[Samba] NT_STATUS_LOGON_FAILURE when trying to bind LDAP

contact at makz.me contact at makz.me
Thu Mar 9 10:51:07 UTC 2017



I have a samba 4 active directory, i have some application who use the
Administrator user to bind the LDAP.

No problems with the Administrator user but i'd like to create an application
specific user to bind the LDAP.


Unfortunately when i try to do a simple ldapsearch with the new user (the user
is in domain admins/administrators & schema admins) it throw me a


[root at dc tls]# id ssp  
uid=3000026(DOMAIN\ssp) gid=513(DOMAIN\domain users) groups=513(DOMAIN\domain
users),3000026(DOMAIN\ssp),512(DOMAIN\domain admins),3000003(DOMAIN\schema
admins),3000001(DOMAIN\denied rodc password replication
[root at dc tls]# ldapsearch -xLLL -H ldaps://localhost:636 -D
"CN=ssp,CN=Users,DC=domain,DC=be" -W -b "DC=domain,DC=be"  
Enter LDAP Password:  
ldap_bind: Invalid credentials (49)  
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE  


but i can connect in the domain


[root at dc tls]# smbclient  //dc/common -U 'DOMAIN\ssp'  
Enter DOMAIN\ssp's password:  
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.5.5-SerNet-RedHat-13.el7]  
smb: \>  


So my first question, is it possible to create a user who have the full rights
in the LDAP ?

If yes, second question, how to create it ?


Thank you.


More information about the samba mailing list