[Samba] Access remote ldap for classicupgrade
Rowland Penny
rowlandpenny241155 at gmail.com
Fri Sep 18 19:25:48 UTC 2015
On 18/09/15 19:50, Robert Moskowitz wrote:
> OK. So I added to /etc/samba/smb.conf in the [Global] section:
>
> passdb backend = ldapsam:ldaps://192.168.128.2
> ldap admin dn = cn=manager,ou=Internal,dc=home,dc=htt
> ldap group suffix = ou=Groups,ou=Accounts
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers,ou=Accounts
> ldap passwd sync = No
> ldap suffix = dc=home,dc=htt
> ldap user suffix = ou=Users,ou=Accounts
> ldap connection timeout = 8
> ldap ssl = Off
>
> I ran:
>
> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/
> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ
> /root/samba.PDC/etc/smb.conf
>
> And it failed as folllows:
>
> Reading smb.conf
> NOTE: Service printers is flagged unavailable.
> NOTE: Service print$ is flagged unavailable.
> Unknown parameter encountered: "force directory security mode"
> Ignoring unknown parameter "force directory security mode"
> Provisioning
> failed to bind to server ldaps://192.168.128.2 with
> dn="cn=manager,ou=Internal,dc=home,dc=htt" Error: Can't contact LDAP
> server
> TLS error -8172:Peer's certificate issuer has been marked as not
> trusted by the user.
> Connection to LDAP server failed for the 1 try!
> Connection to LDAP server failed for the 2 try!
> Connection to LDAP server failed for the 3 try!
> Connection to LDAP server failed for the 4 try!
> Connection to LDAP server failed for the 5 try!
> Connection to LDAP server failed for the 6 try!
> Connection to LDAP server failed for the 7 try!
> Connection to LDAP server failed for the 8 try!
> Connection to LDAP server failed for the 9 try!
> Connection to LDAP server failed for the 10 try!
> Connection to LDAP server failed for the 11 try!
> Connection to LDAP server failed for the 12 try!
> Connection to LDAP server failed for the 13 try!
> Connection to LDAP server failed for the 14 try!
> Connection to LDAP server failed for the 15 try!
> pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
> the domain. We cannot work reliably without it.
> pdb backend ldapsam:ldaps://192.168.128.2 did not correctly init
> (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
> ERROR(<class 'passdb.error'>): uncaught exception - Cannot load
> backend methods for 'ldapsam:ldaps://192.168.128.2' backend
> (-1073741606,Configuration information could not be read from the
> domain controller, either because the machine is unavailable or access
> has been denied.)
> File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line
> 1452, in run
> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> File "/usr/lib/python2.7/site-packages/samba/upgrade.py", line 483,
> in upgrade_from_samba3
> s3db = samba3.get_sam_db()
> File "/usr/lib/python2.7/site-packages/samba/samba3/__init__.py",
> line 394, in get_sam_db
> return passdb.PDB(self.lp.get('passdb backend'))
>
>
I wonder if you can turn off SSL on the old server, what do you have in
/etc/ldap.conf (or /etc/ldap/ldap.conf or /etc/openldap/ldap.conf ) ?
Rowland
More information about the samba
mailing list