Connection to ADSI edit

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection to ADSI edit

smalldragoon

Hi,

I’m trying to get connected through the Microsoft ADSI tool to my server but get the follwing error message :

Operation failed error code : 0x80090350

The System cannot contact a domain controller to service the authentication request. Please try again later.

 

I want to set a Widows AD PKI auth and so following this documentation ( stuck in this step )  : https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login#Obtain_Each_User.27s_User_Principal_Name_.28UPN.29_and_the_Domain_Controller.27s_GUID

 

Please note that :

- I have of course registered the computer to the domain

- I’m able to get connected through Microsoft  computer / user config tool and it works.

- When I launch the ADSI edit tool, opposite to what is said in the doc, I must provide the server/domain to connect to ( can not leave the fault choice to “Domain or server that you logged in to )

- related ( or not ), I can not get connected through the Microsoft DNS mngt tool to my server

- when I try to connect from this computer to the server with a generic ldap client, it works

 

Any insights ?

Thanks !

 


Virus-free. www.avast.com
Reply | Threaded
Open this post in threaded view
|

Re: Connection to ADSI edit

Michael Wojcik
This has nothing to do with OpenSSL. Neither AD nor ADSI Edit use OpenSSL.

ADSI is an API on top of LDAP (and other non-LDAP "providers"), and LDAP can use TLS as a transport, so in principle you might be able to get an ADSI client such as ADSI Edit to connect to an LDAP server that uses OpenSSL for TLS. But AD does not; it uses Microsoft's SChannel, and that's what the ADSI client-side LDAP provider uses as well.



Reply | Threaded
Open this post in threaded view
|

RE: Connection to ADSI edit

smalldragoon

Thanks Michael,

Yes indeed, I though ssl connection was required and it was failing because of this, but it is not at all

Sorry to all for the bad post

Thx

 

 

From: Michael Wojcik [mailto:[hidden email]]
Sent: 18 March 2020 14:12
To: Lionel Monchecourt; [hidden email]
Subject: Re: Connection to ADSI edit

 

This has nothing to do with OpenSSL. Neither AD nor ADSI Edit use OpenSSL.


ADSI is an API on top of LDAP (and other non-LDAP "providers"), and LDAP can use TLS as a transport, so in principle you might be able to get an ADSI client such as ADSI Edit to connect to an LDAP server that uses OpenSSL for TLS. But AD does not; it uses Microsoft's SChannel, and that's what the ADSI client-side LDAP provider uses as well.