Not able to authenticate with check_ldap

[jmashburn]

I am trying to set up Active Directory using a Windows DC, and it keeps failing to bind. When I run the this command:
/usr/local/nagios/libexec/check_ldap -H somedc.domain.com -b "OU=Users,OU=IT Admins - NO GPOs,DC=****,DC=******,DC=com" -D "CN=admin,OU=Users,OU=IT Admins - NO GPOs,DC=******,DC=*****,DC=com" -P "******" -3 -v
It returns back with invalid credentials (49). I know these credentials work because I am remoted into the DC with those credentials and I can verify that it is communicating with the DC because the account keeps getting locked after a few tries.

I am kind of out of ideas on what to do, since I know this account works and I know the account is a domain admin, and I know the password is right, so is there something I am missing?

[cdienger]

Do you have any special characters in the password? If you do you'll need to escape them and remove the quotes. For example:

Code: Select all

/usr/local/nagios/libexec/check_ldap -H somedc.domain.com -b "OU=Users,OU=IT Admins - NO GPOs,DC=****,DC=******,DC=com" -D "CN=admin,OU=Users,OU=IT Admins - NO GPOs,DC=******,DC=*****,DC=com" -P password\! -3 -v

[jmashburn]

Yup that was it. I didn't think about the special character. Verified it works once escaped.

[scottwilkerson]

Yup that was it. I didn't think about the special character. Verified it works once escaped.

Great!

Locking thread