[Samba] samba-3.0.2a openldap-2.1
Peter Nyberg
Peter.Nyberg at dbb.su.se
Tue Jun 1 09:53:53 GMT 2004
Hi!
-I've separated samba-3.0.2a and openldap-2.1 on two computers with Slackware 9.1
-smbldap_populate.pl genertated all standard groups and the Administrator account
-The ldap seams to work now
ldapsearch -H ldap://l1.dbb.su.se/ -b dc=dbb,dc=su,dc=se -x
ldap_bind: Confidentiality required (13)
additional info: TLS confidentiality required
-This is like it should be since the server require TLS
ldapsearch -H ldaps://l1.dbb.su.se/ -b dc=dbb,dc=su,dc=se -x
-Generates all in the ldap database
-But when I try to do:
root at s2:/usr/local/samba/bin# ./net rpc group LIST global -U administrator
Password:
The username or password was not correct.
-And
root at s2:/usr/local/samba/bin# ./smbclient -L localhost -U administrator
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
-I'm very confused. Isn't the password the same as in secret.tdb and slapd.conf?
-In my log.smbd i can see this:
[2004/06/01 11:03:50, 1] lib/smbldap.c:smbldap_retry_open(896)
Connection to LDAP Server failed for the 1 try!
[2004/06/01 11:03:50, 0] lib/smbldap.c:smbldap_search_suffix(1113)
smbldap_search_suffix: Problem during the LDAP search: (unknown)
(Inappropriate authentication)
-If I do a:
root at s2:/usr/local/samba/bin# ./testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = DBB
server string = Samba PDC running %v
update encrypted = Yes
passdb backend = ldapsam:ldap://l1.dbb.su.se
username map = /etc/samba/smbusers
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
printcap name = /etc/cups/printers.conf
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.profile
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
ldap suffix = dc=dbb,dc=su,dc=se
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = "cn=Manager,dc=dbb,dc=su,dc=se"
ldap ssl = start tls
ldap passwd sync = Yes
ldap delete dn = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
path = /home/Users
hosts allow = 130.237.179.0/24
printing = cups
root at s2:/usr/local/samba/bin#
I welcome all kinds of help or ideas!
Peter Nyberg
Institutionen för Biokemi och Biofysik (DBB)
Sv.Arrhenius vägen 12
106 91 Stockholm
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 08 153679
More information about the samba
mailing list