[Samba] Cannot bind to AD using nslcd
Rowland Penny
rowlandpenny at googlemail.com
Wed Nov 19 09:09:55 MST 2014
On 19/11/14 15:54, Rob Mason wrote:
> Hi Again - following on from my last request for help, I'm now attempting to
> setup LDAP auth against my working samba4 AD.
>
> Simplistically, I'm trying initially to SSH into my AD server (working)
> using nslcd.
> I've tried method #1 from
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
> lcd
>
> My simple config is:
>
> uid nslcd
> gid nslcd
> uri ldap://127.0.0.1:389
> base cn=Users,dc=acasta,dc=intra
> binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
^
You have a space here
Rowland
> bindpw xxxxx
>
> filter passwd (objectClass=user)
> filter group (objectClass=group)
> map passwd uid sAMAccountName
> map passwd homeDirectory unixHomeDirectory
> map passwd gecos displayName
> map passwd gidNumber primaryGroupID
> #map group uniqueMember member
>
> Nsswitch.conf has been modified to include ldap.
> Pam.conf has the appropriate values.
>
> My syslog says:
> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> failed to bind
> to LDAP server ldap://kepler.acasta.intra/: Invalid credentials: Simple Bind
> Failed: NT_STATUS_LOGON_FAILURE
> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> no available
> LDAP server found: Invalid credentials
>
> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E pr=1000/noprompt -b
> 'cn=Users,dc=acasta,dc=intra' SAMAccountName uid uidNumber
>
> .authenticates and lists all my user objects
>
> I've convinced myself that the problem somehow lies within the 'binddn'
> setting. After several hours I'm no further forward.
>
> Can anyone throw any light here???
>
> TIA
>
>
More information about the samba
mailing list