[Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Harry Rüter
harry_rueter at gmx.de
Tue Jan 11 17:49:28 GMT 2005
Hi ;o)
here are more informations :
Because just testing and not public you get to know all my secrets ;o)
PW is : secret
slapd.conf (partly ..):
---snipp---
database bdb
suffix "dc=hrnet,dc=de"
rootdn "cn=ldapmanager,dc=hrnet,dc=de"
rootpw secret
directory /usr/local/openldap-2.2/var/openldap-data
index objectClass eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
access to *
by * write
---snipp---
smb.conf (partly, what's of interest) :
---snipp---
# now without passdb backend
# passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = "dc=hrnet,dc=de"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap port = 1389
ldap admin dn = "cn=ldapmanager,dc=hrnet,dc=de"
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
---snipp---
William Jojo schrieb:
>
> I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's
> compiled ok, which I believe it is since you are getting errors about not
> finding the rootdn password.
>
> Hmmm, well, here's a couple of things:
>
> 1) How tight do you have the restrictions on slapd.conf with respect to
> accessing certain containers?
See above, no restrictions now ..
> 2) be certain the rootdn in slapd.conf exactly matches "ldap admin dn".
See above ...
> 3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes are
> in place. (i've done that myself :-)
Okay, i did this again after having finished smb.conf ...
> 4) tdbdump the secrets.tdb to verify that the entry in the database shows
> the correct rootdn and password selected.
Seems to be okay ....
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb {
key = "SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de"
data = "secret\00"
}
{
key = "SECRETS/SID/HRDOMAIN"
data =
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key = "SECRETS/SID/486DX66"
data =
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
---snipp---
Here's the output i have now ..
---snipp---
[PTS2] root at 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 -c
etc/smb.conf tina
Netbios name list:-
my_netbios_names[0]="486DX66"
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
New SMB password:
Retype new SMB password:
smbldap_search: base => [dc=hrnet,dc=de], filter =>
[(&(&(uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))],
scope => [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as "cn=ldapmanager,dc=hrnet,dc=de"
failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error:
Can't contact LDAP server
(unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as "cn=ldapmanager,dc=hrnet,dc=de"
[ -- cut here -- ]
---snipp---
So what's wrong ?
Is it that i compiled in --with-ldap AND --with-ldapsam =
greets Harry
More information about the samba
mailing list