UTM: Credentials not valid at LDAP server - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771 (With Video and KB Article) (SW10123)

Return
  • Title

    UTM: Credentials not valid at LDAP server - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771 (With Video and KB Article)
  • Resolution

    Article Applies To: 

    Affected SonicWALL Security Appliance Platforms:

    Gen6: NSA E10800, NSA E10400, NSA E10200, NSA E10100
    Gen5: NSA E8510, E8500, NSA E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400 MX, NSA 240, NSA 220, NSA 220 /W. NSA 250M, NSA 250M /W.
    Gen5 TZ Series: TZ 100, TZ 100 Wireless, TZ 200, TZ 200 W, TZ 210, TZ 210 W, TZ 215, TZ 215 W, TZ 105, TZ 105 W, TZ 205, TZ 205 W.
    Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260.
    Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless


    Firmware/Software Version:
    SonicOS Enhanced 3.0 and above
    Services: LDAP


    Video Tutorial:  Click here for the video tutorial of this topic

    Problem Definition:

    The error, Credentials not valid at LDAP server - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771, is displayed in the LDAP configuration window when attempting to either test a user under the Test tab or when trying to auto-configure LDAP users and user groups under the Directory tab.

    When this error occurs the following log message is generated. From the log message it is evident that this is an LDAP Bind error. When integrating SonicWALL with an LDAP server, the user entered under Login user name of the LDAP > Settings tab makes a Bind request. This request could fail if the username, password or the directory entered under User tree for login to server is incorrect.

    Resolution or Workaround:

    Check the following to correct this issue:
    • That the Login user name on the LDAP > Settings tab (if Give login name/location in tree is selected) is the display name and not the username. For example, John Doe is a display name and jdoe is the username.
    • That the above user is in the directory entered under User tree for login to server. This is normally the Users directory.
     
    • If Give bind distinguished name is selected under LDAP > Settings, make sure it is correct. For example, this is the DN of an administrator in the Users directory:
    CN=Administrator,CN=Users,DC=hal-2010,DC=local
    • That the password entered is correct.
    Note: The user to bind to the LDAP server could be a normal domain user and need not be an administrator


Product(s):
SonicWALL SuperMassive 9000 Series

SonicWALL SuperMassive E10000 Series
10800, 10400, 10200
SonicWALL NSA Series
5000, 4500, 3500, 250M, 2400, 240, 220
SonicWALL E-Class NSA Series
E8510, E8500, E7500, E6500, E5500
SonicWALL TZ Series
215W, 215, 210W, 210, 205W, 205, 200W, 105W, 105
SonicWALL PRO Series
5060, 4100, 4060, 3060, 2040, 1260
TZ Series
190W, 190, 180W, 180, 170

Topic(s):
Technical Solutions

Article History:
Created on: 9/11/2012
Last Update on: 1/29/2015

Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »