[Samba] Samba cannot contact LDAP server

Alex Ward award at apwebware.com
Tue Jul 26 02:53:56 GMT 2005 

I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap 
2.2.23 to authenticate.  Authentication via ldap through the various 
linux service is working (login, ssh, etc.) via nss.  Thus I know that 
slapd is running and working properly.  I used smbldap-tools to populate 
and add test users/groups to the directory, and they worked just fine.  
But samba, despite being configured correctly, as far as I can tell, 
cannot even contact LDAP.  slapd is running on the loopback interface 
and logging everything including packets sent.  I know from the openldap 
logs that the samba server NEVER contacts the ldap server despite having 
the correct URI (I can see it in the smbd.log file)

Here is the error I'm getting in the logfile...

[2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726)
  Found pdb backend ldapsam
[2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))]
[2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [dc=neverland,dc=com], filter => 
[(&(objectClass=sambaDo
main)(sambaDomainName=neverland))], scope => [2]
[2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596)
  smbldap_open_connection: ldap://127.0.0.1:389/
[2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824)
  ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as 
"cn=Manager
,dc=neverland,dc=com"
[2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852)
  failed to bind to server ldap://127.0.0.1:389/ with 
dn="cn=Manager,dc=neverland,dc
=com" Error: Can't contact LDAP server
        (unknown)

The above error repeats over and over about 15 times.

Here is my smb.conf with comments and share definitions removed

[global]

  workgroup = NEVERLAND
  netbios name = PALERMO

  server string = PALMERO - The wise and mighty domain controller

  passdb backend = ldapsam:ldap://127.0.0.1:389/
  ldap suffix = dc=neverland,dc=com
  ldap admin dn = cn=Manager,dc=neverland,dc=com
  ldap ssl = no
  ldap group suffix = ou=Groups
  ldap machine suffix = ou=Computers
  admin users = root, "@Domain Admins"
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
"%u" "%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
 
  log level = 10
  printcap name = /etc/printcap
  load printers = yes
  cups options = raw
  log file = /var/log/samba/%m.log
  max log size = 50
  security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  username map = /etc/samba/smbusers
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = yes
  os level = 65
  domain master = yes
  preferred master = yes
  domain logons = yes
  logon path =
  logon home =
  wins support = yes
  dns proxy = no


I have been working on this for three days now, and I am about to give 
up home and move away from ldap.  But I don't want to. Any help is 
greatly appreciated!

Thanks in advance.

-Al

More information about the samba mailing list