structure/OUs).
creating a new user is something ive not done, i thought about that but never did it. ill try that and report back.
Re: Some AD Users cannot log in
OK here is some output from the ldaptest.php:
my credentials:
[root@emx01 ~]# php ldaptest.php
Test connection to server
enable AD compatibility
Try authenticating as DOMAIN\extauth
authentication for searching the account was successful
search for jhorne@lalala.com in LDAP directory
search done
found 1 accounts matching the filter
Trying to authenticate as user: Jonathan Horne
authentication success
db data for account: Mail: jhorne@lalala.com; Internal account idJonathan Horne
login success
any other user, including a test user i just now created:
[root@emx01 ~]# php ldaptest.php
Test connection to server
enable AD compatibility
Try authenticating as DOMAIN\extauth
authentication for searching the account was successful
search for tuser@lalala.com in LDAP directory
search done
found 1 accounts matching the filter
Trying to authenticate as user: tuser
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /root/ldaptest.php on line 105
i can log that test user in on the OWA site just fine.
my credentials:
[root@emx01 ~]# php ldaptest.php
Test connection to server
enable AD compatibility
Try authenticating as DOMAIN\extauth
authentication for searching the account was successful
search for jhorne@lalala.com in LDAP directory
search done
found 1 accounts matching the filter
Trying to authenticate as user: Jonathan Horne
authentication success
db data for account: Mail: jhorne@lalala.com; Internal account idJonathan Horne
login success
any other user, including a test user i just now created:
[root@emx01 ~]# php ldaptest.php
Test connection to server
enable AD compatibility
Try authenticating as DOMAIN\extauth
authentication for searching the account was successful
search for tuser@lalala.com in LDAP directory
search done
found 1 accounts matching the filter
Trying to authenticate as user: tuser
PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /root/ldaptest.php on line 105
i can log that test user in on the OWA site just fine.
Re: Some AD Users cannot log in
anyone have any guesses on this one?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Some AD Users cannot log in
Not sure if it applies, but check this out. It may be a case sensitivity issue...
https://github.com/mailwatch/MailWatch/issues/1013
https://github.com/mailwatch/MailWatch/issues/1013