| Author | Messages | |
rezuma
Posts:83
 | | 03/27/2008 6:10 PM |
| Hi,
I am trying to query AD, LDAP, it works find for the domain but when I
try to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use
ssl, permission or similar?
Thanks
| | | |
| ZJORZ
Posts:100
| | 03/27/2008 6:20 PM |
| are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use ssl, permission or similar?
Thanks
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
| | | |
| listmail
Posts:454
| | 03/27/2008 6:50 PM |
| Are you using the -nr switch?
That is when I would expect AdFind to not automatically chase the referral.
If not, show the exact command you are typing.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ramon Linan
Sent: Thursday, March 27, 2008 6:10 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try
to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use
ssl, permission or similar?
Thanks
| | | |
| listmail
Posts:454
| | 03/27/2008 7:46 PM |
| FYI, at some point I added -gcb so you don't have to type -gc -b ""...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, March 27, 2008 6:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
_____
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try
to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use
ssl, permission or similar?
Thanks
| | | |
| rezuma
Posts:83
| | 03/27/2008 7:51 PM |
| i think i was doing something like adfind -b dc=subdomain,dc=domain,dc=com -f distiguishName
it worked out find for dc=domain,dc=com but not for the subdomain, i am suspecting that the domain admin in the subdomain location has change some security related to quereing LDAP, is that possible?
What made me ask the other question about LDAP security...anyone can answer that question?
Thanks all in advance
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of joe
Sent: Thu 3/27/2008 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
FYI, at some point I added -gcb so you don't have to type -gc -b ""...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Almeida Pinto, Jorge de
Sent: Thursday, March 27, 2008 6:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use ssl, permission or similar?
Thanks
| | | |
| listmail
Posts:454
| | 03/27/2008 8:41 PM |
| The SSL stuff wouldn't be a factor here, you can't set up a DC to refuse
connections other than through SSL, you can just enable SSL. I mean you
could firewall 389 and 3268 but more than likely you would break a bunch of
stuff doing so.
I don't understand your query, it doesn't make sense. Specifically the
filter specified. What should happen though with that base specified, if the
default DC isn't a DC for the domain hosting that base DN, a referral will
be returned, your client will then chase that referral to wherever the DC
specified. If the client can't get to that referred to location, then it
would have to throw an error though I haven't seen that so not sure exactly
what it would throw, it probably would just throw the referral error. You
may want to add -exterr and then if that doesn't help, get a network trace
to see what is going on.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ramon Linan
Sent: Thursday, March 27, 2008 7:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
i think i was doing something like adfind -b dc=subdomain,dc=domain,dc=com
-f distiguishName
it worked out find for dc=domain,dc=com but not for the subdomain, i am
suspecting that the domain admin in the subdomain location has change some
security related to quereing LDAP, is that possible?
What made me ask the other question about LDAP security...anyone can answer
that question?
Thanks all in advance
_____
From: ActiveDir-owner@mail.activedir.org on behalf of joe
Sent: Thu 3/27/2008 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
FYI, at some point I added -gcb so you don't have to type -gc -b ""...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, March 27, 2008 6:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
_____
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try
to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use
ssl, permission or similar?
Thanks
| | | |
| James_Day
Posts:13
| | 03/27/2008 8:46 PM |
| Return Receipt
Your RE: [ActiveDir] LDAP query error
document:
was James_Day@contractor.nps.gov
received
by:
at: 03/27/2008 08:42:06 PM EDT
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| rezuma
Posts:83
| | 03/27/2008 8:56 PM |
| It all started with an app that we are using to filter spam, this app is sitting an public IP, that app queries ldap to add any new user and to authorize.
Since a couple of weeks ago the app is not adding anybody from the subdomain and this users are not able to login neither.
Another problem that I am noticing is when I run replmon àsearch domain controllers for replication failures I get 2 lines, one for each dc in that subdomain and it says, "dcname" <error:server unreachable> but I don't see any other replication problems...how can I further troubleshoot this problem?
Thanks so much,
Rezuma
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Thursday, March 27, 2008 8:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
The SSL stuff wouldn't be a factor here, you can't set up a DC to refuse connections other than through SSL, you can just enable SSL. I mean you could firewall 389 and 3268 but more than likely you would break a bunch of stuff doing so.
I don't understand your query, it doesn't make sense. Specifically the filter specified. What should happen though with that base specified, if the default DC isn't a DC for the domain hosting that base DN, a referral will be returned, your client will then chase that referral to wherever the DC specified. If the client can't get to that referred to location, then it would have to throw an error though I haven't seen that so not sure exactly what it would throw, it probably would just throw the referral error. You may want to add -exterr and then if that doesn't help, get a network trace to see what is going on.
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ramon Linan
Sent: Thursday, March 27, 2008 7:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
i think i was doing something like adfind -b dc=subdomain,dc=domain,dc=com -f distiguishName
it worked out find for dc=domain,dc=com but not for the subdomain, i am suspecting that the domain admin in the subdomain location has change some security related to quereing LDAP, is that possible?
What made me ask the other question about LDAP security...anyone can answer that question?
Thanks all in advance
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of joe
Sent: Thu 3/27/2008 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
FYI, at some point I added -gcb so you don't have to type -gc -b ""...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Almeida Pinto, Jorge de
Sent: Thursday, March 27, 2008 6:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try to query (with joe's adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use ssl, permission or similar?
Thanks
| | | |
| listmail
Posts:454
| | 03/27/2008 9:31 PM |
| Try to directly query a DC in the subdomain with the -h option. Could be
network issues. Again a network trace would likely be handy.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ramon Linan
Sent: Thursday, March 27, 2008 8:57 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
It all started with an app that we are using to filter spam, this app is
sitting an public IP, that app queries ldap to add any new user and to
authorize.
Since a couple of weeks ago the app is not adding anybody from the subdomain
and this users are not able to login neither.
Another problem that I am noticing is when I run replmon àsearch domain
controllers for replication failures I get 2 lines, one for each dc in that
subdomain and it says, dcname <error:server unreachable> but I dont see
any other replication problems
how can I further troubleshoot this problem?
Thanks so much,
Rezuma
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Thursday, March 27, 2008 8:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
The SSL stuff wouldn't be a factor here, you can't set up a DC to refuse
connections other than through SSL, you can just enable SSL. I mean you
could firewall 389 and 3268 but more than likely you would break a bunch of
stuff doing so.
I don't understand your query, it doesn't make sense. Specifically the
filter specified. What should happen though with that base specified, if the
default DC isn't a DC for the domain hosting that base DN, a referral will
be returned, your client will then chase that referral to wherever the DC
specified. If the client can't get to that referred to location, then it
would have to throw an error though I haven't seen that so not sure exactly
what it would throw, it probably would just throw the referral error. You
may want to add -exterr and then if that doesn't help, get a network trace
to see what is going on.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ramon Linan
Sent: Thursday, March 27, 2008 7:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
i think i was doing something like adfind -b dc=subdomain,dc=domain,dc=com
-f distiguishName
it worked out find for dc=domain,dc=com but not for the subdomain, i am
suspecting that the domain admin in the subdomain location has change some
security related to quereing LDAP, is that possible?
What made me ask the other question about LDAP security...anyone can answer
that question?
Thanks all in advance
_____
From: ActiveDir-owner@mail.activedir.org on behalf of joe
Sent: Thu 3/27/2008 7:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
FYI, at some point I added -gcb so you don't have to type -gc -b ""...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Almeida Pinto,
Jorge de
Sent: Thursday, March 27, 2008 6:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] LDAP query error
are you querying the GC?
ADFIND -gc -b "" -f "whatever"
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
_____
From: ActiveDir-owner@mail.activedir.org on behalf of Ramon Linan
Sent: Thu 2008-03-27 23:10
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LDAP query error
Hi,
I am trying to query AD, LDAP, it works find for the domain but when I try
to query (with joes adfind) the subdomain is giving me this error
ldap_get_next_page_s: [server.domain.com] Error 0xa (10) - Referral
Could that mean that the queries to that subdomain has been setup to use
ssl, permission or similar?
Thanks
| | | |
| Khurshid_Anwar
Posts:0
| | 03/27/2008 11:37 PM |
| Return Receipt
Your RE: [ActiveDir] LDAP query error
document:
was Khurshid_Anwar@contractor.nps.gov
received
by:
at: 03/27/2008 11:34:13 PM EDT
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| Khurshid_Anwar
Posts:0
| | 03/28/2008 10:48 AM |
| Return Receipt
Your RE: [ActiveDir] LDAP query error
document:
was Khurshid_Anwar@contractor.nps.gov
received
by:
at: 03/28/2008 10:44:48 AM EDT
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| TG
Posts:86
| | 03/28/2008 1:34 PM |
| Return Receipt
Your RE: [ActiveDir] LDAP query error
document:
was tony.gordon@hewitt.com
received
by:
at: 03/28/2008 12:33:35 PM
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|