[Samba] Authenticating against Samba 4 AD LDAP service

Konstantin Boyandin lists at boyandin.info
Wed Sep 5 08:46:04 UTC 2018


Hello,

One of Samba 3 -> Samba 4 migration task I am solving is changing 
authentication against new Samba 4 AD domain.

Existing services use LDAP directory of Samba 3 to authenticate. The 
simplest way to go would be just to replace LDAP credentials; however, I 
don't quite understand which LDAP credentials to use/how to create them 
for Samba 4 AD.

Sample command against Samba 4 LDAP service:

# ldapsearch -D "cn=Manager,dc=company,dc=lan" -w [password] -H 
ldap://10.100.0.4 -b "dc=ad-lan,dc=com" -s sub "(objectclass=*)"
returns
ldap_bind: Strong(er) authentication required (8)
	additional info: BindSimple: Transport encryption required.

I would appreciate a link to possible source of wisdom, or explanations 
in here.

Note: I can do searches using Kerberos authentication on Samba 4 
installation, like this:

# kinit administrator
# ldbsearch -H ldap://dc.ad-lan.com -k yes '(objectclass=person)'

but Kerberos is not an option for some existing services.

Sincerely,
Konstantin



More information about the samba mailing list