Bonjour,
Je viens de créer un rodc connecter sur un ad1 tout les deux en version 4.11.6 et je souhaiterai pouvoir connecter mes appli en ldap sur le rodc.
Est-ce que cela est envisageable?
Merci d'avance pour vos retours d'experience car pour le moment cela ne fonctionne pas dans mes tests, j'ai ce genre de retour sur ma commande ldapsearch :
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 40, v1db1
et ce genre de log :
[2020/06/09 12:18:46.845786, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2020/06/09 12:18:46.850433, 3] ../../source4/auth/ntlm/auth.c:240(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [(null)]\[adm-test@domain.local]@[(null)]
auth_check_password_send: user is: [DOMAIN]\[adm-test]@[(null)]
[2020/06/09 12:18:46.852915, 1] ../../source4/dsdb/samdb/ldb_modules/rootdse.c:518(rootdse_add_dynamic)
rootdse_add_dynamic: Failed to convert GUID into full DN in rootDSE for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>: Base-DN '<GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>' not found
[2020/06/09 12:18:46.853228, 1] ../../source4/dsdb/common/util.c:1397(samdb_ntds_settings_dn)
Searching for dsServiceName in rootDSE failed: Failed to find full DN for dsServiceName: <GUID=748b1765-24c5-44f0-b509-da38bf3e77e9>
[2020/06/09 12:18:46.853401, 1] ../../source4/dsdb/common/util.c:1418(samdb_ntds_settings_dn)
Failed to find our own NTDS Settings DN in the ldb!
[2020/06/09 12:18:46.853660, 3] ../../source4/dsdb/repl/drepl_secret.c:145(drepl_repl_secret)
../../source4/dsdb/repl/drepl_secret.c:145: started secret replication for CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local
[2020/06/09 12:18:46.854850, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855007, 5] ../../source4/auth/ntlm/auth.c:69(auth_get_challenge)
auth_get_challenge: returning previous challenge by module random (normal)
[2020/06/09 12:18:46.855255, 5] ../../source3/winbindd/winbindd_irpc.c:210(wb_irpc_SamLogon)
wb_irpc_SamLogon called
[2020/06/09 12:18:46.866485, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
ldb_wrap open of idmap.ldb
[2020/06/09 12:18:46.949594, 3] ../../source4/dsdb/repl/drepl_secret.c:53(drepl_repl_secret_callback)
../../source4/dsdb/repl/drepl_secret.c:53: repl secret failed for user CN=adm-test,OU=SYSTEME,OU=USERS,OU=YS,DC=domain,DC=local - WERR_DS_DRA_BAD_DN: extended_ret[0x0
[2020/06/09 12:18:50.424578, 0] ../../source3/winbindd/winbindd_irpc.c:55(wb_irpc_forward_callback)
RPC callback failed for winbind_SamLogon - NT_STATUS_CONNECTION_DISCONNECTED
[2020/06/09 12:18:50.426286, 2] ../../source4/auth/ntlm/auth.c:472(auth_check_password_recv)
auth_check_password_recv: winbind authentication for user [DOMAIN\adm-test] FAILED with error NT_STATUS_CONNECTION_DISCONNECTED, authoritative=1
[2020/06/09 12:18:50.426364, 2] ../../auth/auth_log.c:635(log_authentication_event_human_readable)
Auth: [LDAP,simple bind/TLS] user [(null)]\[adm-test@domain.local] at [Tue, 09 Jun 2020 12:18:50.426344 UTC] with [Plaintext] status [NT_STATUS_CONNECTION_DISCONNECTED] workstation [(null)] remote host [ipv4:127.0.0.1:57600] mapped to [DOMAIN]\[adm-test]. local host [ipv4:127.0.1.1:389]
{"timestamp": "2020-06-09T12:18:50.426440+0000", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 8, "status": "NT_STATUS_CONNECTION_DISCONNECTED", "localAddress": "ipv4:127.0.1.1:389", "remoteAddress": "ipv4:127.0.0.1:57600", "serviceDescription": "LDAP", "authDescription": "simple bind/TLS", "clientDomain": null, "clientAccount": "adm-test@domain.local", "workstation": null, "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "adm-test", "mappedDomain": "DOMAIN", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "Plaintext", "duration": 3576941}}
[2020/06/09 12:18:50.428280, 3] ../../source4/smbd/service_stream.c:67(stream_terminate_connection)
stream_terminate_connection: Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT'
J'ai testé différent paramétrage mais je n'arrive pas a faire fonctionner le ldap.
Toute aide sera apprécié.