Loading ...
Sorry, an error occurred while loading the content.
 

RE: [ADSI-DirSrv] Re: Trouble using SSL with ADAM

Expand Messages
  • James Ward
    Thanks to everyone for the replies. Unfortunately due to time we ended up scrapping ADAM and starting over with AD. Installed Standalone CAs on each DC.
    Message 1 of 4 , Mar 1, 2006
      Thanks to everyone for the replies. Unfortunately due to time we ended up
      scrapping ADAM and starting over with AD. Installed Standalone CAs on each
      DC. Exported Certs. Imported certs on client web servers. SSL worked fine
      after that. I wasn't the one who installed Cert Srvcs to begin with on the
      ADAM systems to begin with so I'm not sure just following the procedure I
      used on the AD DC wouldn't work fine on an ADAM server if I tried again.
      Something to queue for my lab I guess!



      James



      _____

      From: ADSIANDDirectoryServices@yahoogroups.com
      [mailto:ADSIANDDirectoryServices@yahoogroups.com] On Behalf Of dhackemeyer
      Sent: Tuesday, February 28, 2006 7:37 PM
      To: ADSIANDDirectoryServices@yahoogroups.com
      Subject: [ADSI-DirSrv] Re: Trouble using SSL with ADAM



      If the DC can do LDAP over SSL, then your cert must be fine.

      If ADAM is running under a service account (and not local system
      like AD), it needs to be able to read files in the crypto store:

      C:\Documents and Settings\All Users\Application
      Data\Microsoft\Crypto\RSA


      --- In ADSIANDDirectoryServices@yahoogroups.com, "jward448"
      <jward448@...> wrote:
      >
      > All,
      >
      > Have a single instance of ADAM installed on an AD domain
      controller.
      > The directory structure is very similiar to the AD structure. The
      > ADAM instance is using the Network Service account.
      > AD is set to the defaults: 389, 636
      > ADAM instance is set to 50000, 50001
      >
      > Using LDP an SSL connect works fine against AD 636.
      > Fails with the following tring ADAM on 50001:
      > ld = ldap_sslinit("srv1.test.company.com", 50001, 1);
      > Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
      > Error 81 = ldap_connect(hLdap, NULL);
      > Server error: <empty>
      > Error <0x51>: Fail to connect to srv1.test.company.com.
      >
      > Event log shows Event ID: 1220
      > LDAP over Secure Sockets Layer (SSL) will be unavailable at this
      > time because the server was unable to obtain a certificate.
      > Additional Data
      > Error value:
      > 8009030e No credentials are available in the security package
      >
      >
      > So the existing cert works for AD. I'm not sure it's a cert
      problem
      > though. I admit I don't know them well enough to be sure. My other
      > suspect is the ADAM service account. I'm not sure if there are any
      > special rights requirements for that account when it is running on
      a
      > DC. Any thoughts on this would be helpful.
      >
      > Regards,
      >
      > James Ward
      >









      SPONSORED LINKS


      Basic
      <http://groups.yahoo.com/gads?t=ms&k=Basic+programming+language&w1=Basic+pro
      gramming+language&w2=C+programming+language&w3=Computer+programming+language
      s&w4=Programming+languages&w5=C+++programming+language&w6=Software+programmi
      ng+language&c=6&s=188&.sig=iGxrJqXlpJD93Gn2WJnoPQ> programming language

      C
      <http://groups.yahoo.com/gads?t=ms&k=C+programming+language&w1=Basic+program
      ming+language&w2=C+programming+language&w3=Computer+programming+languages&w4
      =Programming+languages&w5=C+++programming+language&w6=Software+programming+l
      anguage&c=6&s=188&.sig=qmLSEJy8bi0_VDFWI8nqqw> programming language

      Computer
      <http://groups.yahoo.com/gads?t=ms&k=Computer+programming+languages&w1=Basic
      +programming+language&w2=C+programming+language&w3=Computer+programming+lang
      uages&w4=Programming+languages&w5=C+++programming+language&w6=Software+progr
      amming+language&c=6&s=188&.sig=Jj3MOzF1ffC2G5jQOwNguQ> programming
      languages


      Programming
      <http://groups.yahoo.com/gads?t=ms&k=Programming+languages&w1=Basic+programm
      ing+language&w2=C+programming+language&w3=Computer+programming+languages&w4=
      Programming+languages&w5=C+++programming+language&w6=Software+programming+la
      nguage&c=6&s=188&.sig=IJr1yWXoNcfxGPgPLYVFtA> languages

      C++
      <http://groups.yahoo.com/gads?t=ms&k=C+++programming+language&w1=Basic+progr
      amming+language&w2=C+programming+language&w3=Computer+programming+languages&
      w4=Programming+languages&w5=C+++programming+language&w6=Software+programming
      +language&c=6&s=188&.sig=gKpaB8RD2WPC7b7UDIdgfA> programming language

      Software
      <http://groups.yahoo.com/gads?t=ms&k=Software+programming+language&w1=Basic+
      programming+language&w2=C+programming+language&w3=Computer+programming+langu
      ages&w4=Programming+languages&w5=C+++programming+language&w6=Software+progra
      mming+language&c=6&s=188&.sig=dC7cQdeugAVX2bJkn_3dzA> programming language



      _____

      YAHOO! GROUPS LINKS



      * Visit your group "ADSIANDDirectoryServices
      <http://groups.yahoo.com/group/ADSIANDDirectoryServices> " on the web.

      * To unsubscribe from this group, send an email to:
      ADSIANDDirectoryServices-unsubscribe@yahoogroups.com
      <mailto:ADSIANDDirectoryServices-unsubscribe@yahoogroups.com?subject=Unsubsc
      ribe>

      * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
      <http://docs.yahoo.com/info/terms/> Service.



      _____



      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.