Ejabberd: LDAP bind failed

in NethServer release 7.4.1708, kernel 3.10.0-693.5.2.el7.x86_64
successfully joined an existing Samba domain, I’m not able to slet ejabberd works, error in log:

2017-11-22 17:12:10.940 [info] <0.37.0>@ejabberd_app:start:76 ejabberd 16.01 is started in the node ejabberd@localhost
2017-11-22 17:12:10.940 [info] <0.7.0> Application ejabberd started on node ejabberd@localhost
2017-11-22 17:12:10.949 [warning] <0.434.0>@eldap:report_bind_failure:1007 LDAP bind failed on server2.taimsrl.lan:389
Reason: strongAuthRequired
2017-11-22 17:12:15.950 [info] <0.434.0>@eldap:connect_bind:1062 LDAP connection on server2.taimsrl.lan:389
2017-11-22 17:12:15.955 [warning] <0.434.0>@eldap:report_bind_failure:1007 LDAP bind failed on server2.taimsrl.lan:389
Reason: strongAuthRequired

anyone has experienced same issue?

thanks

1 Like

My best guess is that you need to change your (domain admin) password that meets the requirements. Or change the requirements for authentication in your Samba domain controller.

This article might help you further: https://support.ca.com/us/knowledge-base-articles.tec1723689.html

Hi robb, thanks for prompt reply.

If I change my domain admiin password, do you think I need to disconnect Nethserver from domain and then rejoin it again?

Thanks

I was just reading the article I linked. Looks like your Samba domain demands LDAPS instead of LDAP to connect. So, no reason to leave and rejoin the domain, just change the method you bind to the domain with ejabber service.

1 Like

It depend on authentication required by the LDAP AD.

Go to “Account provider” page and enable TLS.

TLS was already enabled, I tried to disable and enable it again, no success. No success even with a more complex domain password by the way.

Then try to switch to ldaps and set TLS to disabled :slight_smile:

I would like to not touch the controller domain’c configuration… is there a way to “force” the communication without strongAuthRequired way?

Yes, you don’t need to modify the AD: on the page I told you before, change “ldap://” to “ldaps://” and port to 636 (or whatever is in your AD).

If this doesn’t work, you need to change the AD policies.

Try that and see what happens … SOGo has the same issue.

ok, thanks: I will work on this direction and as soon I will have update I’ll keep you posted
Thanks all of you for help :slight_smile:

Changed and… perfectly working now ^___^
Thanks again :thumbsup:

1 Like

Could you mark the topic as solved please. Here is an instruction how to do it.

Howto mark a topic as solved

2 Likes

So, I use the local Samba DC so all my accounts provider page has is:
So I don’t have the options to change those settings.
How would I change what to fix this?

Thanks

Hi @Socs28,

is it really the same problem because it usually works with local AD?

Do you have similar log entries?

2017-11-22 17:12:10.949 [warning] <0.434.0>@eldap:report_bind_failure:1007 LDAP bind failed on server2.taimsrl.lan:389 Reason: strongAuthRequired

I believe that the new dc and sssd server modules (in testing) solves this. At least it worked for me.

yum --enablerepo=nethserver-testing update nethserver-dc nethserver-sssd

2 Likes

Guys I solved this problem just changing ldap_port = 636 and ldap_encrypt = tls.

1 Like