Jump to content

AD authentication using samba or OpenLDAP?


Recommended Posts



I've been trying to setup AD authentication using our samba AD replica but there are weird errors so, first of all I'm curious whether samba or OpenLDAP  methods are supported/tested at all?


Just adding it seems to be fine at first, but e.g. adding security groups fails. The groups are listed properly but adding it throws an error with like no details :(

nfortunately an error has occurred within the Passwordstate web site, for which we apologize for the inconvenience.

If Passwordstate is able to communicate with the database, then the error will be logged on the screen Administration -> Passwordstate Administration -> Error Console.
If you are unable to view the Error Console screen for any reason, you can ask your Database Administrator to run the following SQL Query, which will show the same data from the Error Console Screen:

USE Passwordstate
If you need some assistance from Click Studios in troubleshooting this error, please ask your Passwordstate Security Administrators to contact us for help.


Error console:

A more secure authentication method is required for this server. , StackTrace = at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at admin_securitygroups_addadsg.CountNumberOfRequiredLicenses(String strSecurityGroup, String DomainName, String FQDN, String ObjectSID) at admin_securitygroups_addadsg.SaveSecurityGroup(String Button) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


Thing is, it's already LDAPS so I'm not sure what that means and why it's fine to fetch the groups, accounts etc. but adding it fails.

Adding a user seems to work as well as the login.


Another, even more weird error:

Trying to add a security group using the right arrow results in:

It appears an error has occured trying to query Active Directory for user information.
Please check the 'Active Directory Domain Name' value specified below is correct. If not, please update in the 'Active Directory Domains' screen.
Active Directory Information
NetBIOS Name: office
FQDN: ad.dc.somecompany.com
LDAP Query String: 

How can the LDAP query string be empty?


Any ideas?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...