search for: ldap_sasl_bind

...aps://devsamba.lucas.ufes.br:636" -w '*********' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" -d1 ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636) ldap_create ldap_url_parse_ext(ldaps://devsamba.lucas.ufes.br:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP devsamba.lucas.ufes.br:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 172.20.152.23:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect errno: 11...

...ap.domain.org:6636/" -D <binddn> -x -W -b <searchbase> -d1 -s sub -v "uid=ME" ldap_url_parse_ext(ldaps://ldap.domain.org:6636/) ldap_initialize( ldaps://ldap.domain.org:6636/??base ) ldap_create ldap_url_parse_ext(ldaps://ldap.domain.org:6636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.domain.org:6636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 12.34.56.78:6636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: certdb config: configDir='/etc/openlda...

...fine when the machine is first bound to the domain. Sssd caches the login info, but eventually this times out and another call to Samba has to be made to refresh the cache. The SASL bind to the directory fails with: (Wed Aug 29 11:40:56 2012) [sssd[be[SAMBA4]]] [sasl_bind_send] (0x0020): ldap_sasl_bind failed (49)[Invalid credentials] Some time later, it starts working again, presumably because the first DC popped up in the name resolution order once again. The client configuration is unchanged from the first (working) scenario. As I said, everything works perfectly with one DC, and fails cons...

...rator,dc=HPRS,dc=local" -W -b "dc=lab,dc=local" after entering the password, it display the same message while using phpldapadmin out : Stronger authentication required Additional info : BindSimple : Transportencryption required When i replace ldap by ldaps and 389 by 636 , i get : ldap_sasl_bind(Simple) : Cannot contact ldap server (-1) Can anyone help me please ? Thank you for your support Regards -- Jules HOUANTONON *Phone* : (00229) 97578914 *Email *: juleshoueto at gmail.com *Skype* : houantonon *linkedin* : www.linkedin.com/in/jhouantonon/en

Hello everyone, I'm using Samba4 in my CentOS server, and it was just fine. I could always use ldap commands like 'ldapsearch' and 'ldapadd' and I had no problem. But one day, I don't know why, I couldn't use more ldapsearch or ldapadd. They return this: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) I'm using the same command as always, like: ldapsearch -H "ldaps://devsamba.lucas.ufes.br:636" -w '*******' -D "cn=administrator,cn=users,dc=lucas,dc=ufes,dc=br" -x -b "dc=lucas,dc=ufes,dc=br" My /etc/openld...

Hello Rowland, ldap search command throws error as below. I am unable to search ldap. ------- ldap_initialize( ldap://dc.exza.local:3268 ) ldap_start_tls: Can't contact LDAP server (-1) Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ---------- I am using BIND_DLZ dns back end. and server is listening on 3268 and 3269 -- Thanks & Regards, Anantha Raghava eXzaTech Consulting And Services Pvt. Ltd. Ph: +91-9538849179, E-mail: raghav at exzatechconsulting.com <mailto:ragh...

...xample,dc=com" -H ldaps://dc1.samdom.example.com -W sAMAccountName=rowland [I got the same thing ] ldapsearch -D "administrator at lucas.ufes.br" -b "cn=users,cn=lucas,dc=ufes,dc=br" -H ldaps://devsamba.lucas.ufes.br -w 's3nh4.s3rv3r' sAMAccountName=administrator ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Thank you for the help. I don't know if it is a server machine's problem. Probably I'll backup and restore it or just set the server from the beginning... Lucas

...168.23:389 Jun 23 11:26:43 proxy01 dovecot: auth: Error: ldap_pvt_connect: fd: 20 tm: -1 async: 0 Jun 23 11:26:43 proxy01 dovecot: auth: Error: attempting to connect: Jun 23 11:26:43 proxy01 dovecot: auth: Error: connect success Jun 23 11:26:43 proxy01 dovecot: auth: Error: anonymous rebind via ldap_sasl_bind("") Jun 23 11:26:43 proxy01 dovecot: auth: Error: ldap_sasl_bind Jun 23 11:26:43 proxy01 dovecot: auth: Error: ldap_send_initial_request Jun 23 11:26:43 proxy01 dovecot: auth: Error: ldap_send_server_request Jun 23 11:26:43 proxy01 dovecot: auth: Error: ldap_result ld 0x1920bb0 msgid 4 Ju...

...TLS:   ldapsearch -H 'ldap://172.16.6.2:389/' -D *** -w *** -b ** -Z ldap_bind: Strong(er) authentication required (8)         additional info: BindSimple: Transport encryption required.   Attempting to access via SSL:   ldapsearch -H 'ldaps://172.16.6.2:636/' -D *** -w *** -b ** ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)   Note that we have not installed any certificates since we are not wanting to use encrypted connections at the moment.   Setting "enable tls = no" in "smb.conf" does not work - we see the same as above.   Does anyone have any ideas...

...resolves to DC1, I get: [be_resolve_server_process] (0x0200): Found address for server dc1.domain.tld: [1.2.3.4] TTL 900 [ldap_child_get_tgt_sync] (0x0100): Principal name is: [DC1$@DOMAIN.TLD] [...] [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: DC1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] [fo_set_port_status] (0x0100): Marking port 389 of server 'dc1.domai...

...local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass output: ldap_result: Can't contact LDAP server (-1) ldapsearch -x -D "cn=user,ou=users,dc=dc,dc=local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass -Z output: ldap_start_tls: Can't contact LDAP server (-1) ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ldapsearch -x -D "cn=user,ou=users,dc=dc,dc=local" -p 636 -h PDC -b "DC=dc,DC=local" -w pass -ZZ output: ldap_start_tls: Can't contact LDAP server (-1) openssl s_client -connect PDC:636 CONNECTED(00000003) --- Certificate ch...

...rocess] (0x0200): Found address for server >> dc1.domain.tld: [1.2.3.4] TTL 900 >> [ldap_child_get_tgt_sync] (0x0100): Principal name is: [DC1$@DOMAIN.TLD] >> [...] >> [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: DC1$ >> [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] >> [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): >> generic failure: GSSAPI Error: Unspecified GSS failure. Minor code >> may provide more information (Server not found in Kerberos database)] >> [fo_set_port_status] (0x0100): Marki...

...002d45e in ldap_int_open_connection () from /usr/lib/libldap_r.so.2 #11 0x4003f299 in ldap_new_connection () from /usr/lib/libldap_r.so.2 #12 0x4002cf11 in ldap_open_defconn () from /usr/lib/libldap_r.so.2 #13 0x4003ee0f in ldap_send_initial_request () from /usr/lib/libldap_r.so.2 #14 0x40035137 in ldap_sasl_bind () from /usr/lib/libldap_r.so.2 #15 0x40035b50 in ldap_simple_bind () from /usr/lib/libldap_r.so.2 #16 0x4063fc32 in ?? () from /lib/security/pam_ldap.so #17 0x08376938 in ?? () #18 0x00000000 in ?? () #19 0x00000000 in ?? () #20 0x00000000 in ?? () #21 0x00000000 in ?? () #22 0x00000000 in ?? () #...

...lib64/dovecot/auth/libdriver_sqlite.so Feb 20 12:21:20 sng02 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_simple_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_sasl_bind Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_send_initial_request Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_new_connection 1 1 0 Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_int_open_connection Feb 20 12:21:20 sng02 dovecot: auth: Error: ldap_connect_to_host: TCP localhost:389 Feb 2...

...a little further and I think I have tracked this down to a reverse DNS issue - which was non-obvious to me, so here is a write-up for the benefit of the archives. The part that was failing was this: [sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: dc1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)] It turns out that the reverse DNS entry for DC1 led to DC1.my-pre-AD-dn...

...uot;dc=lab,dc=local" > > after entering the password, it display the same message while > using phpldapadmin out : Stronger authentication required > Additional info : BindSimple : Transportencryption required > > When i replace ldap by ldaps and 389 by 636 , i get : > ldap_sasl_bind(Simple) : Cannot contact ldap server (-1) > > Can anyone help me please ? > > Thank you for your support > > Regards > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAleWfSIACgkQ2JOGcNAHDTZREwCePtowPdxvAUhuElgS+l68nj7C sk0AoJc32...

Hello, I have a samba 4 active directory, i have some application who use the Administrator user to bind the LDAP. No problems with the Administrator user but i'd like to create an application specific user to bind the LDAP. Unfortunately when i try to do a simple ldapsearch with the new user (the user is in domain admins/administrators & schema admins) it throw me a

...usr/lib/libldap.so.2(ldap_int_open_connection+0x2a6) [0x400cd27b] #7 /usr/lib/libldap.so.2(ldap_new_connection+0xea) [0x400dfb5b] #8 /usr/lib/libldap.so.2(ldap_open_defconn+0x2e) [0x400ccaee] #9 /usr/lib/libldap.so.2(ldap_send_initial_request+0x63) [0x400df627] #10 /usr/lib/libldap.so.2(ldap_sasl_bind+0x2ec) [0x400d4e28] #11 /usr/lib/libldap.so.2(ldap_simple_bind+0xd2) [0x400d5666] #12 /lib/libnss_ldap.so.2 [0x40512e55] #13 /lib/libnss_ldap.so.2 [0x40512b05] #14 /lib/libnss_ldap.so.2(_nss_ldap_initgroups_dyn+0x54) [0x40514efc] #15 /lib/libc.so.6 [0x4023ac99] #16 /lib/libc.so.6(...

...usage of GSSAPI based auth would be: 1. configure a krb5 cache file (e.g. with $KRB5CCNAME, or an option in smb.conf) 2. periodically (with a cronjob) write the ticket into this file (when you are paranoid, this can happen on another machine and copied with ssh) 3. on demand, samba uses ldap_sasl_bind() instead of ldap_simple_bind() Am I missing somthing and such a setup is already supported by samba, or is it a wishlist item? Enrico

...----------------------- ldapsearch on 636 is not working: ---------------------------------------- ldapsearch -LLL -p636 -h 10.156.248.238 cn=administrator -D cn=administrator,cn=users,DC=samba,DC=domain,DC=tld -W -d9 ldap_create ldap_url_parse_ext(ldap://10.156.248.238:636) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 10.156.248.238:636 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 10.156.248.238:636 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_ope...