On Wed, 2013-08-07 at 17:16 +0700, Olivier Nicole wrote: > Hi, > > I understand that using options -H and --simple-bind-dn one could run > samba-tool remotely. > > But how should I specify the DN to use for simple bind? > > I tried many syntaxes: > cn=Administrator > cn=Administrator@domain > domain > all with the Administrator password, but it always fail with: > Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <Simple Bind > Failed: NT_STATUS_LOGON_FAILURE> <> > Failed to connect to 'ldap://fbsd35.cs.ait.ac.th/' with backend 'ldap': (null) > > Can I use the command ldapsearch (from openLdap distribution) to access > the LDAP directory maintained by Samba? > > If yes, what is the syntax in term of binding?
In general, you shouldn't need --simple-bind-dn, because Samba supports much more secure ways to authenticated, such as NTLM and Kerberos. Just specify -U administrator For the record, for other non-AD servers that don't do SASL and so can't use -U, --simple-bind-dn takes a DN, so cn=admin,dc=example,dc=com might be the admin DN on an OpenLDAP server. (this applies more to the ldb* commands that samba-tool, which probably shouldn't show this option except it comes from common code). I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
