SAMBA4 provision against LDAP backend getting SASL error

Andrew Bartlett abartlet at
Fri Dec 3 17:02:31 MST 2010

On Fri, 2010-12-03 at 11:11 -0600, Joe Comeaux wrote:
> Attempting to get Samba4 installed using an OpenLDAP back end on an Ubuntu
> Linux install (10.10).
> Currently getting :
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <SASL(-13): user
> not found: no secret in database>
> or
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <SASL(-13):
> authentication failure: incorrect NTLM response>
> errors, depending on name mangling against the LDAP back end.

> I've tried numerous variations on the provision parameters, but can't find
> any that seem to work. Any idea what I'm missing here?
> Thanks

I think you are misunderstanding how the Samba4 OpenLDAP backend works,
and are both thinking to hard about the problem, and attempting to 'fix'
too many things at once.

The Samba4 OpenLDAP backend creates a 'captive' OpenLDAP, configured
exactly the way we need it.  It runs the Samba4 schema, not the default
OpenLDAP schema, and we choose the passwords it is configured with, and
populate it with data.  It is *not* possible to just connect Samba4 to
an existing LDAP server, and it will fail if you do so. 

If you are having problems, you should first run Samba4 from the GIT
repo, compiled with all libraries internally, or use Jelmer's PPA for
current versions of Samba4.

Don't try and 'fix' the installation, instead work with us to understand
why it doesn't work in the first place, or why it shouldn't be

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list