Linux AD Integration

Discussion in 'Installation/Configuration' started by boqor, Jul 18, 2010.

  1. boqor

    boqor New Member

    Hello folks,


    I need only centralized authentication via M$ AD and I try configure nss-ldap in my debian box but syslog always says these messages;

    Code:
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server...
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:01 debox nscd: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
    Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5: Invalid credentials
    Jul 18 15:58:02 debox nscd: nss_ldap: failed to bind to LDAP server ldap://192.168.0.5/: Invalid credentials
    Jul 18 15:58:02 debox nscd: nss_ldap: could not search LDAP server - Server is unavailable
    Jul 18 15:58:02 debox sshd[16767]: Invalid user boqor from x.x.x.x
    
    But i can get answers for ldapsearch command

    Code:
    ldapsearch -x -W -D "cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld"|grep sAMAccountName
    Enter LDAP Password:
    
    sAMAccountName: Administrator
    sAMAccountName: Guest
    sAMAccountName: boqor
    .
    .
    .
    

    My config files;

    ldap.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    scope sub
    ssl no
    

    libnss-ldap.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    ldap_version 3
    rootbinddn cn=Administrator,cn=User,dc=ad,dc=domain,dc=tld
    
    libnss-ldap.secret
    Code:
    pazzword
    
    nsswitch.conf
    Code:
    passwd: compat ldap
    shadow: compat ldap
    group: compat ldap
    
    hosts:          files dns
    networks:       files
    protocols:      db files
    services:       db files
    ethers:         db files
    rpc:            db files
    netgroup:       nis
    
    nss-ldapd.conf
    Code:
    host    192.168.0.5
    BASE    dc=ad,dc=domain,dc=tld
    URI     ldap://192.168.0.5/
    binddn  cn=Administrator,cn=Users,dc=ad,dc=domain,dc=tld
    bindpw  pazzword
    scope sub
    timelimit 30
    

    Anybody can help me? How can i debug nss-ldap?
    M$ logs are not readable or helpful.
     
  2. Was there ever a solution to this issue? I face the same thing.

    I have tried seemingly a hundred different things, and it always comes back to this error:

    nss_ldap: failed to bind to LDAP server ldap://x.x.x.x: Invalid credentials

    Domain Controller has event log saying that srv_ldap attempted a type of login for which it is not permitted (interactive). However, srv_ldap does have the right to log on interactively, as specified in Group Policy.

    I'm going insane. Thanks for any help.
     

Share This Page