samba4 and oenldap problem

Andrew Bartlett abartlet at samba.org
Mon Feb 23 19:50:38 MST 2009 

On Tue, 2009-02-24 at 00:46 +0100, Justo Alonso wrote:
> Hi !
>   I'm trying to setup a samba4 PDC with openldap backend.
> 
>   I provision the backend, start openldap, provision .. and all work
> fine (well, I need to change slapd.conf file to set by * read on acl
> to provision works)

I think this is a symptom of the original problem.  You should not have
to allow anonymous access to the directory.

>   When I try to join a windows-xp sp2 computer to the domain, I have
> this error message:
> 
> Failed to create user record
> CN=VM-XP-PRUEBAS,CN=Computers,DC=DOMAIN,DC=COM: LDAP error 8
> LDAP_STRONG_AUTH_REQUIRED -  <modifications require authentication> <>
> 
> Checking the slapd logs, I see that samba server don't bind with any
> user when computer is joining to the domain (it's bind when provision
> the PDC server)

Indeed, and we need to look at this as the root cause.

> I thnink about GSSAPI misconfigured or samba bind credentials .. but I
> can't find anything about this.
> 
> any idea ??

Try with just:

> my provision-backend are:
> ./setup/provision-backend --server-role='domain controller'
> --domain=DOMAIN --realm=domain.com --host-name=faro
> --ldap-backend-type=openldap --ldap-admin-pass=new.password

And with

> my provision call:
> ./setup/provision --realm=domain.com --domain=DOMAIN --host-name=faro
> --host-ip=10.192.1.1 --adminpass=new.password --ldap-backend=ldapi
> --ldap-backend-type=openldap --server-role='domain controller'
> --username=samba-admin --password=new.password
> 
> thanks in advance,
> and sorry for my english

Let me know if this helps.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090224/64324ad7/attachment.bin

More information about the samba-technical mailing list