[Samba] Ldapsearch against Samba 4

John Gardeniers jgardeniers at objectmastery.com
Tue Apr 19 00:29:17 UTC 2016

I'm setting up a test domain in order to try out Sudoers LDAP and have 
run into a problem that has my puzzled. On our production domain I can 
run a query such as:

ldapsearch  -LLL -p389 -h DC -u me at ourdomain.com.au -W -X -LLL -b 
"dc=ourdomain,dc=com,dc=au" -s sub

However, running an equivalent search on a freshly installed test 
domain, using the exact same version of Samba and the same smb.conf 
(with appropriate domain adjustments), I get the following error:

ldap_sasl_interactive_bind_s: Strong(er) authentication required (8)
     additional info: SASL:[NTLM]: Sign or Seal are required.

I believe this is the problem behind sssd not working on the test domain 
client, which I need to get working before I can proceed.

To the best of my recollection, we have never done anything special to 
the production domain to allow such queries. What have I missed?


More information about the samba mailing list