<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">I presume you have an account in AD called “zendto”, yes?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Might be a shot in the dark, but try replacing the DC name with the IP address of the domain controller. It may be a name resolution issue. If it starts working after that, check your /etc/nsswitch.conf. I
had to edit mine as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> #hosts: files mdns4_minimal [NOTFOUND=return] dns
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> hosts: files dns<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">HTH…<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D">...Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kevin Miller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Network/email Administrator, CBJ MIS Dept.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">155 South Seward Street<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Juneau, Alaska 99801<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> zendto-bounces@zend.to [mailto:zendto-bounces@zend.to]
<b>On Behalf Of </b>Craig Gilbert<br>
<b>Sent:</b> Wednesday, June 14, 2017 6:07 AM<br>
<b>To:</b> zendto@zend.to<br>
<b>Subject:</b> [ZendTo] AD Auth issue<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Hello all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">We are attempting to deploy ZendTo in our environment but are having issues with AD auth.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">We have reviewed the page at <a href="http://zend.to/activedirectory.php">
http://zend.to/activedirectory.php</a> and are getting results from the example </span>
<span lang="EN-GB" style="font-family:Consolas">ldapsearch </span><span lang="EN-GB">command.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Our AD authenticator settings in </span><span lang="EN-GB" style="font-family:Consolas">preferences.php</span><span lang="EN-GB"> are as follows (redacted identifying info):<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authenticator' => 'AD',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBaseDN1' => 'OU=User Accounts,OU=Company,DC=domain,DC=local',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPServers1' => array(‘dc1.domain.local','dc2.domain.local','dc3.domain.local','dc4.domain.local'),<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPAccountSuffix1' => '@domain.local',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPUseSSL1' => false,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBindUser1' => 'zendto',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBindPass1' => 'password',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPOrganization1' => 'Company',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> // If you are not using this 2nd set of settings for a 2nd AD forest,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> // do not comment them out, but instead set them to be empty.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBaseDN2' => '',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> // Set<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPServers2' => array(),<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> // if you only have to search 1 AD forest/domain.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPServers2' => array(),<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPAccountSuffix2' => '',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPUseSSL2' => false,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBindUser2' => '',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPBindPass2' => '',<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-family:Consolas"> 'authLDAPOrganization2' => ''</span><span lang="EN-GB">,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Every time we try to authenticate with a valid user using either a sAMAccountName or userPrincipalName, the error ‘Authentication Error<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">The username or password was incorrect.’ Is shown in ZendTo. If it matters, our users are in a Sub-OU of the value in
</span><span lang="EN-GB" style="font-family:Consolas">authLDAPBaseDN1, </span><span lang="EN-GB">however they are shown in the
</span><span lang="EN-GB" style="font-family:Consolas">ldapsearch</span><span lang="EN-GB"> command.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Any assistance is greatly appreciated.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Kind Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-GB" style="mso-fareast-language:EN-GB">Craig Gilbert<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><u><span lang="EN-GB" style="mso-fareast-language:EN-GB">Systems Architect<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB">Nexus, Nexus House, St James' Boulevard, Newcastle upon Tyne, NE1 4AX</span></i><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-GB" style="font-size:9.0pt;mso-fareast-language:EN-GB">Tel 0191 203 3268</span></i><span lang="EN-GB" style="mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:12.0pt;font-family:"Times New Roman","serif"">**********************************************************************************<br>
Any views or opinions expressed by the sender of this message do not<br>
necessarily represent those of Nexus.<br>
<br>
This message is intended for the addressee only. It is confidential and<br>
may contain private or privileged information. It must not be copied or<br>
its contents disclosed to anyone other than the addressee. If it is<br>
delivered to you in error please destroy all copies of it immediately and<br>
contact the sender.<br>
<br>
Please note that neither Nexus nor the sender accepts any responsibility<br>
for viruses and it is your responsibility to scan or otherwise check this <br>
email and any attachments. <br>
**********************************************************************************<o:p></o:p></span></p>
</div>
</body>
</html>