[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authentication failure
- To: openldap-technical@openldap.org
- Subject: authentication failure
- From: Adam Weremczuk <adamw@matrixscience.com>
- Date: Wed, 12 Jun 2019 15:33:35 +0100
- Content-language: en-US
- Organization: Matrix Science Ltd
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
Hi all,
I'm trying to make pfSense talk to Samba AD LDAP through "bind
credentials to resolve distinguished names" option.
I have 2 accounts which, as far as I can tell, look identical from AD
perspective.
One of them successfully connects (Samba logs):
[2019/06/12 14:34:41.517364, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2019/06/12 14:34:41.520731, 3]
../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[MATRIX_SCIENCE]\[account1]@[(null)]
auth_check_password_send: mapped user is:
[MATRIX_SCIENCE]\[account1]@[(null)]
[2019/06/12 14:34:41.521510, 4]
../source4/auth/sam.c:183(authsam_account_ok)
authsam_account_ok: Checking SMB password for user account1
The other one fails:
[2019/06/12 15:09:56.215000, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2019/06/12 15:09:56.217871, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2019/06/12 15:09:56.217941, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
Any idea what the second account is missing?
The difference must be restricted to what's replicated between domain
controllers as the behavior is identical against the primary and
secondary one.
Thanks,
Adam