Error connecting to Active Directory via LDAP using DIGEST-MD5 auth
I have a problem connecting to Active Directory (Windows Server 2008 R2) via LDAP using SASL DIGEST-MD5 authentication mechanism. I get next error:
The authentication failed - [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1]
The same error is reported by different clients. Plaintext authentication with the same credentials works fine.
I know that 49 error means 'invalid credentials' but WHY?
Check that the fully qualified distinguished name is correct. Some servers report invalid credentials for the case where a distinguished name is not found in the directory. This is not a bad thing, it is a good thing because this does not indicate to an attacker that the distinguished name being attempted does not exist.