Please post here if you have problems in using Wing FTP Server.
Tue May 31, 2011 8:25 am
I'm trying to configure the LDAP authentication against a Windows 2008R2 AD server. The test connection button result is successful but not when I try to login.
Here are some information:
Server: Linux CentOS 5.6 x64 2.6.18-238.9.1.el5
IP: => ip of my AD server
Base DN: DC=domain,DC=local => (I don't put my real domain name for security)
User Filter: (&(objectClass=user)(sAMAccountName=%s))
LDAP Version: 3 (even when I change to 2, this setting is reverted back to 3 when I reopen the window)
SSL/TLS: No (with Yes, the test connection button fails)
I tried to define a Bind DN like this: CN=adm-ftp,OU=Services,OU=Administrators,DC=domain,DC=local
With adm-ftp member of Domain Admins or not it doesn't solve the issue.
In the Domains logs, I can found this line but not at every attempts:
 Tue, 31 May 2011 10:05:13 An error occurs when doing LDAP::ldap_bind_s. Error code=-1
What did I made wrong?
Tue May 31, 2011 9:22 am
Could you login with the account "adm-ftp"? If you still can't login with this account, please change the "User Filter" into:
Tue May 31, 2011 9:57 am
Thank you for the answer.
I tried the 3 tips you gave but it still fails and I still have the same error:
 Tue, 31 May 2011 11:55:42 An error occurs when doing LDAP::ldap_search_s. Error code=1
Tue May 31, 2011 1:21 pm
I have tested the LDAP authentication with Windows AD server, there is no problem with my computer.
Here is a screenshot of LDAP dialog:
Please note line 4, it will return the user DN through base DN and user filter, from the screenshot, you can see the right user DN.
So please record your LDAP dialog via wireshark, then paste your result here.
Tue May 31, 2011 3:46 pm
I took traces and see that like you, the 4th line return the correct LDAP path of my user but after that, it tries a bindRequest for the user <ROOT> 3 times and do a searchRequest on the Configuration, ForestDnsZones and DomainDnsZones but these operations fails with LDAP error DSID-0C0906DC "A successful bind must be completed on the connection".
Tue May 31, 2011 4:42 pm
There is an article with similar problem: http://blogs.technet.com/b/pki/archive/2007/04/13/manually-publishing-a-ca-certificate-or-crl-into-a-ldap-store.aspx
On the bottom of that article, it says:
I had not configured correct SPNs for AD LDS service account. After registering the SPNs everything works fine.
Tue May 31, 2011 5:48 pm
Do I need to install the AD LDS role on my Windows 2008R2 Domain Controller to make my DC compatible with WingFTP LDAP queries???
Tue May 31, 2011 5:58 pm
ok, I found this post: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26659333.html
which help me without configuring/installing anything on the DC.
According to the wireshark traces, I understand that the server make a CN request using the bind user, use the answer to retry a binding with the full CN and the binding is now successful.
Is it the good solution for you (I don't know the risks of using the 3268 port)?
Tue Jun 14, 2011 1:16 pm
Using your details You should email@example.com
as Bind DN (changing domain.local to your real data)
Fri Sep 07, 2012 7:37 pm
Hello. Did you ever get your problem resolved? Curious as to I'm having issues too. Thanks.
Powered by phpBB © phpBB Group