samba4 and oenldap problem

Andrew Bartlett abartlet at
Mon Feb 23 19:50:38 MST 2009

On Tue, 2009-02-24 at 00:46 +0100, Justo Alonso wrote:
> Hi !
>   I'm trying to setup a samba4 PDC with openldap backend.
>   I provision the backend, start openldap, provision .. and all work
> fine (well, I need to change slapd.conf file to set by * read on acl
> to provision works)

I think this is a symptom of the original problem.  You should not have
to allow anonymous access to the directory.

>   When I try to join a windows-xp sp2 computer to the domain, I have
> this error message:
> Failed to create user record
> LDAP_STRONG_AUTH_REQUIRED -  <modifications require authentication> <>
> Checking the slapd logs, I see that samba server don't bind with any
> user when computer is joining to the domain (it's bind when provision
> the PDC server)

Indeed, and we need to look at this as the root cause.

> I thnink about GSSAPI misconfigured or samba bind credentials .. but I
> can't find anything about this.
> any idea ??

Try with just:

> my provision-backend are:
> ./setup/provision-backend --server-role='domain controller'
> --domain=DOMAIN --host-name=faro
> --ldap-backend-type=openldap --ldap-admin-pass=new.password

And with

> my provision call:
> ./setup/provision --domain=DOMAIN --host-name=faro
> --host-ip= --adminpass=new.password --ldap-backend=ldapi
> --ldap-backend-type=openldap --server-role='domain controller'
> --username=samba-admin --password=new.password
> thanks in advance,
> and sorry for my english

Let me know if this helps.  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list