LDAP Authentication "Errors while reading config params"

[nznagaraj]

Hi
I tried set up AD Authentication. I have checked the info using LDP

No matter what I tried I was unable to get an authentication or an error that shows me the AD authntication was attempted.

below is teh output of "showauthparam"
=======================================
binding sasl
sasl-mechanism GSSAPI
account-obj user
account-name-attr sAMAccountName
ldap-server 138.35.232.120
kerberos-realm OMC.HP.COM
ldap-server-hn DCLSGPKOMC01.omc.hp.com
memberof-attr memberOf
super-map CN=US-WW MMI_NZCS,OU=SSLVPN,OU=Infrastructure,OU=Forest Univer
sal Groups,DC=omc,DC=hp,DC=com
accounts-dn OU=VWXYZ,OU=User Accounts,OU=APJ,OU=Region,DC=omc,DC=hp,DC=com
====================================
 

NZAUHCS3PAR01 cli% checkpassword watsonbl
password:
+ attempting authentication and authorization using system-local data
+ authentication denied: unknown username
+ attempting authentication and authorization using LDAP
+ authentication denied: errors while reading configuration parameters
user abcde is not authenticated or not authorized
NZAUHCS3PAR01 cli%
==============================================

Please note I to the best of my knowledge the OU and DC info are correct for the DN & CN. I tried removing "super-map" expected some kind of authentication fail or group does not exisit or similar. But always getting "Error reading configuratioon parameters"

Note I don't have an NTP yet not sure that will give this error.

Any help is really appreciated

THANKS
Nagaraj

[Richard Siemers]

So general checks:

Make sure your ldap-server-hn reverse lookups to your ldap-server IP address in DNS.
Make sure your kerberos-realm matches AD (its case sensitive)
Make sure your username is in the OU you specified in accounts-dn