[Samba] Cannot bind to AD using nslcd
Rowland Penny
rowlandpenny at googlemail.com
Wed Nov 19 09:12:58 MST 2014
On 19/11/14 16:09, Rowland Penny wrote:
> On 19/11/14 15:54, Rob Mason wrote:
>> Hi Again - following on from my last request for help, I'm now
>> attempting to setup LDAP auth against my working samba4 AD.
>>
>> Simplistically, I'm trying initially to SSH into my AD server
>> (working) using nslcd. I've tried method #1 from
>>
https://wiki.samba.org/index.php/Local_user_management_and_authentication/ns
>>
>>
lcd
>>
>> My simple config is:
>>
>> uid nslcd gid nslcd uri ldap://127.0.0.1:389 base
>> cn=Users,dc=acasta,dc=intra binddn cn=nslcd-connect,cn=Users,
>> dc=acasta,dc=intra
> ^ You have a space here
>
> Rowland
>
>> bindpw xxxxx
>>
>> filter passwd (objectClass=user) filter group
>> (objectClass=group) map passwd uid
>> sAMAccountName map passwd homeDirectory
>> unixHomeDirectory map passwd gecos displayName
>> map passwd gidNumber primaryGroupID #map group
>> uniqueMember member
>>
>> Nsswitch.conf has been modified to include ldap. Pam.conf has the
>> appropriate values.
>>
>> My syslog says: Nov 19 14:32:35 kepler nslcd[13159]: [8b4567]
>> <passwd(all)> failed to bind to LDAP server
>> ldap://kepler.acasta.intra/: Invalid credentials: Simple Bind
>> Failed: NT_STATUS_LOGON_FAILURE Nov 19 14:32:35 kepler
>> nslcd[13159]: [8b4567] <passwd(all)> no available LDAP server
>> found: Invalid credentials
>>
>> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E
>> pr=1000/noprompt -b 'cn=Users,dc=acasta,dc=intra' SAMAccountName
>> uid uidNumber
>>
>> .authenticates and lists all my user objects
>>
>> I've convinced myself that the problem somehow lies within the
>> 'binddn' setting. After several hours I'm no further forward.
>>
>> Can anyone throw any light here???
>>
>> TIA
>>
>>
>
Darn email client I will try again
binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
^
You have a space here
Rowland
More information about the samba
mailing list