dobrimaros at yahoo.pl
2010-Dec-17 12:33 UTC
[Samba] How to bind properly to Samba4 LDAP server?
Hello all, This is my second approach to make a script which will be used to Samba4 users management. As I wrote in my previous mail, I have no problems to read records from LDAP, and that's because It could happen without bind process. Problem is when I try to write or modify something to LDAP. Here is my simple script written in Perl: http://pastebin.com/eF0hh5Ee After adding some debugging options, this is what I get when trying to run it: http://pastebin.com/2py5EixU Bind process returns: Simple Bind Failed : NT_STATUS_LOGON_FAILURE When trying to add a record: error in module acl: insufficient access rights (50) Please give me a clue how to bind properly to Samba4 LDAP server. Maybe should I use SASL authentication? If yes, with which mechanism? Thats very important to me. I will be very grateful for helping me. Greetings, Mark Felskowski
Hi On 17 December 2010 14:33, dobrimaros at yahoo.pl <dobrimaros at yahoo.pl> wrote:> Hello all, > > This is my second approach to make a script which will be used to Samba4 users management. > As I wrote in my previous mail, I have no problems to read records from LDAP, and that's because It could happen without bind process. > Problem is when I try to write or modify something to LDAP. > > Here is my simple script written in Perl: http://pastebin.com/eF0hh5Ee > After adding some debugging options, this is what I get when trying to run it: http://pastebin.com/2py5EixU > > Bind process returns: Simple Bind Failed : NT_STATUS_LOGON_FAILURE > When trying to add a record: error in module acl: insufficient access rights (50) > > Please give me a clue how to bind properly to Samba4 LDAP server. Maybe should I use SASL authentication? If yes, with which mechanism?The following might give you a hint, but not sure how you would do it from perl code: $ kinit user user at EXAMPLE.COM's Password: $ ldapsearch -Y GSSAPI sAMAccountName=user [...]> Thats very important to me. I will be very grateful for helping me. > > Greetings, > Mark Felskowski-- Michael Wood <esiotrot at gmail.com>
On Fri, 2010-12-17 at 12:33 +0000, dobrimaros at yahoo.pl wrote:> Hello all, > > This is my second approach to make a script which will be used to Samba4 users management. > As I wrote in my previous mail, I have no problems to read records from LDAP, and that's because It could happen without bind process. > Problem is when I try to write or modify something to LDAP. > > Here is my simple script written in Perl: http://pastebin.com/eF0hh5Ee > After adding some debugging options, this is what I get when trying to run it: http://pastebin.com/2py5EixU > > Bind process returns: Simple Bind Failed : NT_STATUS_LOGON_FAILUREThis means the username (DN) or password you sent is wrong. In AD, you can use administrator at smbpdc.home.net as the 'dn' in a bind. This may be easier to get correct. In your case, the issue is that you have missed out 'cn=users' from the DN. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20101218/bbdc91ed/attachment.pgp>