Re: [Samba] Authenticating against Samba 4 AD LDAP service
- Date: Thu, 06 Sep 2018 12:47:02 +0700
- From: Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Authenticating against Samba 4 AD LDAP service
Rowland Penny via samba писал 2018-09-05 16:10:
On Wed, 05 Sep 2018 15:46:04 +0700
Konstantin Boyandin via samba <samba@xxxxxxxxxxxxxxx> wrote:
One of Samba 3 -> Samba 4 migration task I am solving is changing
authentication against new Samba 4 AD domain.
Existing services use LDAP directory of Samba 3 to authenticate. The
simplest way to go would be just to replace LDAP credentials;
however, I don't quite understand which LDAP credentials to use/how
to create them for Samba 4 AD.
Sample command against Samba 4 LDAP service:
# ldapsearch -D "cn=Manager,dc=company,dc=lan" -w [password] -H
ldap://10.100.0.4 -b "dc=ad-lan,dc=com" -s sub "(objectclass=*)"
ldap_bind: Strong(er) authentication required (8)
additional info: BindSimple: Transport encryption required.
I would appreciate a link to possible source of wisdom, or
explanations in here.
Note: I can do searches using Kerberos authentication on Samba 4
installation, like this:
# kinit administrator
# ldbsearch -H ldap://dc.ad-lan.com -k yes '(objectclass=person)'
but Kerberos is not an option for some existing services.
ldbsearch -U Administrator --password=[password] -H ldap://10.100.0.4
-b "dc=ad-lan,dc=com" -s sub "(objectclass=*)"
NOTE, you can (and probably should) replace '10.100.0.4' with the DC's
That works, thank you, with actual domain name in LDAP URL.
However, are you sure you cannot use kerberos ?
What are your existing services ?
to name most important ones:
- Mail server (I use pam_ldap/nss_ldap, i.e. nslcd, currently)
- Shell (SSH) server (same, using nslcd)
- Apache 2.* LDAP authentication module
- Atlassian Confluence
To unsubscribe from this list go to the following URL and read the