Hello Julian,
Am 08.08.2013 18:14, schrieb Julian Pilfold-Bagwell:
I'm setting up a Samba AD domain which works perfectly with the WIn 7
server tools and so far everything is going fine. What has me stumped
is setting up an LDAP proxy in our DMZ against which I can authenticate
our email and web services.
I've got port 389 open on my main Samba 4 DC and if I use the domain
administrator account to bind the proxy, everything works. In order to
give a degree of separation however, I've created a user called
ldapbindacc and have used the server remote admin tools to delegate
control of the directory server to that user with read only access to
user and group details. When I try to access the directory using this
account, I get the following error message (the password is definitely
correct):
# ldapsearch -LLL -H ldap://127.0.0.1 -b
'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D
'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W
'(sAMAccountName=Test.User)'
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE
As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been
patching things together from various howto's. Has anyone succeeded in
this who can give me some tips.
Here I described how to setup an openLDAP proxy to AD:
http://wiki.samba.org/index.php/Authenticating_other_services_against_AD
(incl. authenticating other ldap based services)
Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
