I'm trying to add a Linux server to a network which is controlled by AD. The aim is that users of the server will be able to authenticate against the AD domain. I have Kerberos working, but NSS / PAM are more problematic. I'm trying to debug with a simple command such as the following, please see the error. Can anyone assist me to debug?

root@antonyg04:~# ldapsearch -H ldap://raadc04.corp.MUNGED.com/ -x -D
"cn=MUNGED,ou=Users,dc=corp,dc=MUNGED,dc=com" -W uid=MUNGED
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
    additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext 
error, data 525, vece

I have had to munge some details, but I can tell you that cn=MUNGED is my username for logging into the AD domain, and the password that I typed was the password for said domain. I don't know why it says "Invalid credentials", and the rest of the error is so cryptic, I have no idea.

Is my approach somehow flawed? Is my DN obviously wrong? How can I confirm the correct DN? There was a tool online but I can't find it.

NB I have no access to the AD Server for administration or configuration.