Why do I get a failed to connect to LDAP URL when using Samba's Ldb Python module?
Andrew Bartlett
abartlet at samba.org
Sat Aug 15 06:01:01 UTC 2015
On Fri, 2015-08-14 at 15:36 -0700, Richard Sharpe wrote:
> On Fri, Aug 14, 2015 at 1:59 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
> > Hi folks,
> >
> > I just got this:
> >
> > >>> from samba import Ldb
> > >>> ldb_obj =
> > Ldb('ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com',
> > credentials=creds)
> > Failed to connect to ldap URL
> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' - LDAP client
> > internal error: NT_STATUS_BAD_NETWORK_NAME
> > Failed to connect to
> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' with backend
> > 'ldap':(null)
> > Traceback (most recent call last):
> > File "<stdin>", line 1, in <module>
> > File "/usr/lib64/python2.6/site-packages/samba/__init__.py",
> > line
> > 114, in __init__
> > self.connect(url, flags, options)
> > _ldb.LdbError: (1, None)
> >
> > It looked so easy ... but wasn't.
> >
> > What have I done wrong?
>
> OK, I seem to have made some progress on this:
>
> >>> from samba.credentials import DONT_USE_KERBEROS
> >>> creds = Credentials()
> >>> creds.set_kerberos_state(DONT_USE_KERBEROS)
> >>> creds.set_username('administrator')
> >>> creds.set_password("some-pass")
> >>> creds.set_forced_sasl_mech("EXTERNAL")
You probably don't want this line.
> >>> ldb_obj = Ldb("ldap://10.4.45.1", credentials=creds)
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -
> <80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext
> error, data 52e, v1db1> <>
> Failed to connect to 'ldap://10.4.45.1' with backend 'ldap':
> (null)
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "/usr/lib64/python2.6/site-packages/samba/__init__.py",
> line
> 114, in __init__
> self.connect(url, flags, options)
> _ldb.LdbError: (49, None)
>
> However, it always tries to use simple auth and fails as above. I do
> see LDAP bind requests now, however.
>
> Any ideas as to what I am doing wrong?
>
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list