[Samba] PFsense via Samba Authentication Server -> ERROR! ldap_get_groups() could not bind
Rowland penny
rpenny at samba.org
Fri Sep 18 07:18:43 UTC 2020
On 18/09/2020 08:01, L.P.H. van Belle via samba wrote:
>>> I greatly apologize from being obtuse, but I do not see what I'm
>>> missing. From what I'm reading I should be setting the following:
>>>
>>> Base DN: DC=internal,DC=external,DC=com
>>> Auth. Container: CN=Users,DN=internal,DN=external,DN=com
>>> Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com
>> I think (and I could be talking out of my hat) that extended
>> Query will
>> never work. 'Users' is a member of Domain Users and like
>> Domain Users
>> it has no direct users, or to put it another way, no user has a
>> 'memberof' attribute containing the DN of 'Users' or 'Domain Users'.
>> Have you tried creating another group, such as 'VPN Users' ??
>>
>> The other question is, is that DN correct and if so how ? In
>> my domain, 'Users' is at 'CN=Users,CN=Builtin,DC=samdom,DC=example,DC=com'
> CN=Users,CN=Builtin, = in windows "this computer, there Users"
> And in linux same as the local linux users (group)
>
>>> Base DN: DC=internal,DC=external,DC=com
>>> Auth. Container: CN=Users,DN=internal,DN=external,DN=com
>>> Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com
> Base DN: DC=internal,DC=external,DC=com correct
> DN=Users,DN=internal,DN=external,DN=com wrong correct
> ^^^
> CN chnaged to DN.
>
> Extended Query: memberof=CN=Users,DN=internal,DN=engineers,DN=com Wrong.
>
> Now this "might be correct, If YOU crected a Cn=Users,
> but i think you want "memberof=CN=Domain Users,DN=Users,DN=internal,DN=engineers,DN=com
>
>
>
> Greetz,
>
> Louis
>
>
If the actual ldap search uses 'memberOf=' with that DN, it will NEVER
work, no user in the OP's AD will have this line:
memberOf: CN=Domain Users,CN=Users,DC=internal,DC=engineers,DC=com
in their object, yet all users are members of Domain Users.
Rowland
More information about the samba
mailing list