On Thu, 2013-08-08 at 17:14 +0100, Julian Pilfold-Bagwell wrote: > Hi All, > > I'm setting up a Samba AD domain which works perfectly with the WIn 7 > server tools and so far everything is going fine. What has me stumped > is setting up an LDAP proxy in our DMZ against which I can authenticate > our email and web services. > > I've got port 389 open on my main Samba 4 DC and if I use the domain > administrator account to bind the proxy, everything works. In order to > give a degree of separation however, I've created a user called > ldapbindacc and have used the server remote admin tools to delegate > control of the directory server to that user with read only access to > user and group details. When I try to access the directory using this > account, I get the following error message (the password is definitely > correct): > > # ldapsearch -LLL -H ldap://127.0.0.1 -b > 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D > 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W > '(sAMAccountName=Test.User)' > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE > > As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been > patching things together from various howto's. Has anyone succeeded in > this who can give me some tips.
Try just setting the DN as ldapbind...@bordengrammer.kent.sch.uk (AD allows these kind of DNs for binds). Otherwise, just turn up the logging on the Samba side and see what it says. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba