[Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd

Harry Rüter harry_rueter at gmx.de
Tue Jan 11 17:49:28 GMT 2005 

Hi ;o)

here are more informations :

Because just testing and not public you get to know all my secrets ;o)

PW is : secret

slapd.conf (partly ..):

---snipp---
database        bdb
suffix          "dc=hrnet,dc=de"
rootdn          "cn=ldapmanager,dc=hrnet,dc=de"
rootpw          secret
directory       /usr/local/openldap-2.2/var/openldap-data
index    objectClass    eq
index    sambaSID    eq
index    sambaPrimaryGroupSID    eq
index    sambaDomainName    eq
index    uid,uidNumber,gidNumber,memberUid eq
index    cn,mail,surname,givenname   eq,subinitial
access to *
        by * write
---snipp---

smb.conf (partly, what's of interest) :

---snipp---

# now without passdb backend
#        passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/

         ldap server = 486dx66.hrnet.de
         ldap suffix = "dc=hrnet,dc=de"
         ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
         ldap port = 1389
         ldap admin dn = "cn=ldapmanager,dc=hrnet,dc=de"
         ldap ssl = off

         ldap user suffix = ou=users
         ldap group suffix = ou=groups
         ldap machine suffix = ou=machines
---snipp---


William Jojo schrieb:
> 
> I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's
> compiled ok, which I believe it is since you are getting errors about not
> finding the rootdn password.
> 
> Hmmm, well, here's a couple of things:
> 
> 1) How tight do you have the restrictions on slapd.conf with respect to
> accessing certain containers?

See above, no restrictions now ..

> 2) be certain the rootdn in slapd.conf exactly matches "ldap admin dn".

See above ...

> 3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes are
> in place. (i've done that myself :-)

Okay, i did this again after having finished smb.conf ...

> 4) tdbdump the secrets.tdb to verify that the entry in the database shows
> the correct rootdn and password selected.

Seems to be okay ....

---snipp---

[PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb         {
key = "SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de"
data = "secret\00"
}
{
key = "SECRETS/SID/HRDOMAIN"
data = 
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key = "SECRETS/SID/486DX66"
data = 
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
---snipp---

Here's the output i have now ..

---snipp---

[PTS2] root at 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 -c 
etc/smb.conf tina
Netbios name list:-
my_netbios_names[0]="486DX66"
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat 
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
New SMB password:
Retype new SMB password:
smbldap_search: base => [dc=hrnet,dc=de], filter => 
[(&(&(uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))], 
scope => [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389 
as "cn=ldapmanager,dc=hrnet,dc=de"
failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error: 
Can't contact LDAP server
         (unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389 
as "cn=ldapmanager,dc=hrnet,dc=de"
[ -- cut here -- ]
---snipp---


So what's wrong ?
Is it that i compiled in --with-ldap AND --with-ldapsam =


greets Harry

More information about the samba mailing list