[Samba] 'LDAP_PROTOCOL_ERROR' when NTLMSSP_NEGOTIATE bind request
Rowland Penny
rpenny at samba.org
Fri Oct 24 09:14:40 UTC 2025
On Fri, 24 Oct 2025 08:30:21 +0000
Nicolas Martinussen <nicolas.martinussen at joskin.com> wrote:
> > > > > This appears to be searching in 'secrets.ldb' and failing, any
> > > > > idea what the search command is ?
> > > > > From what I see in the packet capture I have done, it doesn't
> > > > > look like it's searching anything at that moment.
> > > >
> > > > Something must be starting off the process, it is that command
> > > > I was referring to.
> > > >
> > > Oh sorry, hadn't understood that. It's in a webui, but there
> > > isn't a lot to configure... On the previous version of FortiEMS,
> > > there were more things to configure, but it seems they have
> > > removed the other options (and won't add it back as it works with
> > > Windows AD, I've already tried opening a ticket). I'm using LDAP
> > > (not S) just to have clear traffic in the capture, but when I try
> > > with LDAPS, I still have the same error and the same log. Here is
> > > a picture from the UI: https://imgur.com/a/LsFwGG2
> >
> > Sorry, but I cannot see that, I am in the UK
> >
>
> Here is on another site, I hope this one isn't blocked in the UK:
> https://ibb.co/q2ZPfvm
>
I wonder if this could be an authentication problem ?
If I run this ldapsearch on a Unix domain member against one of my DCs:
ldapsearch -x -H ldap://dc03.samdom.example.com -D
CN=rowland,CN=Users,dc=samdom,dc=example,dc=com -w xxxxxxxxxxx -b
'dc=samdom,dc=example,dc=com' -s sub
I get this:
ldap_bind: Strong(er) authentication required (8)
additional info: BindSimple: Transport encryption required.
If I go to the DC and add this to its smb.conf:
ldap server require strong auth = no
Then restart it, if I then rerun the ldapsearch on the Unix domain
member, I get the entire AD domain dumped.
After that, I am lost :-)
Rowland
More information about the samba
mailing list