How to test if ldap server is up or not? - directory

How i can test if ldap server is working or not .One way to use to Apache directory Studio client any other way if we can check if ldap server is running or not ?
Please remember i cannot login server machine where ldap installed i have to test it from a client machine.Please let me know what all mechanism or client we can use test ldap connection ?

The best way to test whether any resource is available is simply to try to use it in the normal course of your application, and cope with the errors as they arise.
Otherwise you're trying to predict the future, among other things.

Monitoring tools such as Zabbix, InterMapper,SCOM etc can provide status health.

You could try watching port 389 on the server. That port can be and is often changed. So you will need to get it from the admin of the ldap server.

Related

Freeradius3 auth with OpenLDAP

For the past few days, i've been trying to configure freeradius to authenticate wifi clients in OpenLDAP (without TLS - 389 bind).
I tried several guides and did not get the result i was looking for.
At localhost, RADTEST works and i receive an Accept-Accpet.
User is found within LDAP and accepts authentication.
When i try to authenticate via wifi (Windows 10), i can't connect.
The configuration i am currently using is this:
https://gitlab.com/ae-dir/client-examples/-/blob/master/freeradius/radiusd.conf
Someone with experience integrating freeradius with openldap?
I need wifi clients to connect with their ldap credentials.
You have not explained more details about the authentication method you are trying to use. This is important. However, a simple recipe for making freeradius+ldap authentication work with Windows10, Ubuntu and Android in EAP/TTLS mode is as follows:
Make sure the radius server has access to the LDAP server. Also make sure that the clients (access points) have access to the radius server. Check firewall issues and freeradius configuration (for Debian10 the file is /etc/freeradius/3.0/clients.conf)
For the authentication test (taking into account that the previous step has already been certified by you), there are two interesting tools: radtest (part of the freeradius-utils package) which does not support EAP/TTLS authentication, and a tool called eapol_test, which is part of the wpa_supplicant package and supports EAP-TTLS.
Follow the EAP/TTLS configuration steps and how to use the eapol_test tool on this link.
Make sure you generate the new certificates (don't use snakeoil certificates at all) and don't forget to change the certificate settings in /etc/freeradius/3.0/mods-enabled/eap). The link from the previous step does not talk about this step.
Run freeradius in full debug mode to find any errors (ie freeradius -X).
Don't forget to check the password and protocol compatibility list.

BizTalk SSO Configuration - There are no more endpoints available from the endpoint mapper

I have a two node BTS2010 group with a separate SQL Server hosting the BTS databases including SSODB; Biz01, Biz02 and Sql01. This environment was configured by a previous employee and I have no documentation available.
There seems to be something not right with the SSO config but I'm not sure how to resolve it.
When I run ssoconfig -status on Biz02 all looks good - it tells me that the SSO Server is Biz02 and the SQL Server is Sql01 plus a load of other stuff. However, when I run the same command on Biz01 I get the message: "Error 0xC0002A0F: Could not contact the SSO server 'Sql01'. Check that SSO is configured and that the SSO service is running on that server'
I'm not clear on what Biz01 is trying to do here - is it trying to reach the EntSSO windows service on Biz02 via an RPC call, before ultimately attempting to retrie config info from Sql01?
I have checked that the ENTSSO service is running on Biz01, Biz02 and that the RPC service is running on each of the three servers.
Can anyone help advise what further steps I can take to determine the root cause of this configuration problem?
Many thanks
Rob.
I'm not sure if you have your servers clustered or not but I've run into something similar before within a cluster. Your SSO name should be your network name and not the individual computers name. Here's an post about the issue I had. Hope it helps.

IIS7 on Windows Server 2008 R2 connection problem

I just got IIS7 set up on a Windows Server 2008 R2 machine in VirtualBox. After doing so, I could not connect from any other client, though http://localhost worked. For that matter, I was unable to even ping the server.
After doing some research, I found that enabling File and Print Sharing on the server solved the problem, but surely there has to be a better way, and I would much prefer to learn to use the best method, rather than the easiest one.
What, specifically, should I do to enable both pinging of the server as well as access to the web server running on it?
Isn't it that the inbound web HTTP port is blocked by default? I'm not a server guru but can remember going to the firewall to allow it through. Should already be there.
Out of the box on Windows Server 2008/2008R2 firewall is installed and users cannot access resources or services on the server unless you configure exceptions to the firewall. There is one exception to this are services/resources on this server that you make available through the GUI tools (Initial Configuration Tasks Wizard, Server manager) - these automatically create firewall required exceptions for you.
So in your case either upon File and Print Sharing installation or upon using File and Print Sharing config wizard/Shared resource provision wizard (most likely the later) required firewall exception was created for you. The rule in question is: File and Printer Sharing (Echo Request – ICMPv4-In) - actually allows ping, but I guess Windows also uses it for network resources discovery and other things implied by the role you installed.
Nothing prevents you from not enabling File and Print Sharing and just enabling mentioned firewall exception manually.

SMTP email not sent in one server, but sent in another server

I have a section of code that sends email from SMTP server.
The code is carried out webservice & smtp server value is picked up from web.config, while the code hosted on server1 works (send/receive emails), whereas the same code hosted in server2 doesn't send/receive email.
Can you tell your thoughts?
Thanks
This really belongs on ServerFault.com, and there isn't enough information to give you a definitive answer, but I can give you my thoughts on it (as asked).
Most likely, if the SMTP server is a different server than the one your app is hosted on, then probably there is some configuration that needs to be done on the SMTP server. Usually, the SMTP server needs to grant pass-through permissions on a per-user and/or per-server basis. So, most likely your situation is that the SMTP server has an "Allow pass-through" list that includes the server where your code works, and does not include the server where the email is NOT sent.
At least, this is usually the problem in our network...
If the SMTP server is on the same server as your app, of course, you'd want to check to ensure that SMTP is installed on both servers with the same configuration.
If this fails, look for errors... In your app code, or in the event log.. .If my guesses are wrong, you're going to need more info to go on.
Finally, here is a good resource for a coder, not necessarily for an Admin, but it may have info that will help you. http://systemnetmail.com/
first thing to check is the windows firewall and if there is an antivirus or third party firewall installed on the machine.
also check the event log for some useful information about the details of the error.

ActiveDirectoryMembershipProvider "The specified domain or server could not be contacted."

I have an application that is using ActiveDirectoryMembershipProvider to grant access to users. The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller.
We've opened the LDAP port to the DC on the inside network - yet no matter what we try, we end up with an error that says "The specified domain or server could not be contacted."
Does anyone have any suggestions on how I can resolve this? We've tried everything we can think of and just aren't getting anywhere.
My connection string is:
<add name="ADConnectionString"
connectionString="LDAP://10.5.3.7:389/DC=MyTestDomain,DC=local"/>
And my provider is:
<add name="ActiveDirectoryMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider"
connectionStringName="ADConnectionString"
attributeMapUsername="SAMAccountName"
connectionProtection="None"
connectionUsername="LdapUser"
connectionPassword="LdapPassword" />
The application is hosted on a non-domain machine, with a firewall between the application server and the domain controller.
Since you could query directly using an LDAP tool, that suggests that the firewall is open correctly. However, keep in mind that the ActiveDirectoryMembershipProvider is not using plain old LDAP, it's using Microsoft technologies. For example, if you set connectionProtection="Secure", ADMP will try using SSL and port 636, if that fails, it will use Microsoft's built-in IPSec signing (see this article for more details).
Anyway, this makes me wonder about a couple things:
Does the AD domain have an IPSec "required" policy which refuses connections from non-domain/non-configured computers? (Probably not, since you connected with plain LDAP, but it's worth investigating.)
Have you added the domain controller's NetBIOS name to your lmhosts file, and its DNS name to your hosts file? (Many protocols check that their target's reported name matches the name you tried to connect to.)
A lot of people have noted problems using ADMP between different domains, and the solution required that a one-way trust be created. Since it sounds like your client computer is not in a domain, you can't have that trust--unless either (a) it is a member of a different domain with a one-way trust or (b) it is a member of the same domain and thus client-server trust is implicit.
It seems like the solution is to open port 445.
Read this thread
We're not allowed to open so I guess I'm stuck.
You can use this two articles, may be solve your problem
www.ddj.com/windows/184406424
forums.asp.net/t/1408268.aspx
and check your firewalls
I had this error, and managed to fix it. There are multiple reasons that can lead to this, here is a to-do list to identify exect problem:
Create a micro application, with single method Membership.GetAllUsers(), execute on machine outside Active Directory (AD), with incorrect password in connection string, check if you get incorrect password exception. If you don't get it you can't connect to your AD server, check firewall, if you do get invalid password exception, goto next step.
If you can, try to execute same app, localy on AD server, first with incorrect password, than with correct, executing app locally provides more detailed exception what is wrong (for me this exception lead me to fixing problem). In my case it told me that Server service is not started, than that Workstation service is not started.
Some thoughts on the fact that it required Server and Workstation services to be working on server: afaik Server service is used for windows file sharing (netbios over TCP), and is using 445 port, so it mey be that this port must be opened in addition to LDAP port. My second observation was that event if 445 port opened (netstat -an) it still can be not working, winows will drop all packets to this port if Windows Client and File and Printer sharing checkboxes are not checked on network interface adapter which rcived this packets. Check "telnet External_IP 445". Thats all info i gathered while strugling with this problem.
Have you tested with an LDAP browsing tool, from the remote box to see if it can connect with the criteria being used here? I.e. Is it a connectivity problem or something else?
In case anyone stumbles on this and wants to smash their head on a wall... Recently tried doing all this for an AD server that my company had in a different domain than the current context. Was using the IP provided and getting failures as stated here. Even used a tool like Softerra LDAP Admin and it worked fine, however AccountManagement failed.
We had a publicly exposed URL hooked to that IP address (still only allowing certain IP's to make calls). Once I replaced the IP with the URL provided, it worked like a charm.
Hope this saves someone the hours of head smashing I just put myself through.

Resources