ldap3 icon indicating copy to clipboard operation
ldap3 copied to clipboard
verified publisher icon cannatag

NTLM connection fails on samba4 AD

Open jasperges opened this issue 5 years ago • 5 comments

Hi,

This is basically the same issue as https://github.com/cannatag/ldap3/issues/663 But because the issue is closed and I didn't get any response when I tried to re-open it, I am now filing this new issue.

Recently the studio I work for started using Samba AD and we ran into this issue. When I try to bind with the NTLM authentication method, I get this exception: ldap3.core.exceptions.LDAPSessionTerminatedByServerError: session terminated by server. The sysadmin looked into it, but the only thing he could find in the log of the Samba AD server was this: stream_terminate_connection: Terminating connection - 'LDAP_PROTOCOL_ERROR'.

If anyone knows what is going on or what other things we can try, please let me know. In the mean time we have found a 'hacky' workaround, but I still would like this to be solved properly.

Any help will we greatly appreciated.

jasperges avatar Jun 30 '20 06:06 jasperges

Hi, can you be more descriptive? How can I reproduce the error? It would be great if you could provide a dockerfile with a Samba 4 server working so that I can check what the error is because I don't have a Samba AD server in my lab.

cannatag avatar Jul 08 '20 22:07 cannatag

Hi, thanks for your answer. And, yes I can me more descriptive. :)

The code that leads to the error:

from ldap3 import ALL, NTLM, Connection, Server

server = Server("127.0.0.1:389", get_info=ALL)
conn = Connection(
    server,
    user="domain\\user.login",
    password="mysecret",
    authentication=NTLM,
    raise_exceptions=True,
)
conn.bind()

Server, user and password use real values of course.

And the traceback:

Traceback (most recent call last):
  File "test.py", line 11, in <module>
    conn.bind()
  File ".../venv/lib/python3.7/site-packages/ldap3/core/connection.py", line 600, in bind
    response = self.do_ntlm_bind(controls)
  File ".../venv/lib/python3.7/site-packages/ldap3/core/connection.py", line 1324, in do_ntlm_bind
    response = self.post_send_single_response(self.send('bindRequest', request, controls))
  File ".../venv/lib/python3.7/site-packages/ldap3/strategy/sync.py", line 121, in post_send_single_response
    responses, result = self.get_response(message_id)
  File ".../venv/lib/python3.7/site-packages/ldap3/strategy/base.py", line 368, in get_response
    raise LDAPSessionTerminatedByServerError(self.connection.last_error)
ldap3.core.exceptions.LDAPSessionTerminatedByServerError: session terminated by server

I will see if I can get a Dockerfile with a working Samba 4 server. I didn't set up the server myself and I actually don't know much about it. Will post again if I get it to work.

jasperges avatar Jul 14 '20 18:07 jasperges

Hi, sorry for the long delay... Could you provide me the Dockerfile and the code that shows the issue so I can work on it?

Thanks, Giovanni

cannatag avatar Dec 26 '20 17:12 cannatag

Sorry, for the extremely long delay. I haven't been able to get it running in a Docker container. As said it was set up by our system administrator (without Docker). As I will be leaving the company, I personally don't have a need to get this fixed any more.

I will pass this issue on to one of my colleagues, maybe they have time to dive deeper into the problem. For what it's worth: the error is still the same. We now use a hacky workaround.

Feel free to close the issue if no one else responds.

jasperges avatar Aug 10 '22 14:08 jasperges

I am experiencing the same issue with the ldap3 Python module. I am using Samba 4.15.13 as a DC and I am confident that it is configured correctly since it works fine with Windows and other tools such as LDAP Account Manager or ldbsearch. Have there been any updates or new information regarding this issue since it was first reported?

samba --version
Version 4.15.13-Ubuntu

import ldap3

print(ldap3.__version__)
2.9.1

server = ldap3.Server('ldap://dc', use_ssl=False, get_info=ldap3.ALL)
conn = ldap3.Connection(
     server,
     'domain\\admin',
     password='password',
     authentication=ldap3.NTLM,
     auto_bind=True
)

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.8/dist-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/lib/python3.8/dist-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
    self.bind(read_server_info=True)
  File "/usr/local/lib/python3.8/dist-packages/ldap3/core/connection.py", line 628, in bind
    response = self.do_ntlm_bind(controls)
  File "/usr/local/lib/python3.8/dist-packages/ldap3/core/connection.py", line 1373, in do_ntlm_bind
    response = self.post_send_single_response(self.send('bindRequest', request, controls))
  File "/usr/local/lib/python3.8/dist-packages/ldap3/strategy/sync.py", line 160, in post_send_single_response
    responses, result = self.get_response(message_id)
  File "/usr/local/lib/python3.8/dist-packages/ldap3/strategy/base.py", line 370, in get_response
    raise LDAPSessionTerminatedByServerError(self.connection.last_error)
ldap3.core.exceptions.LDAPSessionTerminatedByServerError: session terminated by server

Thank you for your efforts.

ghost avatar Apr 04 '23 18:04 ghost