samba4 alpha5 with openldap

Oliver Liebel oliver at itc.li
Thu Jul 24 10:22:20 GMT 2008 

i tried to setup latest samba4 version from git with ol 2.4.11
and ran into some trouble during provisioning.
following the steps in the wiki -as andrew mentioned below-
the provision-backend script runs ok with the following directives:

#> setup/provision-backend --realm=local.site --domain=local 
--ldap-admin-pass=linux
--ldap-backend-type=openldap --server-role='domain controller'
....
Converted 536 records (skipped 13) with 0 failures
Your openldap Backend for Samba4 is now configured, and is ready to be 
started
Server Role:         domain controller
Hostname:            ldapmaster
DNS Domain:          local.site
Base DN:             DC=local,DC=site
LDAP admin user:     samba-admin
LDAP admin password: linux
Start slapd with:    slapd -f /usr/local/samba/private/ldap/slapd.conf 
-h ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi
....

next starting slapd in debug mode, everything ok.

the final provisioning works only if the 
<--simple-bind-dn="cn=samba-admin,cn=samba">  option is set, otherwise 
an authentication error rises:
(ldb.LdbError: (8, 'LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -  
<modifications require authentication> <>')

using the following settings:
#> setup/provision --realm=local.site --domain=local --adminpass=linux
--ldap-backend-type=openldap --ldap-backend=ldapi --server-role='domain 
controller' 
--simple-bind-dn="cn=samba-admin,cn=samba" --password=linux
....
Server Role:    domain controller
Hostname:       ldapmaster
NetBIOS Domain: LOCAL
DNS Domain:     local.site
DOMAIN SID:     S-1-5-21-924630919-2254292606-675636976
Admin password: linux
....

everything seems to work so far, but after setting up dns,krb and 
starting smbd (-i -d 4)
i got the following errors:
....
ldb: pdc_fsmo_init: no domain object present: (skip loading of domain 
details)
ldb: schema_fsmo_init: no schema head present: (skip schema loading)
ldb: naming_fsmo_init: no partitions dn present: (skip loading of naming 
contexts details)
ldb: pdc_fsmo_init: no domain object present: (skip loading of domain 
details)
Searching for fSMORoleOwner in DC=local,DC=site failed: LDAP error 32 
LDAP_NO_SUCH_OBJECT -  <> <>
Failed to find if we are the PDC for this ldb
Failed to find our own NTDS Settings objectGUID in the ldb!
....

and i cant access the dit anyway.



the next point:
in the auto-generated slapd.conf there are several rootdn used
(for the subcontexts user,config,schema), which is ok so far.
but the rootdn  cn=Manager,cn=Samba  is the
rootdn for ...what? and is it ok that there is no corresponding rootpw 
at all?
during provisioning, the object
LDAP admin user:     samba-admin
is created, and seems only to be used with the refint_modifiersname
(regarding to the thread "memberOf search ACLs" between andrew bartlett
an pierangelo masarati)


maybe i got the wrong view, but the provisioning-options
(--adminpass, --password, --simple-bind-dn)
in conjunction with the used rootdns  seems to me a little bit confusing.

greetings,
oliver























Andrew Bartlett schrieb:
> On Wed, 2008-07-23 at 15:00 +0200, Oliver Liebel wrote:
>   
>> hi andrew,
>>
>> i had just setup samba4 alpha5 with openldap 2.4.10, using the following 
>> configuration:
>>     
>
> Can you use a current GIT snapshot?  The changed documentation in the
> wiki represents the changes in the current GIT tree (I should make that
> clear).
>
> Andrew Bartlett
>
>   

____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4617 from 24.07.2008
Virus news: www.antiviruslab.com

More information about the samba-technical mailing list