Hello,
I've been struggling with this issue for a bit, and wanted o see if anyone has encountered this. We have a few ESXi 6.0 boxes that we want to join to our domain so we can leverage our existing security groups and user accounts. Adding the servers to AD went fine, but I can't authenticate with domain credentials. I can search the domain for users and groups and add permissions for them, but if I attempt to log into a server with domain credentials I get "wrong user name or password" errors.
The following messages appear in syslog. I'm assuming I need to change the max packet size, and I believe that is located in; /etc/likewise/openldap/ldap.conf, but I get write errors when editing the file. Right now I'm looking at creating a VIB file to overwrite ldap.conf, but I'm hoping there is an easier way.
Any ideas/help would be life saving. Thanks!
2016-04-11T23:07:45Z lwsmd: [netlogon] Looking for a DC in domain 'EN.AD.FAKEDOMAIN.COM', site '<null>' with flags 0
2016-04-11T23:07:47Z lwsmd: [netlogon] Determining the current time for domain 'EN.AD.FAKEDOMAIN.COM'
2016-04-11T23:07:47Z lwsmd: [netlogon] Looking for a DC in domain 'EN.AD.FAKEDOMAIN.COM', site '<null>' with flags 10
2016-04-11T23:07:49Z lwsmd: [lsass] Delayed backup scheduled
2016-04-11T23:07:49Z lwsmd: encoded packet size too big (6212 > 4096)
2016-04-11T23:07:49Z lwsmd: [netlogon] Looking for a DC in domain 'EN.AD.FAKEDOMAIN.COM', site '<null>' with flags 0
2016-04-11T23:07:49Z lwsmd: [lsass] Clearing ldap DC connection list for domain 'EN.AD.FAKEDOMAIN.COM' due to a network error.
2016-04-11T23:07:49Z lwsmd: encoded packet size too big (6212 > 4096)
2016-04-11T23:07:49Z lwsmd: [lsass] Error code 40286 occurred during attempt 1 of a ldap search. Retrying.
2016-04-11T23:07:49Z lwsmd: [lsass] Clearing ldap DC connection list for domain 'EN.AD.FAKEDOMAIN.COM' due to a network error.
2016-04-11T23:07:49Z lwsmd: encoded packet size too big (6212 > 4096)
2016-04-11T23:07:49Z lwsmd: [lsass] Clearing ldap DC connection list for domain 'EN.AD.FAKEDOMAIN.COM' due to a network error.
2016-04-11T23:07:49Z lwsmd: encoded packet size too big (6212 > 4096)
2016-04-11T23:07:49Z lwsmd: [lsass] Failed to group memberships of SID=S-1-5-21-2818305011-3454714370-2203712527-25848. [error code:40286]
2016-04-11T23:07:49Z lwsmd: [lsass] Failed to authenticate user (name = 'EN\fakeuser') -> error = 40286, symbol = LW_ERROR_LDAP_SERVER_DOWN, client pid = 34128