samba with openldap provisioning

Mon Sep 2 08:09:20 MDT 2013

Hi Andrew,
I was also able to provision, after applying your patches and removing
--use-rfc2307 and adding --use-ntvfs in my provision command. Phew! One
step forward! Now I get a bigger shovel and continue digging on the
openldap side, I'll keep you posted on the progress.

Regards,
Nadya

On Mon, Sep 2, 2013 at 8:25 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2013-08-29 at 17:42 +0300, Nadezhda Ivanova wrote:
> > Hi Andrew,
> >
> > I have re-introduces some of the removed provision options, and
> > committed them in my repo: git://git.samba.org/nivanova/samba.git
> >
> > The branch is openldap_provision.
> >
> >
> > The environment:
> >
> > I am running ubuntu 13.04 and installed cyrus sasl and  the latest
> > version of berkeley db (6.0.20) from here:
> >
> http://www.oracle.com/technetwork/products/berkeleydb/downloads/index.html
> >
> >
> > I installed the latest OpenLdap from the repo:
> > git://git.openldap.org/openldap.git
> >
> >
> > This is my openldap configure command:
> >
> >
> LD_LIBRARY_PATH="/usr/lib:/usr/local/lib:/usr/local/BerkeleyDB.6.0/lib:/usr/local/ssl/lib"
> LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.2/lib
> -L/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/include
> -I/usr/local/BerkeleyDB.6.0/include -I/usr/local/ssl/include" ./configure
> --enable-modules --enable-overlays=mod --with-cyrus-sasl
> >
> >
> > And installed the samba4 overlays as described here:
> >
> >
> >
> http://web.archive.org/web/20110210123448/http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
> >
> >
> > Turning ntlm off did solve that particular problem, but there is an
> > error later - it appears to be a new part of the script which attempts
> > to use ldb with tdb instead of the openldap backend:
>
> Using Debian testing, your branch and these patches, I get a rather
> different issue.  The provision succeeds, but we cannot then bind again
> to the LDAP backend.
>
> I build OpenLDAP per the link (from CVS), and used your git tree as the
> basis.  I didn't notice until writing this reply that they have finally
> moved to GIT, but this is an advantage, not a disadvantage, and it gives
> us somewhere to start investigating the OL changes, or fix Samba to work
> against the last working OL version, before changing that as well.
>
> I'm guessing we have lost whatever we did to set up and use the shared
> secret.  If you can reproduce this much, then dig into the OL logs to
> see what user it thinks we are using, and find out where that is or is
> not being stored.
>
> abartlet at ruth:/data/openldap/samba5$ sudo bin/samba -i -M single -d3
> -s /data/openldap/prefix/etc/smb.conf
> lpcfg_load: refreshing parameters
> from /data/openldap/prefix/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/data/openldap/prefix/etc/smb.conf"
> samba version 4.2.0pre1-DEVELOPERBUILD started.
> Copyright Andrew Tridgell and the Samba Team 1992-2013
> ...
> ldb_wrap open of secrets.ldb
> Got challenge flags:
> Got NTLMSSP neg_flags=0x00028205
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x00008205
> ldb: Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -
> <SASL(-13): user not found: no secret in database> <>
> ldb: Failed to connect to 'ldapi://%2Fdata%2Fopenldap%2Fprefix%2Fprivate
> %2Fldap%2Fldapi' with backend 'ldapi': (null)
> ldb: module partition initialization failed : Operations error
> ldb: module show_deleted initialization failed : Operations error
> ldb: module extended_dn_out_openldap initialization failed : Operations
> error
> ldb: module operational initialization failed : Operations error
> ldb: module aclread initialization failed : Operations error
> ldb: module acl initialization failed : Operations error
> ldb: module descriptor initialization failed : Operations error
> ldb: module objectclass initialization failed : Operations error
> ldb: module asq initialization failed : Operations error
> ldb: module server_sort initialization failed : Operations error
> ldb: module paged_results initialization failed : Operations error
> ldb: module dirsync initialization failed : Operations error
> ldb: module schema_load initialization failed : Operations error
> ldb: module rootdse initialization failed : Operations error
> ldb: module samba_dsdb initialization failed : Operations error
> ldb: Unable to load modules for /data/openldap/prefix/private/sam.ldb:
> (null)
>
> Do not despair, we will overcome!
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Catalyst IT                   http://catalyst.net.nz
>
>