search

Fmstrat / samba-domain

Samba Active Directory Domain Controller for Docker
GNU General Public License v3.0
263 stars 121 forks source link

Cannot connect using ldapsearch #26

Closed suityou01 closed 1 year ago

suityou01 commented 4 years ago

I have it running using docker-compose up. It says it is running successfully on the ip address and external network I set up as per the instructions.

Yet when I try and connect it won't

ldapsearch -x -b "dc=corp,dc=com" -H ldap://192.168.1.102 -D "cn=admin,dc=corp,dc=com" -W

It returns

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

What am I doing wrong?

The docker-compose file is as per the example with a couple of tweaks of ip addresses such that 

samba:
    image: nowsci/samba-domain
    container_name: samba
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /data/docker/containers/samba/data/:/var/lib/samba
      - /data/docker/containers/samba/config/samba:/etc/samba/external
    environment:
      - DOMAIN=CORP.EXAMPLE.COM
      - DOMAINPASS=ThisIsMyAdminPassword!
      - DNSFORWARDER=192.168.1.1
      - HOSTIP=192.168.1.102
    networks:
      - extnet
    ports:
      - 192.168.1.102:53:53
      - 192.168.1.102:53:53/udp
      - 192.168.1.102:88:88
      - 192.168.1.102:88:88/udp
      - 192.168.1.102:135:135
      - 192.168.1.102:137-138:137-138/udp
      - 192.168.1.102:139:139
      - 192.168.1.102:389:389
      - 192.168.1.102:389:389/udp
      - 192.168.1.102:445:445
      - 192.168.1.102:464:464
      - 192.168.1.102:464:464/udp
      - 192.168.1.102:636:636
      - 192.168.1.102:1024-1044:1024-1044
      - 192.168.1.102:3268-3269:3268-3269
    dns_search:
      - corp.example.com
    dns:
      - 192.168.1.102
      - 192.168.1.1
    extra_hosts:
      - localdc.corp.example.com:192.168.1.102
    hostname: localdc
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    privileged: true
    restart: always
magJ commented 3 years ago

I was also having some issues just figuring out what DN to use when authenticating.
Managed to get it to work with the following command: Note my domain is just "EXAMPLE.COM"

LDAPTLS_REQCERT=never ldapsearch -x -b "dc=example,dc=com" -H ldap://192.168.1.15 -D "CN=Administrator,CN=Users,DC=EXAMPLE,DC=COM" -w "ThisIsMyAdminPassword1!" -v -Z
Fmstrat commented 1 year ago

Closed due to age and no reply from author.