Disabled account and LDAP

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have a 2003 server running AD and are using it with LDAPS for
authentication. If I disable an account, I can still authenticate using that
account over LDAP. Has anyone else seen this?
3 answers Last reply
More about disabled account ldap
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    How specifically are you trying to authenticate. Windows auth is normally based
    on kerberos. If you already have a kerb cert for a resource, it isn't affect by
    disables until it expires and has to be renewed which could be up to 10 hours.

    If you are forcing a new auth against AD with the LDAP bind then you should be
    seeing it fail immediately.


    joe

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Rich wrote:
    > We have a 2003 server running AD and are using it with LDAPS for
    > authentication. If I disable an account, I can still authenticate using that
    > account over LDAP. Has anyone else seen this?
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    We are using LDAP bind. I tried patching the server with SP1 last night and
    a number of services wouldn't start after it was applied. Not sure what is
    causing the problem but since the box is used for testing only, I'm not in a
    really big hurry to figure out what is wrong.

    "Joe Richards [MVP]" wrote:

    > How specifically are you trying to authenticate. Windows auth is normally based
    > on kerberos. If you already have a kerb cert for a resource, it isn't affect by
    > disables until it expires and has to be renewed which could be up to 10 hours.
    >
    > If you are forcing a new auth against AD with the LDAP bind then you should be
    > seeing it fail immediately.
    >
    >
    > joe
    >
    > --
    > Joe Richards Microsoft MVP Windows Server Directory Services
    > www.joeware.net
    >
    >
    > Rich wrote:
    > > We have a 2003 server running AD and are using it with LDAPS for
    > > authentication. If I disable an account, I can still authenticate using that
    > > account over LDAP. Has anyone else seen this?
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    LDAP Simple Bind? Or sending creds and a password and asking for secure auth?

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Rich wrote:
    > We are using LDAP bind. I tried patching the server with SP1 last night and
    > a number of services wouldn't start after it was applied. Not sure what is
    > causing the problem but since the box is used for testing only, I'm not in a
    > really big hurry to figure out what is wrong.
    >
    > "Joe Richards [MVP]" wrote:
    >
    >
    >>How specifically are you trying to authenticate. Windows auth is normally based
    >>on kerberos. If you already have a kerb cert for a resource, it isn't affect by
    >>disables until it expires and has to be renewed which could be up to 10 hours.
    >>
    >>If you are forcing a new auth against AD with the LDAP bind then you should be
    >>seeing it fail immediately.
    >>
    >>
    >> joe
    >>
    >>--
    >>Joe Richards Microsoft MVP Windows Server Directory Services
    >>www.joeware.net
    >>
    >>
    >>Rich wrote:
    >>
    >>>We have a 2003 server running AD and are using it with LDAPS for
    >>>authentication. If I disable an account, I can still authenticate using that
    >>>account over LDAP. Has anyone else seen this?
    >>
Ask a new question

Read More

Authentication LDAP Microsoft Active Directory Windows