Hi all,
I'm running old samba4 DC and trying to set up LDAP authentication for https://www.reviewboard.org/docs/manual/3.0/admin/configuration/authenticati...
These settings are almost working for me:
-> Authentication Method: LDAP -> LDAP Server: ldap://192.168.x.x:389 -> Review Board LDAP Bind Account: cn=auth,cn=Users,dc=domain,dc=co,dc=uk -> Review Board LDAP Bind Password: ******** -> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk -> Username Attribute: uid -> Given Name Attribute: givenName -> Surname Attribute: sn -> Full Name Attribute: cn -> E-Mail LDAP Attribute: mail -> E-Mail Domain: (blank) -> Custom LDAP User Search Filter: (blank)
I have a weird problem with about half of users being able to log in:
2020-05-26 11:32:07,623 - DEBUG - - root - Attempting to authenticate user DN "CN=dummy1,CN=Users,DC=domain,DC=co,DC=uk" (username dummy1) in LDAP
and half unable:
2020-05-26 11:40:57,671 - ERROR - - root - Unexpected error authenticating user "dummy2" in LDAP: 'NoneType' object has no attribute 'decode'
After ruling out the obvious such as AD groups membership and primary groups I compared ldapsearch dumps:
ldapsearch -D 'admin@domain.co.uk' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H ldap://192.168.x.x -W sAMAccountName=dummy
I've noticed that all of those who cannot log in are missing msSFU30Name and msDS-SupportedEncryptionTypes attributes.
I've added them to match settings for the successful users as below:
dummy2.ldif
dn: CN=dummy2,CN=Users,DC=domain,DC=co,DC=uk changetype: modify add: msSFU30Name msSFU30Name: dummy2 add: msDS-SupportedEncryptionTypes msDS-SupportedEncryptionTypes: 0
ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U dummy2 Modified 1 records successfully
Unfortunately it didn't help :(
Any ideas why?
Thanks, Adam