[Samba] Samba and openldap trouble

Peter Nyberg Peter.Nyberg at dbb.su.se
Tue Jun 8 12:22:13 GMT 2004

I have separated samba-3.0.2a and openldap-2.1 on two different computers with
self made openssl certificate. Openldap seams to work on both computers. I can
make accounts and they appear in the openldap account data base. When I do a
“net groupmap list” I get:

root at s2:/usr/local/samba/bin# ./net groupmap list
[2004/06/08 13:24:12, 0] lib/smbldap.c:smbldap_open_connection(611)
  Failed to issue the StartTLS instruction: Operations error
[2004/06/08 13:24:12, 0] lib/smbldap.c:smbldap_search_suffix(1113)
  smbldap_search_suffix: Problem during the LDAP search: TLS already started
(Operations error)
Domain Admins (S-1-5-21-1027936538-659792286-2162639956-512) -> wheel
Domain Users (S-1-5-21-1027936538-659792286-2162639956-513) -> smbusers
Domain Guests (S-1-5-21-1027936538-659792286-2162639956-514) -> smbguests
Administrators (S-1-5-21-1027936538-659792286-2162639956-544) -> 544
users (S-1-5-21-1027936538-659792286-2162639956-545) -> 545
Guests (S-1-5-21-1027936538-659792286-2162639956-546) -> 546
Power Users (S-1-5-21-1027936538-659792286-2162639956-547) -> 547
Account Operators (S-1-5-21-1027936538-659792286-2162639956-548) -> 548
Server Operators (S-1-5-21-1027936538-659792286-2162639956-549) -> 549
Print Operators (S-1-5-21-1027936538-659792286-2162639956-550) -> 550
Backup Operators (S-1-5-21-1027936538-659792286-2162639956-551) -> 551
Replicator (S-1-5-21-1027936538-659792286-2162639956-552) -> 552
Domain Computers (S-1-5-21-1027936538-659792286-2162639956-553) -> 553

What does TLS already started mean? Is there already an open session somewhere?

If I do a:
root at s2:/usr/local/samba/bin# ./net rpc group LIST global -U administrator
Password: “My secret.tdb password”
The username or password was not correct.

If I log it through –d 127 I get in the end:

[2004/06/08 13:34:43, 3] libsmb/cliconnect.c:cli_session_setup(820)
  SPENGO login failed: Logon failure
[2004/06/08 13:34:43, 1] libsmb/cliconnect.c:cli_full_connection(1425)
  failed session setup with NT_STATUS_LOGON_FAILURE
[2004/06/08 13:34:43, 1] utils/net.c:connect_to_ipc(150)
  Cannot connect to server.  Error was NT_STATUS_LOGON_FAILURE
[2004/06/08 13:34:43, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/local/samba/lib/C.msg: No such file or directory
The username or password was not correct.
[2004/06/08 13:34:44, 2] utils/net.c:main(767)
  return code = -1

It looks like samba is unable to communicate with ldap the right way

When I made the smbldap_populate.pl it couldn’t use the hashed password. I had
to type it in clear text. Is this correct?
Do I need to have some PAM support in the openldap end?
In short turns. What is the differences in configurations between having
openldap on the same computer and a different one accept for adding the name of
the ldap-server on the samba-server

Peter Nyberg
Institutionen för Biokemi och Biofysik (DBB)
Sv.Arrhenius vägen 12
106 91 Stockholm
Tel: 08-16 24 69
Mobil: 070 339 24 69
Fax 08 153679

More information about the samba mailing list