1

I tried to find a lot (I've already spent one complete day on this) to find the reason for following error:

000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

I've windows AD setup as LDAP server and using this for authentication in sftp using proftpd+ldap in Linux machines.

I've two machines (machine#1 and machine#2), where proftpd+ldap is configured. In both the machines all the required configuration (such as proftpd.conf and ldap.conf) is exactly same.

However, when I try to sftp to machine#1, it is able to do it successfully and shows no error in wireshark (tcpdump). However, when I try to sftp to machine#2, it gives me following error. Below is the tcpdump collected from LDAP server.

enter image description here

What I am unable to figure out is, why in failure case (machine#2) only, I am seeing bindRequest "<ROOT>" simple but not in successful case (machine#1).

There is clear indication that there is something in client (machine#2), which is causing this, but not able to figure out what?

Help will be highly appreciated.

Pawan
  • 1,537
  • 1
  • 15
  • 19
  • Is it possible that the versions of OpenLDAP installed are different between machine#1 and machine#2? Or the versions of `proftpd`? – Castaglia Jan 06 '16 at 23:14
  • @TJSaunders, not really. actually both the machines are running exact same copy of software. – Pawan Jan 07 '16 at 03:13
  • You mention "ftp to machine#1", but "*sftp* to machine#2"; is that "sftp" a typo? Does the Active Directory in question have any network ACLs, such that it might treat clients like machine#1 and machine#2 differently, expecting different credentials for them? – Castaglia Jan 08 '16 at 02:00
  • @TJSaunders sorry, my bad!!! they both were sftp. Let me edit the question also. Thanks for pointing it out. No, out AD was not configured in such a way. same user from any machine should be validated successfully. – Pawan Jan 08 '16 at 02:53
  • OK. Next question: you mentioned that the `proftpd.conf` and `ldap.conf` files on the machines are identical; what about the `sftp.conf` file (now that we know it's SFTP that's involved)? Can you double-check that _all_ of the proftpd config files are the same, just to rule out any possibility of discrepancies there? Also, what about the `/etc/openldap/ldap.conf` (or whatever the name is for your distribution) on both machines, to see if perhaps the OpenLDAP client configuration is different? – Castaglia Jan 08 '16 at 16:06
  • they both were identical too. actually both the machines were loaded with same software. so all the configuration files were identical. – Pawan Jan 09 '16 at 13:57

0 Answers0