[Samba] can't connect ldapsearch with samba 4
Rowland penny
rpenny at samba.org
Mon Jun 20 16:40:53 UTC 2016
On 20/06/16 17:08, Trenta sis wrote:
> Hi,
> solved only making this changes :
> in /etc/ldap/ldap.conf
> add
> TLS_CACERT /etc/ldap/ca.pem.crt
>
> sample query with ldaps
> # ldapsearch -H ldaps://server -x -LLL -z 0 -D
> "CN=user,CN=Users,DC=domain,DC=com" -w "p" -b "CN=Users,DC=domain,DC=com"
>
>
> Solved!
>
> Thanks
>
>
>
> 2016-06-19 18:55 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>
>> Hi,
>>
>> First of all thans for you answer.
>>
>> I have tried but is not working, we receive:
>>
>> # kinit administrator
>> Password for administrator at DOM.COM:
>> Warning: Your password will expire in 33 days on Fri 22 Jul 2016 07:52:12
>> PM CEST
>>
>> # ldbsearch -H ldap://debian8DC1 "cb=administrator" -k yes
>> Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
>> Failed to connect to 'ldap://debian8DC1' with backend 'ldap': (null)
>> Failed to connect to ldap://debian8DC1 - (null)
>>
>> It is possible to keep same or similar configuration used with samba 3 +
>> openldap to make querys to ldap, we have many scripts using ldapsearch...
>> It is possible keep scripts using ldapsearch?
>>
>> Thanks
>>
>>
>> 2016-06-17 16:20 GMT+02:00 Trenta sis <trenta.sis at gmail.com>:
>>
>>> Hi,
>>>
>>> I'm trying to migrate samba 3 NT domain to samba 4 AD, we have migrated
>>> data and it seems correct, but now we need to connect with ldapsearch but
>>> always receive errors like
>>> ldap_bind: Strong(er) authentication required (8)
>>> additional info: BindSimple: Transport encryption required.
>>>
>>> command used is
>>> /usr/bin/ldapsearch -H ldap://server -x -LLL -z 0 -D
>>> "uid=user,ou=Users,dc=domain,dc=com" -w "pwd" -b "ou=Users,dc=domain,dc=com"
>>>
>>> I have tested authentication with ssl from an external application and
>>> work OK and seems correctly configured
>>>
>>> I have tried to run ldapsearch with ssl and without but always receive
>>> errors. Using ldapadmin client I can connect with gssapi with port 389, but
>>> with ldapsearch I can't work...
>>>
>>> how can I query samba 4 AD ldap with ldapsearch?
>>>
>>>
>>> Thanks
>>>
>>
I would use ldbsearch with kerberos, it is more secure, see here:
https://lists.samba.org/archive/samba/2016-June/200364.html
Rowland
More information about the samba
mailing list