Discussion:
[Samba] Unable to execute ldapsearch on samba4 installed in Active Directory mode
Jules Houantonon
2016-07-25 20:34:43 UTC
Permalink
Dear all,

i install samba-sernet-ad 4.2 on a Centos 7.2 Linux.

I also install phpldapadmin to connect to the domain with the Administrator
distinguished name.

From phpldapadmin, i am able to connect as anonymous, but when i try to
provide Administrator Distinguished name and password, authentication
failed.

I received this error : stronger authentication required (8) for user.

I then try to use ldapsearch, but i still not success to have great result.

$ldapsearch -xLLL -H ldap://localhost:389 -D
"cn=Administrator,dc=HPRS,dc=local" -W -b "dc=lab,dc=local"

after entering the password, it display the same message while using
phpldapadmin out :
Stronger authentication required
Additional info : BindSimple : Transportencryption required

When i replace ldap by ldaps and 389 by 636 , i get :
ldap_sasl_bind(Simple) : Cannot contact ldap server (-1)

Can anyone help me please ?

Thank you for your support

Regards
--
Jules HOUANTONON
*Phone* : (00229) 97578914
*Email *: ***@gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Stefan Kania
2016-07-25 20:57:06 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

you can't use simple bind with Samba 4 AD. You need kerberos for
authentication. you can add:
ldap server require strong auth = no
to your smb.conf of your ADDC to get it work with administrator as
login credential.
Post by Jules Houantonon
Dear all,
i install samba-sernet-ad 4.2 on a Centos 7.2 Linux.
I also install phpldapadmin to connect to the domain with the
Administrator distinguished name.
From phpldapadmin, i am able to connect as anonymous, but when i
try to provide Administrator Distinguished name and password,
authentication failed.
I received this error : stronger authentication required (8) for user.
I then try to use ldapsearch, but i still not success to have great result.
$ldapsearch -xLLL -H ldap://localhost:389 -D
"cn=Administrator,dc=HPRS,dc=local" -W -b "dc=lab,dc=local"
after entering the password, it display the same message while
using phpldapadmin out : Stronger authentication required
Additional info : BindSimple : Transportencryption required
ldap_sasl_bind(Simple) : Cannot contact ldap server (-1)
Can anyone help me please ?
Thank you for your support
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAleWfSIACgkQ2JOGcNAHDTZREwCePtowPdxvAUhuElgS+l68nj7C
sk0AoJc32m2ix+JiuhMhQiNWtz7y1v3A
=2VLC
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jules Houantonon
2016-07-25 21:22:13 UTC
Permalink
Thank you dear Stefan,

It works perfectly in both case.

Refards
Post by Stefan Kania
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
you can't use simple bind with Samba 4 AD. You need kerberos for
ldap server require strong auth = no
to your smb.conf of your ADDC to get it work with administrator as
login credential.
Post by Jules Houantonon
Dear all,
i install samba-sernet-ad 4.2 on a Centos 7.2 Linux.
I also install phpldapadmin to connect to the domain with the
Administrator distinguished name.
From phpldapadmin, i am able to connect as anonymous, but when i
try to provide Administrator Distinguished name and password,
authentication failed.
I received this error : stronger authentication required (8) for user.
I then try to use ldapsearch, but i still not success to have great result.
$ldapsearch -xLLL -H ldap://localhost:389 -D
"cn=Administrator,dc=HPRS,dc=local" -W -b "dc=lab,dc=local"
after entering the password, it display the same message while
using phpldapadmin out : Stronger authentication required
Additional info : BindSimple : Transportencryption required
ldap_sasl_bind(Simple) : Cannot contact ldap server (-1)
Can anyone help me please ?
Thank you for your support
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAleWfSIACgkQ2JOGcNAHDTZREwCePtowPdxvAUhuElgS+l68nj7C
sk0AoJc32m2ix+JiuhMhQiNWtz7y1v3A
=2VLC
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Jules HOUANTONON
*Phone* : (00229) 97578914
*Email *: ***@gmail.com
*Skype* : houantonon
*linkedin* : www.linkedin.com/in/jhouantonon/en
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...