[Samba] Cannot bind to AD using nslcd
jtyocum at uw.edu
Wed Nov 19 09:20:42 MST 2014
Have you done an ldapsearch to lookup that user's full DN? Though that
would appear to be correct, assuming your AD domain is acasta.intra.
On 11/19/2014 08:16 AM, Rob Mason wrote:
> Thanks Rowland, but that space is pasted into my email by accident - it
> isn't in the original nslcd.conf file.
> Checked again and re-pasted:
> binddn cn=nslcd-connect,cn=Users,dc=acasta,dc=intra
> Is this definitely the correct format for 'binddn' - the man page doesn't
> specify format???
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Rowland Penny
> Sent: 19 November 2014 16:10
> To: samba at lists.samba.org
> Subject: Re: [Samba] Cannot bind to AD using nslcd
> On 19/11/14 15:54, Rob Mason wrote:
>> Hi Again - following on from my last request for help, I'm now
>> attempting to setup LDAP auth against my working samba4 AD.
>> Simplistically, I'm trying initially to SSH into my AD server
>> (working) using nslcd.
>> I've tried method #1 from
>> My simple config is:
>> uid nslcd
>> gid nslcd
>> uri ldap://127.0.0.1:389
>> base cn=Users,dc=acasta,dc=intra
>> binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
> You have a space here
>> bindpw xxxxx
>> filter passwd (objectClass=user)
>> filter group (objectClass=group)
>> map passwd uid sAMAccountName
>> map passwd homeDirectory unixHomeDirectory
>> map passwd gecos displayName
>> map passwd gidNumber primaryGroupID
>> #map group uniqueMember member
>> Nsswitch.conf has been modified to include ldap.
>> Pam.conf has the appropriate values.
>> My syslog says:
>> Nov 19 14:32:35 kepler nslcd: [8b4567] <passwd(all)> failed
>> to bind to LDAP server ldap://kepler.acasta.intra/: Invalid
>> credentials: Simple Bind
>> Failed: NT_STATUS_LOGON_FAILURE
>> Nov 19 14:32:35 kepler nslcd: [8b4567] <passwd(all)> no
>> available LDAP server found: Invalid credentials
>> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E
>> pr=1000/noprompt -b 'cn=Users,dc=acasta,dc=intra' SAMAccountName uid
>> .authenticates and lists all my user objects
>> I've convinced myself that the problem somehow lies within the 'binddn'
>> setting. After several hours I'm no further forward.
>> Can anyone throw any light here???
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
John Yocum, Systems Administrator, DEOHS
More information about the samba