[Samba] Cannot bind to AD using nslcd
Rowland Penny
rowlandpenny at googlemail.com
Wed Nov 19 09:38:16 MST 2014
On 19/11/14 16:30, Rob Mason wrote:
> Thanks again Rowland - that particular URL is one I've followed earlier
> today.
>
> I've honestly been at this about 5 hours! I've even taken my Wheezy box
> back to install and re-provisioned the AD just to be sure!
>
> My suspicion still remains with the format of 'binddn'.
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Rowland Penny
> Sent: 19 November 2014 16:26
> To: Rob Mason; samba at lists.samba.org
> Subject: Re: [Samba] Cannot bind to AD using nslcd
>
> On 19/11/14 16:16, Rob Mason wrote:
>> Thanks Rowland, but that space is pasted into my email by accident -
>> it isn't in the original nslcd.conf file.
>>
>> Checked again and re-pasted:
>>
>> binddn cn=nslcd-connect,cn=Users,dc=acasta,dc=intra
>>
>> Is this definitely the correct format for 'binddn' - the man page
>> doesn't specify format???
> It has been some time since I used nslcd, but I believe it is correct.
>
> Have a look here, this may help:
> http://wiki.gentoo.org/wiki/Centralized_authentication_with_Samba_AD_/HOWTO
>
> If it does and you get it working, can you post what you changed and if
> required, I will update the howto.
>
> Rowland
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org]
>> On Behalf Of Rowland Penny
>> Sent: 19 November 2014 16:10
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Cannot bind to AD using nslcd
>>
>> On 19/11/14 15:54, Rob Mason wrote:
>>> Hi Again - following on from my last request for help, I'm now
>>> attempting to setup LDAP auth against my working samba4 AD.
>>>
>>> Simplistically, I'm trying initially to SSH into my AD server
>>> (working) using nslcd.
>>> I've tried method #1 from
>>> https://wiki.samba.org/index.php/Local_user_management_and_authentica
>>> t
>>> ion/ns
>>> lcd
>>>
>>> My simple config is:
>>>
>>> uid nslcd
>>> gid nslcd
>>> uri ldap://127.0.0.1:389
>>> base cn=Users,dc=acasta,dc=intra
>>> binddn cn=nslcd-connect,cn=Users, dc=acasta,dc=intra
>> ^
>> You have a space here
>>
>> Rowland
>>
>>> bindpw xxxxx
>>>
>>> filter passwd (objectClass=user)
>>> filter group (objectClass=group)
>>> map passwd uid sAMAccountName
>>> map passwd homeDirectory unixHomeDirectory
>>> map passwd gecos displayName
>>> map passwd gidNumber primaryGroupID
>>> #map group uniqueMember member
>>>
>>> Nsswitch.conf has been modified to include ldap.
>>> Pam.conf has the appropriate values.
>>>
>>> My syslog says:
>>> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)>
>>> failed to bind to LDAP server ldap://kepler.acasta.intra/: Invalid
>>> credentials: Simple Bind
>>> Failed: NT_STATUS_LOGON_FAILURE
>>> Nov 19 14:32:35 kepler nslcd[13159]: [8b4567] <passwd(all)> no
>>> available LDAP server found: Invalid credentials
>>>
>>> # ldapsearch -x -D 'ACASTA\nslcd-connect' -w 'xxxxx' -E
>>> pr=1000/noprompt -b 'cn=Users,dc=acasta,dc=intra' SAMAccountName uid
>>> uidNumber
>>>
>>> .authenticates and lists all my user objects
>>>
>>> I've convinced myself that the problem somehow lies within the 'binddn'
>>> setting. After several hours I'm no further forward.
>>>
>>> Can anyone throw any light here???
>>>
>>> TIA
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
OK, can you confirm that you are using samba 4.1.11 from backports, you
have created the user 'nslcd-connect' in AD and you are trying to ssh
into the AD DC .
Rowland
More information about the samba
mailing list