[Samba] Samba 4 with LDAP proxy in DMZ

Marc Muehlfeld samba at marc-muehlfeld.de
Mon Aug 12 11:25:53 MDT 2013

Hello Julian,

Am 08.08.2013 18:14, schrieb Julian Pilfold-Bagwell:
> I'm setting up a Samba AD domain which works perfectly with the WIn 7
> server tools and so far everything is going fine.  What has me stumped
> is setting up an LDAP proxy in our DMZ against which I can authenticate
> our email and web services.
> I've got port 389 open on my main Samba 4 DC and if I use the domain
> administrator account to bind the proxy, everything works.  In order to
> give a degree of separation however, I've created a user called
> ldapbindacc and have used the server remote admin tools to delegate
> control of the directory server to that user with read only access to
> user and group details.  When I try to access the directory using this
> account, I get the following error message (the password is definitely
> correct):
> # ldapsearch -LLL -H ldap:// -b
> 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D
> 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W
> '(sAMAccountName=Test.User)'
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>      additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE
> As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been
> patching things together from various howto's.  Has anyone succeeded in
> this who can give me some tips.

Here I described how to setup an openLDAP proxy to AD:
(incl. authenticating other ldap based services)


More information about the samba mailing list