[Samba] Protocol negotation failed

Misty Stanley-Jones misty at borkholder.com
Wed Sep 22 22:12:41 GMT 2004

Hi all,

I've compiled 3.0.7 on a test box which also has an LDAP server running on it.  
This is the first time for me trying to use Samba with LDAP.  I copied the 
IdealX scripts into /usr/local/sbin and edited the _config.pm file.  It is 
attached at the bottom, stripped of comments.  I then edited my smb.conf to 
the effect of the following:

passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=People
ldap admin dn = cn=Manager
ldap ssl = no
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +

I then did smbpasswd -w (insert cn=Manager password for LDAP)

smbd and nmbd started up just fine. Here is when I run into problems:
oink:/usr/local/samba/lib # smbclient -L oink
protocol negotiation failed

Same result if I use 'localhost' or reference it by IP.  If you can tell me 
what I have missed it would be greatly appreciated.  I have been following 
the HOWTO step-by-step and I'm not sure what I missed.


use strict;
package smbldap_conf;

                        $UID_START $GID_START $smbpasswd $slaveLDAP 
                        $slavePort $masterPort $ldapSSL $slaveURI $masterURI 
$with_smbpasswd $mk_ntpasswd
                        $ldap_path $ldap_opts $ldapmodify $suffix $usersdn 
                        $groupsdn $scope $binddn $bindpasswd
                        $slaveDN $slavePw $masterDN $masterPw
                        $_userLoginShell $_userHomePrefix $_userGecos
                        $_defaultUserGid $_defaultComputerGid
                        $_skeletonDir $_userSmbHome
                        $_userProfile $_userHomeDrive
                        $_userScript $usersou $computersou $groupsou $SID 
$hash_encrypt $_defaultMaxPasswordAge

use Exporter;
$VERSION = 1.00;
@ISA = qw(Exporter);

@EXPORT = qw(
                         $UID_START $GID_START $smbpasswd $slaveLDAP 
                         $slavePort $masterPort $ldapSSL $slaveURI $masterURI 
$with_smbpasswd $mk_ntpasswd
                         $ldap_path $ldap_opts $ldapmodify $suffix $usersdn
                         $computersdn $groupsdn $scope $binddn $bindpasswd
                         $slaveDN $slavePw $masterDN $masterPw
                         $_userLoginShell $_userHomePrefix $_userGecos
                         $_defaultUserGid $_defaultComputerGid $_skeletonDir
                         $_userSmbHome $_userProfile $_userHomeDrive 
                         $usersou $computersou $groupsou $SID $hash_encrypt 

$UID_START = 1000;
$GID_START = 1000;


$slaveLDAP = "";
$slavePort = "389";

$masterLDAP = "";
$masterPort = "389";

$ldapSSL = "0";

$suffix = "dc=mydomain,dc=com";

$usersou = q(_USERS_);
$usersdn = "ou=People,$suffix";

$computersou = q(_COMPUTERS_);
$computersdn = "ou=$computersou,$suffix";

$groupsou = q(_GROUPS_);
$groupsdn = "ou=$groupsou,$suffix";

$scope = "sub";


$binddn = "cn=Manager,$suffix";

$bindpasswd = 'some_unencrypted_password';

$slaveDN = $binddn;
$slavePw = $bindpasswd;
$masterDN = $binddn;
$masterPw = $bindpasswd;

$_userLoginShell = q(/bin/false);

$_userHomePrefix = q(/data/samba/home/);

$_userGecos = q(System User);

$_defaultUserGid = 513;

$_defaultComputerGid = 553;

$_skeletonDir = q(/etc/skel);

$_defaultMaxPasswordAge = 90;

$_userSmbHome = q(\\\\_PDCNAME_\\homes);

$_userProfile = q(\\\\_PDCNAME_\\profiles\\);

$_userHomeDrive = q(H:);

$with_smbpasswd = 0;
$smbpasswd = "/usr/local/samba/bin/smbpasswd";
$mk_ntpasswd = "/usr/local/sbin/mkntpwd";

$slaveURI = "ldap://$slaveLDAP:$slavePort";
$masterURI = "ldap://$masterLDAP:$masterPort";

$ldap_path = "/usr/bin";

if ( $ldapSSL eq "0" ) {
        $ldap_opts = "-x";
} elsif ( $ldapSSL eq "1" ) {
        $ldap_opts = "-x -Z";
} else {
        die "ldapSSL option must be either 0 or 1.\n";

$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' 
-w '$masterPw'";


More information about the samba mailing list