samba - Sep 2017 - AD Integration for Authentication

Hi,

We are tying to integrate NextCloud like applications with Samba-AD for 
authentication purposes. We are receiving the error message, "Cannot 
Connect to Active Directory". The settings used for establishing 
connection are as follows:

Server Name : dc.example.com
UserDN : CN=Administrator,CN=Users,DC=example,DC=com
Password = ************
BaseDN = DC=example,DC=com.

NextCloud server is able to detect the port as 389. But cannot detect 
the BaseDN.

However the same setting works perfectly with AD on Windows Server 2008 
R2 or Windows Server 2012 R2.

Our smb.conf:

---------------------------------------

# Global parameters
[global]
     netbios name = DC1
     realm = EXZA.COM
     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
     workgroup = EXZA
     server role = active directory domain controller
     idmap_ldb:use rfc2307 = yes
     ldap server require strong auth = No
#Log Level and File
     log level = 3

[netlogon]
     path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
     read only = No

[sysvol]
     path = /usr/local/samba/var/locks/sysvol
     read only = No

-------------------------------------

Any suggestions to get this working?

-- 

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

On Mon, Sep 25, 2017 at 11:09 PM, Anantha Raghava via samba <
samba at lists.samba.org> wrote:
> Hi,
>
> We are tying to integrate NextCloud like applications with Samba-AD for
> authentication purposes. We are receiving the error message, "Cannot
> Connect to Active Directory". The settings used for establishing
connection
> are as follows:
>
> Server Name : dc.example.com
> UserDN : CN=Administrator,CN=Users,DC=example,DC=com
> Password = ************
> BaseDN = DC=example,DC=com.
>
> NextCloud server is able to detect the port as 389. But cannot detect the
> BaseDN.
>
> However the same setting works perfectly with AD on Windows Server 2008 R2
> or Windows Server 2012 R2.
>
> Our smb.conf:
>
> ---------------------------------------
>
> # Global parameters
> [global]
>     netbios name = DC1
>     realm = EXZA.COM
>     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>     workgroup = EXZA
>     server role = active directory domain controller
>     idmap_ldb:use rfc2307 = yes
>     ldap server require strong auth = No
> #Log Level and File
>     log level = 3
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
>     read only = No
>
> [sysvol]
>     path = /usr/local/samba/var/locks/sysvol
>     read only = No
>
> -------------------------------------
>
> Any suggestions to get this working?
>
> --
>
>
>
We are using Nextcloud with Samba AD for authentication.  We are using
ldaps though, port 636.

Might have something to do with smb.conf setting of 'ldap server require
strong auth' defaults to yes.

Dale