Active Directory on Konica Minolta C353

**jayg30** · 09-17-2014, 12:14 AM

Re: Active Directory on Konica Minolta C353

So NTLMv2 looks like it works. Everything the same as posted above expect for the external server I had to put;
vdc01.internal.company.com

Still won't work if set to active directory though and I have no idea why. I also suspect that NTLMv2 won't provide some of the things that using AD will, so would still be interested in getting that working correctly.

**jayg30** · 09-17-2014, 03:29 AM

Re: Active Directory on Konica Minolta C353

I did a tcpdump and opened it up with wireshark. The first dump using AD domain name as "vdc01.internal.company.com" didn't look right at all. Did a second dump using "internal.company.com" and it looks like it is connecting to the server, binding to LDAP, getting Kerberos, and so on. However at the end there is;

Summary

Code:

55    0.049609    192.168.0.5    192.168.0.240    LDAP    124    bindResponse(3) invalidCredentials (SASL:[GSS-SPNEGO]: NT_STATUS_LOGON_FAILURE)

Details

Code:

LDAPMessage bindResponse(3) invalidCredentials (SASL:[GSS-SPNEGO]: NT_STATUS_LOGON_FAILURE)
    messageID: 3
    protocolOp: bindResponse (1) 
           bindResponse
              resultCode: invalidCredentials (49)
              matchedDN: 
              errorMessage: SASL:[GSS-SPNEGO]: NT_STATUS_LOGON_FAILURE
              serverSaslCreds: <MISSING>

I know the credentials I'm using are good (I use them to login to all servers/desktop in the domain). I'm not an expert with wireshark and haven't used it to inspect packets in many years. If anyone out there thinks they can point me in the right direction that would be great. I can send the tcpdump if necessary.

Thanks

**slimslob** · 09-17-2014, 05:42 AM

Re: Active Directory on Konica Minolta C353

Have you tried turning On "DNS Domain Auto Obtain" in "DNS Domain Name Setting" and "DNS Server Setting"? If for no reason other than to see if it returns any different information than what you have entered manually. Same can be said for obtaining IP Address from DHCP

**emujo** · 09-17-2014, 04:35 PM

Re: Active Directory on Konica Minolta C353

Somewhat related...AD will not work if time is off by even a small amount. Try turning time server on and use their NTP server to get the server/MFP times synched. Search base would not be required using AD, only the correct domain settings. Emujo

**jayg30** · 09-18-2014, 12:48 AM

Re: Active Directory on Konica Minolta C353

Originally posted by slimslob

Have you tried turning On "DNS Domain Auto Obtain" in "DNS Domain Name Setting" and "DNS Server Setting"? If for no reason other than to see if it returns any different information than what you have entered manually. Same can be said for obtaining IP Address from DHCP

I have turned on auto obtain in the past, however I'm not exactly sure how to tell what it obtains because I don't see it displayed anywhere. However I control and setup the entire network so I do have a strong knowledge of how everything is configured. I'm positive it isn't gettiing the right value when set to auto obtain because I don't believe I ever set the network up to distribute domain info automatically. I assume it would attempt to obtain it from a DHCP server. Also since I have the printer setup with a static ip, things like auto obtain are probably not going to work.

I'm pretty sure I have the domain name settings correct because of ping tests I've done. If I don't set it and ping a domain resource by just hostname (server1) it fails and you have to define the fqdn (server1.internal.company.com) to get a response. However with the domain (internal.company.com) entered you can then ping by just hostname (server1). And the DNS server gas to be set right or that wouldn't work, plus its the only dns server right now and I set it up so not much of an option really (I push the same info via DHCP).

After seeing the packet info I'm thinking it's something on the AD server. Something being sent by the printer not being handled by the AD server correctly. I'm going to reach out on that end for some help also.

**jayg30** · 09-18-2014, 12:51 AM

Re: Active Directory on Konica Minolta C353

Originally posted by emujo

Somewhat related...AD will not work if time is off by even a small amount. Try turning time server on and use their NTP server to get the server/MFP times synched. Search base would not be required using AD, only the correct domain settings. Emujo

Yep aware of that also and checked. The time on the printer is set to sync with the NTP server which is also installed on the AD server (192.168.0.5). Time seemed to be synced without issue. I also setup the NTP server so did check that.

**slimslob** · 09-18-2014, 02:28 AM

Re: Active Directory on Konica Minolta C353

Originally posted by jayg30

I'm not exactly sure how to tell what it obtains because I don't see it displayed anywhere.

Most machines have some means of printing the current network settings

Active Directory on Konica Minolta C353

Active Directory on Konica Minolta C353

Comment

Comment

Comment

Comment

Comment

Comment

Comment