[Samba] 'LDAP_PROTOCOL_ERROR' when NTLMSSP_NEGOTIATE bind request
Rowland Penny
rpenny at samba.org
Fri Oct 24 12:32:22 UTC 2025
On Fri, 24 Oct 2025 11:44:49 +0000
Nicolas Martinussen <nicolas.martinussen at joskin.com> wrote:
> I've found a way to reproduce the issue I have with a small C# code
> executed on Windows. It gets me almost the same packets when I do a
> capture, I also get the 'LDAP_PROTOCOL_ERROR' in the Samba logs, and
> when I try it against a Windows DC, it works.
>
> Here is the code:
>
> using System.DirectoryServices.Protocols;
> using System.Net;
>
> class Program
> {
> static void Main()
> {
> string ldapServer = "dc-01.ad.mydomain.com";
>
> LdapConnection ldap = new LdapConnection(ldapServer);
> ldap.AuthType = AuthType.Ntlm;
> ldap.Credential = new NetworkCredential("ldap", "PASSWORD",
> "MYDOMAIN");
>
> ldap.Bind();
> }
> }
>
> It seems like AuthType.Ntlm isn't supported by the Samba code. When I
> try the same code with AuthType.Basic, in that case, it works (I get
> the "Strong authentication is required for this operation.", but
> that's normal as I use LDAP and not LDAPS).
>
I am also fairly certain it is supported, but I am also running out of
ideas. My last idea is, you are using 'ldap at ad.mydomain.com' for the
username, what if it expects the samaccountname ? try it with just
'ldap' (which I presume is an AD username).
Rowland
More information about the samba
mailing list