Bug 9048 - Samba4 ldap error codes
Samba4 ldap error codes
Status: NEW
Product: Samba 4.0
Classification: Unclassified
All All
: P5 enhancement
: ---
Assigned To: Andrew Bartlett
Depends on:
  Show dependency treegraph
Reported: 2012-07-18 08:59 UTC by miquel
Modified: 2014-04-24 19:25 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description miquel 2012-07-18 08:59:50 UTC
The error codes from samba4, not follow the same sintax that AD error codes:

for the same error:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
        additional info: Simple Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE

Enter LDAP Password:                                                                                                                                        
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 773, v1db1

Some softwares like openam/opensso uses this return codes to manage password change/expiration, etc..
Comment 1 Arvid Requate 2013-06-26 17:32:48 UTC
The error code is the same: "code = 49, message = Invalid credentials", only the extendederrormessage contains the reason in the code after the "data" keyword. Samba cannot guess which kind of pattern matching different clients try to extract this information. I guess it's a bit much to ask from Samba to mimic this error message 1:1, at least at this stage of development. I guess the proper way to detect this would have to be implemented in the client by trying a netlogon to retrieve additional information on the circumstances of the problem.
Comment 2 Matthias Dieter Wallnöfer 2014-04-24 19:25:44 UTC
Yes, we do our best to match the main LDAP error code and I have not seen any tool yet which expects also the extended error message to be the same as on Windows.
The bug is valid, but I mark it as ENHANCEMENT.