[Samba] RODC and LDAP via Simple Authentication fails
Johannes Engel
jcnengel+samba at gmail.com
Mon Jan 22 19:36:04 UTC 2018
Dear all,
setting up a DMZ environment I was thinking to use an RODC there for
user authentication. One of the application in the DMZ needs to access
the directory via LDAP.
When I tried to connect to the RODC using LDAP with simple bind, I
always received the following error
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 6fa, v1db1
even though the credentials used are correct and do work with the
"normal" DCs.
I have already added the corresponding user to the group "Allowed RODC
Password Replication Group", but that did not change anything...
Authentication through Kerberos seems to work, but is not an option for
the application, unfortunately.
Did I miss anything that prevents my scenario to work by design? Thanks
a lot for your help!
Best regards
Johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20180122/7082f46e/signature.sig>
More information about the samba
mailing list