search for: ldap_sasl_interactive_bind_s

...P traffic is encrypted on my Samba 4 DC. I have read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC but when I attempt to connect to the DC on port 636 or via ldaps:// or both via ldapsearch (linux) and ldp (windows) I cannot connect. Failed tests: *ldapsearch -I -H ldaps://dc* ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) additional info: (unknown error code) *ldapsearch -I -H ldaps://dc:636* ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) additional info: (unknown error code) *ldapsearch -I -H ldap://dc:636* ldap_sasl_interactive_bind_s: Can'...

...subtree # filter: (sAMAccountName=dumaresq) # requesting: ALL # results in here... # search result search: 5 result: 0 Success # numResponses: 2 # numEntries: 1 I cannot get ldapsearch -Z or ldaps working: ldapsearch '(sAMAccountName=dumaresq)' -Z SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Server is unwilling to perform (53) additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if TLS is used Here is what I get in samba.log when I do did that command: [2011/04/23 14:29:56, 3] ../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect) ldb_wrap open of secrets....

...389 -h DC -u me at ourdomain.com.au -W -X -LLL -b "dc=ourdomain,dc=com,dc=au" -s sub However, running an equivalent search on a freshly installed test domain, using the exact same version of Samba and the same smb.conf (with appropriate domain adjustments), I get the following error: ldap_sasl_interactive_bind_s: Strong(er) authentication required (8) additional info: SASL:[NTLM]: Sign or Seal are required. I believe this is the problem behind sssd not working on the test domain client, which I need to get working before I can proceed. To the best of my recollection, we have never done anything spe...

...he DC is correct. The results of an ldapsearch against the DC are not consistent: # ldapsearch -H ldap://<dc-server> cn=<client-short-name> always works, but with -N added it does the following: * about 10% of the time it works perfectly; * about 60% of the time it fails with: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL:[GSSAPI]: NT_STATUS_LOGON_FAILURE * about 30% of the time it fails with: ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Unknown error) while if the l...

I've googled and I believe that SASL method DIGEST-MD5 is supported and I see it in the samba startup, but it doesn't work. ldapsearch -Y DIGEST-MD5 -h dc03.mediture.dom SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Operations error (1) additional info: SASL:[DIGEST-MD5]: Failed to start authentication backend: NT_STATUS_INVALID_PARAMETER [root at dc03 ~]# samba -i -M single -d3 lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf samba version 4.2.0 started. Copyright Andrew Tridgell and th...

...ich accept ldapsearch with credentials but which refuse ldapsearch with GSSAPI. The issue does not seem to be coming from the client as I discovered this issue writing a script to test all 22 DC, and all 21 others DC are working well from that client. The error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) I did reinstall the whole server ('cause I'm lazy, hoping the issue disappear by itself) but the iss...

...-VERS-SSL3.0 tls verify peer = as_strict_as_possible ldapsearch -U USER -h ldaps://localhost -p636 -w PASS -b dc=internal,dc=test,dc=com,dc=br -s sub '(objectClass=user)' givenName -LLL -n -N -Z ldap_start_tls: Connect error (-11) additional info: (unknown error code) ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) additional info: (unknown error code) What would be wrong? Em 11-01-2017 14:39, Rowland Penny via samba escreveu: > On Wed, 11 Jan 2017 11:09:15 -0500 > Matthew Daubenspeck via samba <samba at lists.samba.org> wrote: > >> I'...

...--&gt; worked with XP clients, but Win7 clients couldn't join to the domain. 2. https://wiki.samba.org/index.php/Samba4/HOWTO (server: RHEL 6.3) --&gt; works fine with all clients, but I can't communicate with internal LDAP, I get this error message when I try a simple ldapsearch: ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired) I googled around a lot, but haven't found any working solutions yet. Do you know any answer to this problem? Or can you advise an alter...

...) Reminder of the issue: Every services (CIFS, Kerberos, LDAP, DNS, RPC) on one DC were working well and ldapsearch using DN and password were also working. The only thing which was not working was ldapsearch using GSSAPI authentication with the following error: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) This issue was happening only from one client, some Debian Jessie (8), it wasn't happening on DC which a...

Hi I am trying to authenticate my mail server with samba ad. The only problem is that I don?t get it working. root at dna:/data/CA/EasyRSA-v3.0.6# ldapsearch -x -h gaia.rompen.lokaal -D 'vmail' -W -b 'cn=users,dc=rompen,dc=lokaal' Enter LDAP Password: ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required. I can not read

..."dc=ourdomain,dc=com,dc=au" -s sub >> >> However, running an equivalent search on a freshly installed test >> domain, using the exact same version of Samba and the same smb.conf >> (with appropriate domain adjustments), I get the following error: >> >> ldap_sasl_interactive_bind_s: Strong(er) authentication required (8) >> additional info: SASL:[NTLM]: Sign or Seal are required. >> >> I believe this is the problem behind sssd not working on the test >> domain >> client, which I need to get working before I can proceed. >> >> To...

...=ad,dc=example,dc=com" "(objectClass=user)" "sAMAccountName" However, when I try to use python-ldap I get this error: 00002020: Operation unavailable without authentication I've traced ldapsearch and python using ltrace, and both seem to be making the same calls (ldap_sasl_interactive_bind_s and ldap_search_ext) and passing the same parameters. This feels like a bug in python-ldap, but I've been tracing this for hours and can't find anything which indicates that. I set my samba "log level" to 10 and grabbed a snapshot right around this query, but it's still 1.4M....

...extended LDIF >> > What is strange is that I get this > root at dna:/home/philip# ldapsearch -h gaia.rompen.lokaal -U 'philip' -W > -b 'cn=users,dc=rompen,dc=lokaal' > Enter LDAP Password: > SASL/NTLM authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: > AcceptSecurityContext error, data 52e, v1db1 > > I don?t fully understand. But what do you have to fill in by ldap > password? The user password or is this an global password? What does >...

Does anyone know what the following error means, and what I can do to fix it?? [root@trouble openldap]# ldapadd -D "cn=root,o=smb,dc=picotech,dc=net" -W Enter LDAP Password: ldap_sasl_interactive_bind_s: No such attribute ------------- Jeffrey D. Means CIO for PicoTech Ft. Collins, Colorado -------------- next part -------------- HTML attachment scrubbed and removed

...quot; just fine, but when an AD user does that either nothing happens at all (command hangs) or I get an error like + sudo ldapsearch -v -h 10.243.50.22 -Y GSSAPI -b ou=user,ou=... -LLL '(cn=XXXXX XXXXXXXXXX*)' mail ldap_initialize( ldap://10.243.50.22 ) SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (No such file or directory) particularly within the backend script. What happens here? I did add winbind to /etc/pam.d/sudo but as I understand this should not be needed to s...

...may have tried to set this up before I'm trying to connect my freebsd 5.x server to a windows 2003 server. I have been using this tutorial http://oslabs.mikro-net.com/fbsd_samba.html I've gotten down to the part where I run ldapsearch using SSL/TLS and I get this minubian# ldapsearch ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) I can ping the host specificed in ldap.conf and verified that port 636 is open on it Any help would be appreciated and if you could cc me and the list incase I miss your message on the list. Thanks, David W. Chapman Jr.

...ch -H ldap://192.168.1.3 cn=steve2 -b "dc=hh3,dc=site" -Y GSSAPI SASL/GSSAPI authentication started <snip> and all is OK. Ubuntu samba --version Version 4.0.0alpha18-GIT-c3a7573 root at hh3:/tmp# ldapsearch -H ldap://192.168.1.3 cn=steve2 -b "dc=hh3,dc=site" -Y GSSAPI ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found Maybe I'm missing an Ubuntu package? If so, what could it be? Thanks, Steve

...ut I should be able to "passwd" an /etc/passwd user, shouldn't I? dellj81:/home/chema# id root uid=0(root) gid=0(root) groups=0(root) With my normal user, if I try to change the password: chema@dellj81:~$ ldappasswd SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database This produces the following sldap output: Oct 25 11:45:03 dellj81 slapd[2925]: SASL [conn=55] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory Oct 25 1...

...othing works. ldapsearch and getent passwd draw a blank. ldapsearch -x -b '' -sbase supportedSASLMechanisms gives me: dn: supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: NTLM but ldapsearch -Y GSSAPI gives: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) and Samba gives: Kerberos: TGS-REQ Administrator at HH3.SITE from ipv4:192.168.1.3:56859 for ldap/hh3.site a...

...read and followed https://wiki.samba.org/index.php/Setup_LDAPS_on_a_DC > > but when I attempt to connect to the DC on port 636 or via ldaps:// or both > > via ldapsearch (linux) and ldp (windows) I cannot connect. > > Failed tests: > > *ldapsearch -I -H ldaps://dc* > > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > > additional info: (unknown error code) Does the OpenSSL test connect, and if so with what result? openssl s_client -showcerts -connect DC.EXAMPLE.COM:636 -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems A...