[Samba] PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind
L.P.H. van Belle
belle at bazuin.nl
Fri Sep 18 07:01:57 UTC 2020
> >
> > I greatly apologize from being obtuse, but I do not see what I'm
> > missing. From what I'm reading I should be setting the following:
> >
> > Base DN: DC=internal,DC=external,DC=com
> > Auth. Container: CN=Users,DN=internal,DN=external,DN=com
> > Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com
>
> I think (and I could be talking out of my hat) that extended
> Query will
> never work. 'Users' is a member of Domain Users and like
> Domain Users
> it has no direct users, or to put it another way, no user has a
> 'memberof' attribute containing the DN of 'Users' or 'Domain Users'.
> Have you tried creating another group, such as 'VPN Users' ??
>
> The other question is, is that DN correct and if so how ? In
> my domain, 'Users' is at 'CN=Users,CN=Builtin,DC=samdom,DC=example,DC=com'
CN=Users,CN=Builtin, = in windows "this computer, there Users"
And in linux same as the local linux users (group)
> > Base DN: DC=internal,DC=external,DC=com
> > Auth. Container: CN=Users,DN=internal,DN=external,DN=com
> > Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com
Base DN: DC=internal,DC=external,DC=com correct
DN=Users,DN=internal,DN=external,DN=com wrong correct
^^^
CN chnaged to DN.
Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com Wrong.
Now this "might be correct, If YOU crected a Cn=Users,
but i think you want "memberof=CN=Domain Users,DN=Users,DN=internal,DN=engineers,DN=com
Greetz,
Louis
More information about the samba
mailing list