Web lists-archives.com

[Samba] NT_STATUS_LOGON_FAILURE when trying to bind LDAP




Hello,

  

I have a samba 4 active directory, i have some application who use the
Administrator user to bind the LDAP.

No problems with the Administrator user but i'd like to create an application
specific user to bind the LDAP.

  

Unfortunately when i try to do a simple ldapsearch with the new user (the user
is in domain admins/administrators & schema admins) it throw me a
NT_STATUS_LOGON_FAILURE.

  

[root@dc tls]# id ssp  
uid=3000026(DOMAIN\ssp) gid=513(DOMAIN\domain users) groups=513(DOMAIN\domain
users),3000026(DOMAIN\ssp),512(DOMAIN\domain admins),3000003(DOMAIN\schema
admins),3000001(DOMAIN\denied rodc password replication
group),3000004(BUILTIN\users),544(BUILTIN\administrators)  
[root@dc tls]# ldapsearch -xLLL -H ldaps://localhost:636 -D
"CN=ssp,CN=Users,DC=domain,DC=be" -W -b "DC=domain,DC=be"  
Enter LDAP Password:  
ldap_bind: Invalid credentials (49)  
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE  

  

but i can connect in the domain

  

[root@dc tls]# smbclient  //dc/common -U 'DOMAIN\ssp'  
Enter DOMAIN\ssp's password:  
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.5.5-SerNet-RedHat-13.el7]  
smb: \>  

  

So my first question, is it possible to create a user who have the full rights
in the LDAP ?

If yes, second question, how to create it ?

  

Thank you.

  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba