[Samba] can't connect ldapsearch with samba 4
rpenny at samba.org
Sun Jun 19 18:14:19 UTC 2016
On 19/06/16 17:55, Trenta sis wrote:
> First of all thans for you answer.
> I have tried but is not working, we receive:
> # kinit administrator
> Password for administrator at DOM.COM:
> Warning: Your password will expire in 33 days on Fri 22 Jul 2016 07:52:12
> PM CEST
> # ldbsearch -H ldap://debian8DC1 "cb=administrator" -k yes
> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
> Failed to connect to 'ldap://debian8DC1' with backend 'ldap': (null)
> Failed to connect to ldap://debian8DC1 - (null)
> It is possible to keep same or similar configuration used with samba 3 +
> openldap to make querys to ldap, we have many scripts using ldapsearch...
> It is possible keep scripts using ldapsearch?
> 2016-06-17 16:20 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>> I'm trying to migrate samba 3 NT domain to samba 4 AD, we have migrated
>> data and it seems correct, but now we need to connect with ldapsearch but
>> always receive errors like
>> ldap_bind: Strong(er) authentication required (8)
>> additional info: BindSimple: Transport encryption required.
>> command used is
>> /usr/bin/ldapsearch -H ldap://server -x -LLL -z 0 -D
>> "uid=user,ou=Users,dc=domain,dc=com" -w "pwd" -b "ou=Users,dc=domain,dc=com"
>> I have tested authentication with ssl from an external application and
>> work OK and seems correctly configured
>> I have tried to run ldapsearch with ssl and without but always receive
>> errors. Using ldapadmin client I can connect with gssapi with port 389, but
>> with ldapsearch I can't work...
>> how can I query samba 4 AD ldap with ldapsearch?
OK, I think your search isn't quite right, when I kinit as
Administrator, then run this:
rowland at devstation:~$ ldbsearch -H ldap://dc1 -b
"dc=samdom,dc=example,dc=com" -s sub '(samaccountname=Administrator)' -k yes
I get this:
# record 1
description: Built-in account for administering the computer/domain
memberOf: CN=Group Policy Creator
memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
# returned 4 records
# 1 entries
# 3 referrals
So you see it does work.
Only thing else I can think of, do you have libpam-krb5 installed on the
DC & Unix clients ?
More information about the samba