samba4 and oenldap problem

Justo Alonso justo.alonso at gmail.com
Thu Feb 26 04:12:22 MST 2009 

Hi !

On Tue, Feb 24, 2009 at 3:50 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Tue, 2009-02-24 at 00:46 +0100, Justo Alonso wrote:
>> Hi !
>>   I'm trying to setup a samba4 PDC with openldap backend.
>>
>>   I provision the backend, start openldap, provision .. and all work
>> fine (well, I need to change slapd.conf file to set by * read on acl
>> to provision works)
>
> I think this is a symptom of the original problem.  You should not have
> to allow anonymous access to the directory.
>

yes ..

>>   When I try to join a windows-xp sp2 computer to the domain, I have
>> this error message:
>>
>> Failed to create user record
>> CN=VM-XP-PRUEBAS,CN=Computers,DC=DOMAIN,DC=COM: LDAP error 8
>> LDAP_STRONG_AUTH_REQUIRED -  <modifications require authentication> <>
>>
>> Checking the slapd logs, I see that samba server don't bind with any
>> user when computer is joining to the domain (it's bind when provision
>> the PDC server)
>
> Indeed, and we need to look at this as the root cause.
>
>> I thnink about GSSAPI misconfigured or samba bind credentials .. but I
>> can't find anything about this.
>>
>> any idea ??
>
> Try with just:
>
>> my provision-backend are:
>> ./setup/provision-backend --server-role='domain controller'
>> --domain=DOMAIN --realm=domain.com --host-name=faro
>> --ldap-backend-type=openldap --ldap-admin-pass=new.password
>

all work fine now .. then .. no --simble-bind-dn parameter ...

> And with
>
>> my provision call:
>> ./setup/provision --realm=domain.com --domain=DOMAIN --host-name=faro
>> --host-ip=10.192.1.1 --adminpass=new.password --ldap-backend=ldapi
>> --ldap-backend-type=openldap --server-role='domain controller'
>> --username=samba-admin --password=new.password
>>
>> thanks in advance,
>> and sorry for my english
>
> Let me know if this helps.
>

yes you help me !! thanks ! ;-)

> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.                  http://redhat.com
>
>

More information about the samba-technical mailing list