topic Re: Cannot retrieve AD groups in ACS 5.1 in Network Access Control

Cannot retrieve AD groups in ACS 5.1

rcullum — Mon, 11 Mar 2019 00:11:18 GMT

Hi, I'm evaluating ACS 5.1 with latest patch before a rollout but I'm having problems trying to retrieve groups from the AD. The ACS status is CONNECTED to the AD, and ACS appears as a computer in the AD, but if I try doing a search for groups I get following error message in logs:

Jun 11 2010 17:35:20 CisACS_33206 39 1 1 BL AD Operation information , ADOperati
onResult=Encountered Centrify warning while getting groups for domain:DC=prebuil
d,DC=local Warning: SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: unknown LDAP result code (-50)
additional info: SASL(-1): generic failure:
, DomainName=DC=prebuild,DC=local, AdminName=acsadmin, AdminSession=0156D4002CE8
61075181D7C036B20F0B, AdminInterface=GUI, AdminIPAddress=192.168.1.74

Re: Cannot retrieve AD groups in ACS 5.1

rcullum — Tue, 15 Jun 2010 07:37:35 GMT

By the way, I have installed patch 3 and rebooted so dont think I'm hitting bug CSCtf39158. Anyway this is a single AD environment for eval purposes. AD is win2003 server.

Re: Cannot retrieve AD groups in ACS 5.1

Jatin Katyal — Wed, 16 Jun 2010 01:33:29 GMT

If you have applied patch 3 and still it didn't work then could you please check if there is any firewall between the domain abd ACS and if you have then please make sure that all ports in FW are opened according to table below.

LDAP 389/tcp

LDAP 389/udp

SMB 445/tcp

KDC 88/tcp

Global catalog 3268/tcp

KPASS 464/tcp

NTP 123/udp

Also, can you, please, take a sniffer capture between ACS and DC at the time you trying to retrieve groups and attach it with ADAgent logs ?

Regds,

Do rate helpful posts-