[Samba] samba-3.0.2a openldap-2.1

Peter Nyberg Peter.Nyberg at dbb.su.se
Tue Jun 1 09:53:53 GMT 2004

-I've separated samba-3.0.2a and openldap-2.1 on two computers with Slackware 9.1
-smbldap_populate.pl genertated all standard groups and the Administrator account
-The ldap seams to work now
ldapsearch -H ldap://l1.dbb.su.se/ -b dc=dbb,dc=su,dc=se -x
ldap_bind: Confidentiality required (13)
        additional info: TLS confidentiality required
-This is like it should be since the server require TLS
ldapsearch -H ldaps://l1.dbb.su.se/ -b dc=dbb,dc=su,dc=se -x
-Generates all in the ldap database
-But when I try to do:
root at s2:/usr/local/samba/bin# ./net rpc group LIST global -U administrator
The username or password was not correct.
root at s2:/usr/local/samba/bin# ./smbclient -L localhost -U administrator
session setup failed: NT_STATUS_LOGON_FAILURE
-I'm very confused. Isn't the password the same as in secret.tdb and slapd.conf?
-In my log.smbd i can see this:
[2004/06/01 11:03:50, 1] lib/smbldap.c:smbldap_retry_open(896)
  Connection to LDAP Server failed for the 1 try!
[2004/06/01 11:03:50, 0] lib/smbldap.c:smbldap_search_suffix(1113)
  smbldap_search_suffix: Problem during the LDAP search: (unknown)
(Inappropriate authentication)
-If I do a:
root at s2:/usr/local/samba/bin# ./testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
        workgroup = DBB
        server string = Samba PDC running %v
        update encrypted = Yes
        passdb backend = ldapsam:ldap://l1.dbb.su.se
        username map = /etc/samba/smbusers
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
        printcap name = /etc/cups/printers.conf
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        logon script = logon.bat
        logon path = \\%L\profiles\%U
        logon drive = H:
        logon home = \\%L\%U\.profile
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap suffix = dc=dbb,dc=su,dc=se
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Users
        ldap admin dn = "cn=Manager,dc=dbb,dc=su,dc=se"
        ldap ssl = start tls
        ldap passwd sync = Yes
        ldap delete dn = Yes
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        winbind separator = +
        path = /home/Users
        hosts allow =
        printing = cups
root at s2:/usr/local/samba/bin#

I welcome all kinds of help or ideas!

Peter Nyberg
Institutionen för Biokemi och Biofysik (DBB)
Sv.Arrhenius vägen 12
106 91 Stockholm
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 08 153679

More information about the samba mailing list