[Samba] Cannot bind to AD using nslcd

Rob Mason rob.mason at acasta.co.uk
Wed Nov 19 09:16:16 MST 2014

Thanks Rowland, but that space is pasted into my email by accident - it
isn't in the original nslcd.conf file.

Checked again and re-pasted:

binddn cn=nslcd-connect,cn=Users,dc=acasta,dc=intra

Is this definitely the correct format for 'binddn' - the man page doesn't
specify format???

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Rowland Penny
Sent: 19 November 2014 16:10
To: samba at lists.samba.org
Subject: Re: [Samba] Cannot bind to AD using nslcd

On 19/11/14 15:54, Rob Mason wrote:
> Hi Again - following on from my last request for help, I'm now 
> attempting to setup LDAP auth against my working samba4 AD.
> Simplistically, I'm trying initially to SSH into my AD server 
> (working) using nslcd.
> I've tried method #1 from
> https://wiki.samba.org/index.php/Local_user_management_and_authenticat
> ion/ns
> lcd
> My simple config is:
>    uid nslcd
>    gid nslcd
>    uri ldap://
>    base cn=Users,dc=acasta,dc=intra
>    binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
                                    You have a space here


>    bindpw xxxxx
>    filter  passwd  (objectClass=user)
>    filter  group   (objectClass=group)
>    map     passwd  uid                sAMAccountName
>    map     passwd  homeDirectory      unixHomeDirectory
>    map     passwd  gecos              displayName
>    map     passwd  gidNumber          primaryGroupID
>    #map     group   uniqueMember       member
> Nsswitch.conf has been modified to include ldap.
> Pam.conf has the appropriate values.
> My syslog says:
>    Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> failed 
> to bind to LDAP server ldap://kepler.acasta.intra/: Invalid 
> credentials: Simple Bind
>    Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> no 
> available LDAP server found: Invalid credentials
> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E 
> pr=1000/noprompt -b 'cn=Users,dc=acasta,dc=intra' SAMAccountName uid 
> uidNumber
> .authenticates and lists all my user objects
> I've convinced myself that the problem somehow lies within the 'binddn'
> setting. After several hours I'm no further forward.
> Can anyone throw any light here???

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list