[Samba] Cannot bind to AD using nslcd
John Yocum
jtyocum at uw.edu
Wed Nov 19 09:20:42 MST 2014
Have you done an ldapsearch to lookup that user's full DN? Though that
would appear to be correct, assuming your AD domain is acasta.intra.
--John
On 11/19/2014 08:16 AM, Rob Mason wrote:
> Thanks Rowland, but that space is pasted into my email by accident - it
> isn't in the original nslcd.conf file.
>
> Checked again and re-pasted:
>
> binddn cn=nslcd-connect,cn=Users,dc=acasta,dc=intra
>
> Is this definitely the correct format for 'binddn' - the man page doesn't
> specify format???
>
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Rowland Penny
> Sent: 19 November 2014 16:10
> To: samba at lists.samba.org
> Subject: Re: [Samba] Cannot bind to AD using nslcd
>
> On 19/11/14 15:54, Rob Mason wrote:
>> Hi Again - following on from my last request for help, I'm now
>> attempting to setup LDAP auth against my working samba4 AD.
>>
>> Simplistically, I'm trying initially to SSH into my AD server
>> (working) using nslcd.
>> I've tried method #1 from
>> https://wiki.samba.org/index.php/Local_user_management_and_authenticat
>> ion/ns
>> lcd
>>
>> My simple config is:
>>
>> uid nslcd
>> gid nslcd
>> uri ldap://127.0.0.1:389
>> base cn=Users,dc=acasta,dc=intra
>> binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
> ^
> You have a space here
>
> Rowland
>
>> bindpw xxxxx
>>
>> filter passwd (objectClass=user)
>> filter group (objectClass=group)
>> map passwd uid sAMAccountName
>> map passwd homeDirectory unixHomeDirectory
>> map passwd gecos displayName
>> map passwd gidNumber primaryGroupID
>> #map group uniqueMember member
>>
>> Nsswitch.conf has been modified to include ldap.
>> Pam.conf has the appropriate values.
>>
>> My syslog says:
>> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> failed
>> to bind to LDAP server ldap://kepler.acasta.intra/: Invalid
>> credentials: Simple Bind
>> Failed: NT_STATUS_LOGON_FAILURE
>> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> no
>> available LDAP server found: Invalid credentials
>>
>> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E
>> pr=1000/noprompt -b 'cn=Users,dc=acasta,dc=intra' SAMAccountName uid
>> uidNumber
>>
>> .authenticates and lists all my user objects
>>
>> I've convinced myself that the problem somehow lies within the 'binddn'
>> setting. After several hours I'm no further forward.
>>
>> Can anyone throw any light here???
>>
>> TIA
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
--
John Yocum, Systems Administrator, DEOHS
More information about the samba
mailing list