[Samba] How to use --simple-bind-dn in samba-tool
Andrew Bartlett
abartlet at samba.org
Wed Aug 7 17:44:51 MDT 2013
On Wed, 2013-08-07 at 17:16 +0700, Olivier Nicole wrote:
> Hi,
>
> I understand that using options -H and --simple-bind-dn one could run
> samba-tool remotely.
>
> But how should I specify the DN to use for simple bind?
>
> I tried many syntaxes:
> cn=Administrator
> cn=Administrator at domain
> domain
> all with the Administrator password, but it always fail with:
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <Simple Bind Failed: NT_STATUS_LOGON_FAILURE> <>
> Failed to connect to 'ldap://fbsd35.cs.ait.ac.th/' with backend 'ldap': (null)
>
> Can I use the command ldapsearch (from openLdap distribution) to access
> the LDAP directory maintained by Samba?
>
> If yes, what is the syntax in term of binding?
In general, you shouldn't need --simple-bind-dn, because Samba supports
much more secure ways to authenticated, such as NTLM and Kerberos. Just
specify -U administrator
For the record, for other non-AD servers that don't do SASL and so can't
use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might
be the admin DN on an OpenLDAP server. (this applies more to the ldb*
commands that samba-tool, which probably shouldn't show this option
except it comes from common code).
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba
mailing list