Hi all,
I'm trying to make pfSense talk to Samba AD LDAP through "bind credentials to resolve distinguished names" option.
I have 2 accounts which, as far as I can tell, look identical from AD perspective.
One of them successfully connects (Samba logs):
[2019/06/12 14:34:41.517364, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2019/06/12 14:34:41.520731, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [MATRIX_SCIENCE][account1]@[(null)] auth_check_password_send: mapped user is: [MATRIX_SCIENCE][account1]@[(null)] [2019/06/12 14:34:41.521510, 4] ../source4/auth/sam.c:183(authsam_account_ok) authsam_account_ok: Checking SMB password for user account1
The other one fails:
[2019/06/12 15:09:56.215000, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2019/06/12 15:09:56.217871, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2019/06/12 15:09:56.217941, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
Any idea what the second account is missing?
The difference must be restricted to what's replicated between domain controllers as the behavior is identical against the primary and secondary one.
Thanks, Adam