Andreas Oster
2013-Oct-02 09:38 UTC
[Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
Hi all, I have run into a problem with our samba4 setup. I have successfully joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the samba4 AD. User authentication does work but unfortunately the ISE is unable to fetch the AD groups from the domain controller. In the samba logs I get the following error message when initiating the group fetch: [2013/10/02 10:21:37.605554, 0] ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 Has anybody had a similar problem and found a solution for it ? Thank you for your kind help best regards Andreas
Jeremy Allison
2013-Oct-02 19:51 UTC
[Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote:> Hi all, > > I have run into a problem with our samba4 setup. I have successfully > joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the > samba4 AD. User authentication does work but unfortunately the ISE is > unable to fetch the AD groups from the domain controller. In the samba > logs I get the following error message when initiating the group fetch: > > [2013/10/02 10:21:37.605554, 0] > ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) > Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136Can you log a bug and attach to it a wireshark trace of this operation failing ? That will help track this down and fix it. Cheers, Jeremy.
Jeremy Allison
2013-Oct-02 19:53 UTC
[Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote:> Hi all, > > I have run into a problem with our samba4 setup. I have successfully > joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the > samba4 AD. User authentication does work but unfortunately the ISE is > unable to fetch the AD groups from the domain controller. In the samba > logs I get the following error message when initiating the group fetch: > > [2013/10/02 10:21:37.605554, 0] > ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) > Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136LDAP request type 16 == LDAP_TAG_AbandonRequest which we don't handle in the cldap request handler. That's why you're getting the error. Jeremy.