1. Forum
  2. Usenet
  3. LINUX.SAMBA

  • [Samba] NT_STATUS_LOGON_FAILURE when trying to bind LDAP

    From contact--- via samba@21:1/5 to All on Thu Mar 9 12:20:02 2017
    Hello,



    I have a samba 4 active directory, i have some application who use the Administrator user to bind the LDAP.

    No problems with the Administrator user but i'd like to create an application specific user to bind the LDAP.



    Unfortunately when i try to do a simple ldapsearch with the new user (the user is in domain admins/administrators & schema admins) it throw me a NT_STATUS_LOGON_FAILURE.



    [root@dc tls]# id ssp
    uid=3000026(DOMAIN\ssp) gid=513(DOMAIN\domain users) groups=513(DOMAIN\domain users),3000026(DOMAIN\ssp),512(DOMAIN\domain admins),3000003(DOMAIN\schema admins),3000001(DOMAIN\denied rodc password replication group),3000004(BUILTIN\users),544(BUILTIN\administrators)
    [root@dc tls]# ldapsearch -xLLL -H ldaps://localhost:636 -D "CN=ssp,CN=Users,DC=domain,DC=be" -W -b "DC=domain,DC=be"
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)
    additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE



    but i can connect in the domain



    [root@dc tls]# smbclient //dc/common -U 'DOMAIN\ssp'
    Enter DOMAIN\ssp's password:
    Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.5.5-SerNet-RedHat-13.el7]
    smb: \>



    So my first question, is it possible to create a user who have the full rights in the LDAP ?

    If yes, second question, how to create it ?



    Thank you.



    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rowland Penny via samba@21:1/5 to contact--- via samba on Thu Mar 9 13:10:02 2017
    On Thu, 09 Mar 2017 10:51:07 +0000
    contact--- via samba <samba@lists.samba.org> wrote:

    Hello,



    I have a samba 4 active directory, i have some application who use the Administrator user to bind the LDAP.

    No problems with the Administrator user but i'd like to create an
    application specific user to bind the LDAP.



    So my first question, is it possible to create a user who have the
    full rights in the LDAP ?

    No, your first question should be 'Am I doing this correctly ?'

    and the answer to that is, No ;-)

    See here:

    https://lists.samba.org/archive/samba/2017-February/206334.html

    Rowland


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rowland Penny via samba@21:1/5 to contact@makz.me on Thu Mar 9 15:50:02 2017
    On Thu, 09 Mar 2017 14:18:47 +0000
    "contact@makz.me" <contact@makz.me> wrote:

    Hmmm thanks, i did the modifications, but i have this error


    ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)



    Do i need to restart samba to apply the "ldap server require strong
    auth" ?



    If yes, it's impossible right now, i have +600 users in production
    i'll restart this night. ^^'



    Try 'smbcontrol all reload-config', if this doesn't work, then yes, you
    will have to restart Samba.

    Rowland


    --
    To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)