HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Linux AD Integration (http://www.howtoforge.com/forums/showthread.php?t=47403)

boqor 18th July 2010 15:20

Linux AD Integration
 
Hello folks,


I need only centralized authentication via M$ AD and I try configure nss-ldap in my debian box but syslog always says these messages;

Code:

Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server...
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
Jul 18 15:58:02 debox nscd: nss_ldap: could not search LDAP server - Server is unavailable
Jul 18 15:58:02 debox sshd[16767]: Invalid user boqor from x.x.x.x

But i can get answers for ldapsearch command

Code:

ldapsearch -x -W -D "cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld"|grep sAMAccountName
Enter LDAP Password:

sAMAccountName: Administrator
sAMAccountName: Guest
sAMAccountName: boqor
.
.
.


My config files;

ldap.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
scope sub
ssl no


libnss-ldap.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
ldap_version 3
rootbinddn cn=Administrator,cn=User,dc=ad,dc=domain,dc=tld

libnss-ldap.secret
Code:

pazzword
nsswitch.conf
Code:

passwd: compat ldap
shadow: compat ldap
group: compat ldap

hosts:          files dns
networks:      files
protocols:      db files
services:      db files
ethers:        db files
rpc:            db files
netgroup:      nis

nss-ldapd.conf
Code:

host    192.168.0.5
BASE    dc=ad,dc=domain,dc=tld
URI    ldap://192.168.0.5/
binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
bindpw  pazzword
scope sub
timelimit 30


Anybody can help me? How can i debug nss-ldap?
M$ logs are not readable or helpful.

joe.rella@gmail.com 9th December 2011 19:10

Linux AD integration
 
Was there ever a solution to this issue? I face the same thing.

I have tried seemingly a hundred different things, and it always comes back to this error:

nss_ldap: failed to bind to LDAP server ldap://x.x.x.x: Invalid credentials

Domain Controller has event log saying that srv_ldap attempted a type of login for which it is not permitted (interactive). However, srv_ldap does have the right to log on interactively, as specified in Group Policy.

I'm going insane. Thanks for any help.


All times are GMT +2. The time now is 15:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.