Web lists-archives.com

[Samba] RODC and LDAP via Simple Authentication fails

Dear all,

setting up a DMZ environment I was thinking to use an RODC there for
user authentication. One of the application in the DMZ needs to access
the directory via LDAP.

When I tried to connect to the RODC using LDAP with simple bind, I
always received the following error

ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 6fa, v1db1

even though the credentials used are correct and do work with the
"normal" DCs.

I have already added the corresponding user to the group "Allowed RODC
Password Replication Group", but that did not change anything...

Authentication through Kerberos seems to work, but is not an option for
the application, unfortunately.

Did I miss anything that prevents my scenario to work by design? Thanks
a lot for your help!

Best regards

Attachment: signature.asc
Description: OpenPGP digital signature

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba