Samba4 OpenLDAP backend

Wed Apr 28 05:18:41 MDT 2010

Hello Andrew,

After install cyrus-sasl* from yum,  provision script worked with some
errors.

Failed to bind - LDAP client internal error:
NT_STATUS_UNEXPECTED_NETWORK_ERROR
Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=samba,DC=domain,DC=com
pdc_fsmo_init: no domain object present: (skip loading of domain details)

Adding configuration container
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts
details)

Setting up sam.ldb schema
Reopening sam.ldb with new schema
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts
details)
naming_fsmo_init: no partitions dn present: (skip loading of naming contexts
details)

And it didn't populated any database in ldap....

# samba -i -M single -d3

/usr/local/samba/sbin/samba_spnupdate: Failed to bind - LDAP error 49
LDAP_INVALID_CREDENTIALS -  <SASL(-13): user not found: no secret in
database> <>
/usr/local/samba/sbin/samba_spnupdate: Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
/usr/local/samba/sbin/samba_spnupdate: module partition initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module show_deleted initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module extended_dn_out_openldap
initialization failed
/usr/local/samba/sbin/samba_spnupdate: module schema_load initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module kludge_acl initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module operational initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module acl initialization failed
/usr/local/samba/sbin/samba_spnupdate: module descriptor initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module objectclass initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module asq initialization failed
/usr/local/samba/sbin/samba_spnupdate: module server_sort initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module paged_results initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module lazy_commit initialization
failed
/usr/local/samba/sbin/samba_spnupdate: module rootdse initialization failed
/usr/local/samba/sbin/samba_spnupdate: module samba_dsdb initialization
failed
/usr/local/samba/sbin/samba_spnupdate: Unable to load modules for
/usr/local/samba/private/sam.ldb: (null)
/usr/local/samba/sbin/samba_spnupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_spnupdate:   File
"/usr/local/samba/sbin/samba_spnupdate", line 75, in <module>
/usr/local/samba/sbin/samba_spnupdate:     print("Unable to open sam
database %s : %s" % (lp.get("sam database")), msg)
/usr/local/samba/sbin/samba_spnupdate: TypeError: not enough arguments for
format string
Child /usr/local/samba/sbin/samba_spnupdate exited with status 1 - Operation
not permitted
dsdb/dns/dns_update.c:278: Failed SPN update - NT_STATUS_ACCESS_DENIED
/usr/local/samba/sbin/samba_dnsupdate: Failed to bind - LDAP error 49
LDAP_INVALID_CREDENTIALS -  <SASL(-13): user not found: no secret in
database> <>
/usr/local/samba/sbin/samba_dnsupdate: Failed to connect to
'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
/usr/local/samba/sbin/samba_dnsupdate: module partition initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module show_deleted initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module extended_dn_out_openldap
initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module schema_load initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module kludge_acl initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module operational initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module acl initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module descriptor initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module objectclass initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module asq initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module server_sort initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module paged_results initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module lazy_commit initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: module rootdse initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module samba_dsdb initialization
failed
/usr/local/samba/sbin/samba_dnsupdate: Unable to load modules for
/usr/local/samba/private/sam.ldb: (null)
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 249, in <module>
/usr/local/samba/sbin/samba_dnsupdate:     sub_vars = get_subst_vars()
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/sbin/samba_dnsupdate", line 195, in get_subst_vars
/usr/local/samba/sbin/samba_dnsupdate:     lp=lp)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 49, in
__init__
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/__init__.py", line 111,
in __init__
/usr/local/samba/sbin/samba_dnsupdate:     self.connect(url, flags, options)
/usr/local/samba/sbin/samba_dnsupdate:   File
"/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 59, in
connect
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate: _ldb.LdbError: (80, None)
Child /usr/local/samba/sbin/samba_dnsupdate exited with status 1 - Operation
not permitted
dsdb/dns/dns_update.c:249: Failed DNS update - NT_STATUS_ACCESS_DENIED

On Wed, Apr 28, 2010 at 11:53 AM, nitin bhadauria <bhadauria.nitin at gmail.com
> wrote:

> Here is the out put ..
>
> gdb /usr/local/libexec/slapd
> GNU gdb Fedora (6.8-37.el5)
> Copyright (C) 2008 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <
> http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...
> (gdb) run -d7 -f /usr/local/samba/private/ldap/slapd.conf -h
> "ldap://:3000";
> Starting program: /usr/local/libexec/slapd -d7 -f
> /usr/local/samba/private/ldap/slapd.conf -h "ldap://:3000";
> warning: .dynamic section for "/lib/libuuid.so.1" is not at the expected
> address
> warning: difference appears to be caused by prelink, adjusting expectations
> warning: .dynamic section for "/lib/libgcc_s.so.1" is not at the expected
> address
> warning: difference appears to be caused by prelink, adjusting expectations
> [Thread debugging using libthread_db enabled]
> [New Thread 0xb7564710 (LWP 27465)]
> @(#) $OpenLDAP: slapd 2.X (Apr 28 2010 11:29:48) $
>     root at samba.domain.com:/root/openldap/servers/slapd
> ldap_pvt_gethostbyname_a: host=samba.domain.com, r=0
> daemon_init: ldap://:3000
> daemon_init: listen on ldap://:3000
> daemon_init: 1 listeners to open...
> ldap_url_parse_ext(ldap://:3000)
> daemon: listener initialized ldap://:3000
> daemon_init: 2 listeners opened
> ldap_create
> slapd init: initiated server.
> slap_sasl_init: initialized!
> bdb_back_initialize: initialize BDB backend
> bdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
> hdb_back_initialize: initialize HDB backend
> hdb_back_initialize: Berkeley DB 4.7.25: (May 15, 2008)
>
> and it startted without any error ..
>
> send_ldap_result: conn=-1 op=0 p=0
> send_ldap_result: err=0 matched="" text=""
> slapd starting
>
>
>
>
> On Wed, Apr 28, 2010 at 10:41 AM, Andrew Bartlett <abartlet at samba.org>wrote:
>
>> On Wed, 2010-04-28 at 10:27 +0530, nitin bhadauria wrote:
>> > I have just updated openldap from cvs reposetry and i end up with a new
>> > error...
>> >
>> >
>> > /usr/local/bin/python setup/provision
>> > --realm=SAMBA.DOMAIN.COM<http://samba.domain.com/>--domain=
>> > DOMAIN.COM <http://samba.domain.com/> --server-role='domain controller'
>> > --ldap-backend-type=openldap --slapd-path="/usr/local/libexec/slapd"
>> > --adminpass=passw0rd
>> > Failed to bind - LDAP client internal error:
>> > NT_STATUS_UNEXPECTED_NETWORK_ERROR
>> > Failed to connect to
>> > 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
>> > Setting up share.ldb
>> > Setting up secrets.ldb
>> > Setting up the registry
>> > Setting up the privileges database
>> > Setting up idmap db
>> > Setting up SAM db
>> > Setting up sam.ldb partitions and settings
>> > Setting up sam.ldb rootDSE
>> > Pre-loading the Samba 4 and AD schema
>> > Adding DomainDN: DC=SAMBA,DC=DOMAIN,DC=COM
>> > pdc_fsmo_init: no domain object present: (skip loading of domain
>> details)
>> >
>> > Adding configuration container
>> > naming_fsmo_init: no partitions dn present: (skip loading of naming
>> contexts
>> > details)
>> >
>> > Setting up sam.ldb schema
>> >
>> > Traceback (most recent call last):
>> >   File "setup/provision", line 249, in <module>
>> >
>> nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb)
>> >   File "bin/python/samba/provision.py", line 1328, in provision
>> >     dom_for_fun_level=dom_for_fun_level)
>> >   File "bin/python/samba/provision.py", line 952, in setup_samdb
>> >     samdb.add_ldif(schema.schema_data, controls=["relax:0"])
>> >   File "bin/python/samba/__init__.py", line 251, in add_ldif
>> >     self.add(msg,controls)
>> > _ldb.LdbError: (3, 'error in module acl: Time limit exceeded (3)')
>> > A transaction is still active in ldb context [0xa1e32b0] on
>> > /usr/local/samba/private/secrets.ldb
>> >
>>
>> You will probably need to gdb the slapd to see why it's not
>> responding.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett
>> http://samba.org/~abartlet/ <http://samba.org/%7Eabartlet/>
>> Authentication Developer, Samba Team           http://samba.org
>> Samba Developer, Cisco Inc.
>>
>
>