Issue with nslcd and Samba 4
[Date Prev][Date Next] [Thread Prev][Thread Next]Issue with nslcd and Samba 4
- From: "jul.gil [at] gmail.com" <jul.gil [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Issue with nslcd and Samba 4
- Date: Sat, 17 Sep 2016 16:48:05 +0000
Hi
I am trying to configure authentification with Samba 4 as AD, but it does not work.- I follow the samba documentation https://wiki.samba.org/index.php/Nslcd#Method_2:_Connecting_to_AD_via_Kerberos
- getent passwd works well, but the ssh / login failed
- using nslcd -d I have the following output :
- using nslcd -d I have the following output :
nslcd: [334873] <passwd="julien"> DEBUG: myldap_search(base="dc=gilles,dc=lan", filter="(&(objectClass=user)(sAMAccountName=julien))") nslcd: [334873] <passwd="julien"> DEBUG: ldap_initialize(ldap:///192.168.0.1) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_rebind_proc() nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF) nslcd: [334873] <passwd="julien"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [334873] <passwd="julien"> DEBUG: ldap_sasl_interactive_bind_s(NULL,"GSSAPI") (uri="ldap:///192.168.0.1") nslcd: [334873] <passwd="julien"> DEBUG: do_sasl_interact(): were asked for sasl_authzid but we don't have any nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable nslcd: [334873] <passwd="julien"> DEBUG: do_sasl_interact(): were asked for sasl_authzid but we don't have any nslcd: [334873] <passwd="julien"> DEBUG: ldap_result(): CN=julien,CN=Users,DC=gilles,DC=lan nslcd: [334873] <passwd="julien"> DEBUG: ldap_result(): end of results (1 total) nslcd: [b0dc51] DEBUG: connection from pid=28723 uid=0 gid=0 nslcd: [b0dc51] <authc="julien"> DEBUG: nslcd_pam_authc("julien","sshd","***") nslcd: [b0dc51] <authc="julien"> DEBUG: myldap_search(base="dc=gilles,dc=lan", filter="(&(objectClass=user)(sAMAccountName=julien))") nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_result(): CN=julien,CN=Users,DC=gilles,DC=lan nslcd: [b0dc51] <authc="julien"> DEBUG: myldap_search(base="CN=julien,CN=Users,DC=gilles,DC=lan", filter="(objectClass=*)") nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_initialize(ldap:///192.168.0.1) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_rebind_proc() nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_OFF) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_sasl_bind("CN=julien,CN=Users,DC=gilles,DC=lan","***") (uri="ldap:///192.168.0.1") (ppolicy=yes) nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_parse_result() result: Strong(er) authentication required: BindSimple: Transport encryption required. nslcd: [b0dc51] <authc="julien"> DEBUG: failed to bind to LDAP server ldap:///192.168.0.1: Strong(er) authentication required: BindSimple: Transport encryption required. nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_unbind() nslcd: [b0dc51] <authc="julien"> CN=julien,CN=Users,DC=gilles,DC=lan: Strong(er) authentication required nslcd: [b0dc51] <authc="julien"> DEBUG: myldap_search(base="dc=gilles,dc=lan", filter="(&(objectClass=shadowAccount)(uid=julien))") nslcd: [b0dc51] <authc="julien"> DEBUG: ldap_result(): end of results (0 total)
It seems to me that the kerberos authentication is ok, as nslcd is able to find the account in the ldap, but the test of the password fails because of a protocol issue (Strong(er) authentication required: BindSimple: Transport encryption required).
I don't find anything related to that issue on google... Any idea ?
--
Julien Gilles.
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- Issue with nslcd and Samba 4, jul.gil@gmail.com
- Re: Issue with nslcd and Samba 4, Arthur de Jong
- Prev by Date: RE: Possible or not possible?
- Next by Date: Re: Issue with nslcd and Samba 4
- Previous by thread: RE: Possible or not possible?
- Next by thread: Re: Issue with nslcd and Samba 4