[Samba] PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind
Rowland penny
rpenny at samba.org
Wed Sep 16 17:49:10 UTC 2020
On 16/09/2020 17:34, Marco Shmerykowsky via samba wrote:
> I followed the instructions on the OpenVPN site for creating
> the bind user:
>
> https://openvpn.net/vpn-server-resources/openvpn-access-server-on-active-directory-via-ldap/#Create_and_configure_a_bind_user
>
OK after reading the supplied link, I think I see where the
miss-understanding is coming from. Under the heading 'Only allow users
from one specific group to log on'
Which is pretty clear, there is this:
In fact the whole idea is that you are restricting your query to only a
portion of the LDAP directory that meets your requirements, and any user
that doesn’t meet that requirement, simply cannot be found in the LDAP
directory.
Here you could think that 'portion' was an OU, I think it should be:
In fact the whole idea is that you are restricting your query to only
members of a particular AD group, and any user that isn’t in that group,
simply will not be found in the LDAP directory.
For example if the user 'rowland' was searched for using this LDAP
filter
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=rowland)(memberOf='GROUPS_DN'))"
The user would only be found if it was a member of the required group
Rowland
More information about the samba
mailing list