[Samba] Failed to retrieve password from secrets.tdb with anonymous bind

Dr. Alberto Benati benati at economia.unife.it
Tue Sep 9 20:51:51 GMT 2008 

Samba 3.2.1 on linux OpenFiler 2.3

I have an external LDAP server with anonymous bind and pam
ProFtpd linked to LDAP server works well without error


But samba does not work, in smbd.log I have:
[2008/09/09 22:01:54,  0] passdb/secrets.c:fetch_ldap_pw(888)
 fetch_ldap_pw: neither ldap secret retrieved!
[2008/09/09 22:01:54,  0] lib/smbldap.c:smbldap_connect_system(952)
 ldap_connect_system: Failed to retrieve password from secrets.tdb
[2008/09/09 22:01:54,  1] lib/smbldap.c:another_ldap_try(1178)
 Connection to LDAP server failed for the 1 try!
.........................


Part of smb.conf:
ldap ssl = no
ldap suffix = ou=People,dc=unizz,dc=it
encrypt passwords = yes
security = user
passdb backend = ldapsam:ldap://ldap.unizz.it
ldap user suffix = ou=People
pam password change = no


I tried to add password in secrets.tdb, but:
[root at backup2 samba]# smbpasswd -w ""
ERROR: 'ldap admin dn' not defined! Please check your smb.conf

I then added in smb.conf a fake:
ldap admin dn = ou=People,dc=unizz,dc=it

[root at backup2 samba]# tdbdump /etc/samba/secrets.tdb
{
key(19) = "SECRETS/SID/BACKUP2"
data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00A,\EB\C1\E5\5C/(\E7\DDl
\A7\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key(45) = "SECRETS/LDAP_BIND_PW/ou=People,dc=unizz,dc=it"
data(1) = "\00"


now without the row I have always same prev error
and with the row ldap admin dn = ou=People,dc=unizz,dc=it I have now:
[2008/09/09 22:15:13,  0] lib/smbldap.c:smbldap_connect_system(992)
 failed to bind to server ldap://ldap.unizz.it with
dn="ou=People,dc=unizz,dc=it" Error: Server is unwilling to perform
       unwilling to allow anonymous bind with non-empty DN
[2008/09/09 22:15:13,  1] lib/smbldap.c:another_ldap_try(1178)
 Connection to LDAP server failed for the 1 try!
..................

rightly, but I can not go out from this situation.
Any suggestion?

Thank you
Alby

More information about the samba mailing list