[Samba] 'LDAP_PROTOCOL_ERROR' when NTLMSSP_NEGOTIATE bind request
Rowland Penny
rpenny at samba.org
Thu Oct 23 14:25:35 UTC 2025
On Thu, 23 Oct 2025 14:15:13 +0000
Nicolas Martinussen <nicolas.martinussen at joskin.com> wrote:
>
> This appears to be searching in 'secrets.ldb' and failing, any idea
> what the search command is ?
> From what I see in the packet capture I have done, it doesn't look
> like it's searching anything at that moment.
Something must be starting off the process, it is that command I was
referring to.
>
> Why 'WINS' ? Your clients should be using DNS, not NetBIOS.
> It's due to an old machine that really needs WINS (an old Windows NT
> Embedded). I would really like to disable that, but I sadly can't
Are we talking about something like a very expensive machine tool ? If
so, you would probably be better off setting up an intermediate Samba
server that can talk to the tool in SMB1, but can only listen to the
rest of the domain in SMBv2/3.
>
> >
> > # TLS
> > tls enabled = yes
> > tls keyfile = tls/dc-01.2023.key
> > tls certfile = tls/dc-01.2023.crt
> > tls cafile = tls/CA/MYDOMAIN.2023.crt
> > # TLS
> >
> > ntlm auth = ntlmv1-permitted
> > lanman auth = yes
> > client lanman auth = yes
> > server min protocol = NT1
> > client min protocol = NT1
>
> Why are you using SMBv1 ?
> It's also some configuration that I need to disable, but a production
> machine is still using SMBv1. As soon as this machine is migrated to
> another SMB server (for old machines), I'll remove those 5 config
> lines
All that SMBv1 stuff may be your problem.
Rowland
More information about the samba
mailing list