[Samba] Samba LDAP timeout

Ian Smith-Heisters heisters at 0x09.com
Wed Jul 6 14:12:21 GMT 2005 

Hello,

I'm having trouble configuring an Ubuntu Hoary Samba server to use LDAP
for authentication (the server is named "dixie"). I'm basing my
configuration on another server here at work that connects just fine. When
I try to just list samba shares on dixie with

$ smbclient -L dixie -U faker

It takes quite some time for the request to go through before failing.
Looking at the log file reveals that it can't access the ldap server:

[2005/07/06 09:26:35, 0] lib/smbldap.c:smbldap_connect_system(812)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2005/07/06 09:26:35, 1] lib/smbldap.c:another_ldap_try(990)
  Connection to LDAP server failed for the 15 try!
[2005/07/06 09:26:37, 0] lib/smbldap.c:fetch_ldap_pw(312)
  fetch_ldap_pw: neither ldap secret retrieved!
[2005/07/06 09:26:37, 0] lib/smbldap.c:smbldap_connect_system(812)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2005/07/06 09:26:37, 0] lib/smbldap.c:smbldap_search_suffix(1155)
  smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)

But from a shell on dixie I /can/ do ldap requests:

$ ldapsearch uid=faker -b "ou=people,dc=marlboro,dc=edu" -h
ldap.marlboro.edu -x # extended LDIF
#
# LDAPv3
# base <ou=people,dc=marlboro,dc=edu> with scope sub # filter: uid=faker
# requesting: ALL
#

# faker, people, marlboro.edu
dn: uid=faker,ou=people,dc=marlboro,dc=edu
objectClass: eduMarlboroPerson
objectClass: posixAccount
objectClass: radiusProfile
objectClass: sambaSamAccount
sn: Fakerson
givenName: Faker
cn: Faker Fakerson
displayName: Faker Fakerson
gecos: Faker Fakerson
uid: faker
mail: faker at marlboro.edu
loginShell: /bin/bash
uidNumber: 11702
homeDirectory: /home/guest/faker
dialupAccess: TRUE
eduMarlboroJobDescription: This is a fake job description. The quick brown fox
  jumped over the lazy dog.
eduMarlboroNetworkAccess: false
gidNumber: 50004

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

The ldap portion of my smb.conf is exactly the same as it is in the server
where this works:

   security = user

   encrypt passwords = true

   passdb backend = ldapsam:ldaps://ldap.marlboro.edu
   ldap ssl = yes
   ldap suffix = dc=marlboro,dc=edu
   ldap user suffix = ou=people
   ldap admin dn = "cn=smbadmin,ou=People,dc=marlboro,dc=edu"

   ldap delete dn = no
   ldap filter = (|(&(objectclass=posixAccount)(uid=%u)(|(gidNumber=50001)(gidNumber=50003))(!(eduMarlboroNetworkAccess=false)))(&(objectclass=posixAccount)(uid=%u)(!(gidNumber=50001))(!(gidNumber=50003))(eduMarlboroNetworkAccess=true)))

   obey pam restrictions = yes

I've tried setting SSL to no and the backend to
"ldapsam:ldap://ldap.marlboro.edu", but it has no effect on the
connectivity.

Is there a related configuration setting that I'm overlooking? Samba /is/
compiled to use ldap:

$ ldd /usr/sbin/smbd | grep ldap
        libldap.so.2 => /usr/lib/libldap.so.2 (0xb7fb1000)

Any help on this matter would be greatly appreciated. Thanks much.
-Ian Smith-Heisters
-- 
http://www.0x09.com

More information about the samba mailing list