[Samba] Samba 4 with LDAP proxy in DMZ
Marc Muehlfeld
samba at marc-muehlfeld.de
Mon Aug 12 11:25:53 MDT 2013
Hello Julian,
Am 08.08.2013 18:14, schrieb Julian Pilfold-Bagwell:
> I'm setting up a Samba AD domain which works perfectly with the WIn 7
> server tools and so far everything is going fine. What has me stumped
> is setting up an LDAP proxy in our DMZ against which I can authenticate
> our email and web services.
>
> I've got port 389 open on my main Samba 4 DC and if I use the domain
> administrator account to bind the proxy, everything works. In order to
> give a degree of separation however, I've created a user called
> ldapbindacc and have used the server remote admin tools to delegate
> control of the directory server to that user with read only access to
> user and group details. When I try to access the directory using this
> account, I get the following error message (the password is definitely
> correct):
>
> # ldapsearch -LLL -H ldap://127.0.0.1 -b
> 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D
> 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W
> '(sAMAccountName=Test.User)'
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
> additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE
>
> As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been
> patching things together from various howto's. Has anyone succeeded in
> this who can give me some tips.
Here I described how to setup an openLDAP proxy to AD:
http://wiki.samba.org/index.php/Authenticating_other_services_against_AD
(incl. authenticating other ldap based services)
Regards,
Marc
More information about the samba
mailing list