[Samba] RODC and LDAP via Simple Authentication fails

Johannes Engel jcnengel+samba at gmail.com
Mon Jan 22 19:36:04 UTC 2018

Dear all,

setting up a DMZ environment I was thinking to use an RODC there for
user authentication. One of the application in the DMZ needs to access
the directory via LDAP.

When I tried to connect to the RODC using LDAP with simple bind, I
always received the following error

ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 6fa, v1db1

even though the credentials used are correct and do work with the
"normal" DCs.

I have already added the corresponding user to the group "Allowed RODC
Password Replication Group", but that did not change anything...

Authentication through Kerberos seems to work, but is not an option for
the application, unfortunately.

Did I miss anything that prevents my scenario to work by design? Thanks
a lot for your help!

Best regards

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20180122/7082f46e/signature.sig>

More information about the samba mailing list