[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 08:54:10 MST 2014

Hi Again - following on from my last request for help, I'm now attempting to
setup LDAP auth against my working samba4 AD.

Simplistically, I'm trying initially to SSH into my AD server (working)
using nslcd.
I've tried method #1 from

My simple config is:

  uid nslcd
  gid nslcd
  uri ldap://
  base cn=Users,dc=acasta,dc=intra
  binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
  bindpw xxxxx

  filter  passwd  (objectClass=user)
  filter  group   (objectClass=group)
  map     passwd  uid                sAMAccountName
  map     passwd  homeDirectory      unixHomeDirectory
  map     passwd  gecos              displayName
  map     passwd  gidNumber          primaryGroupID
  #map     group   uniqueMember       member

Nsswitch.conf has been modified to include ldap.
Pam.conf has the appropriate values.

My syslog says:
  Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> failed to bind
to LDAP server ldap://kepler.acasta.intra/: Invalid credentials: Simple Bind
  Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> no available
LDAP server found: Invalid credentials

# ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E pr=1000/noprompt -b
'cn=Users,dc=acasta,dc=intra' SAMAccountName uid uidNumber
.authenticates and lists all my user objects

I've convinced myself that the problem somehow lies within the 'binddn'
setting. After several hours I'm no further forward.

Can anyone throw any light here???


More information about the samba mailing list