Web lists-archives.com

Re: [Samba] LDAP logins failing after installing Samba 4.4.5




On Wed, 2017-03-08 at 08:41 +0000, Rowland Penny via samba wrote:
> On Wed, 08 Mar 2017 10:22:27 +1300
> Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> 
> > 
> > To be clear, AD does allow simple binds.  We restrict them in Samba
> > per the "ldap server require strong auth" parameter. 
> > 
> 
> It all depends on your definition of 'simple', mine was without
> authenticated username and password.

The words "simple bind" have a specific meaning in the spec:

https://tools.ietf.org/html/rfc4513#section-5.1

(What we don't implement is 5.1.2, that is treating a user DN but no
password as special, we will just fail the login with
invalidCredentials rather than unwillingToPerform).

I hope this helps clarify the terms in use here,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba