[Samba] Samba cannot contact LDAP server
John H Terpstra
jht at Samba.Org
Tue Jul 26 03:13:33 GMT 2005
Alex,
I recommend that you follow, step-by-step, the guidance in the book "Samba-3
by Example", chapter 5. In the technical discussions section you will find
detailed guidance for diagnosing your LDAP operability.
You can obtain the book from:
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
In your smb.conf file I do not see mention of the parameter "ldap user suffix"
- this is rather important.
Please verify that the following commands return valid information:
getent passwd
getent group
- John T.
On Monday 25 July 2005 20:53, Alex Ward wrote:
> I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap
> 2.2.23 to authenticate. Authentication via ldap through the various
> linux service is working (login, ssh, etc.) via nss. Thus I know that
> slapd is running and working properly. I used smbldap-tools to populate
> and add test users/groups to the directory, and they worked just fine.
> But samba, despite being configured correctly, as far as I can tell,
> cannot even contact LDAP. slapd is running on the loopback interface
> and logging everything including packets sent. I know from the openldap
> logs that the samba server NEVER contacts the ldap server despite having
> the correct URI (I can see it in the smbd.log file)
>
> Here is the error I'm getting in the logfile...
>
> [2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726)
> Found pdb backend ldapsam
> [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394)
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))]
> [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038)
> smbldap_search: base => [dc=neverland,dc=com], filter =>
> [(&(objectClass=sambaDo
> main)(sambaDomainName=neverland))], scope => [2]
> [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949)
> The connection to the LDAP server was closed
> [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596)
> smbldap_open_connection: ldap://127.0.0.1:389/
> [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692)
> smbldap_open_connection: connection opened
> [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824)
> ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as
> "cn=Manager
> ,dc=neverland,dc=com"
> [2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852)
> failed to bind to server ldap://127.0.0.1:389/ with
> dn="cn=Manager,dc=neverland,dc
> =com" Error: Can't contact LDAP server
> (unknown)
>
> The above error repeats over and over about 15 times.
>
> Here is my smb.conf with comments and share definitions removed
>
> [global]
>
> workgroup = NEVERLAND
> netbios name = PALERMO
>
> server string = PALMERO - The wise and mighty domain controller
>
> passdb backend = ldapsam:ldap://127.0.0.1:389/
> ldap suffix = dc=neverland,dc=com
> ldap admin dn = cn=Manager,dc=neverland,dc=com
> ldap ssl = no
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> admin users = root, "@Domain Admins"
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x
> "%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>
> log level = 10
> printcap name = /etc/printcap
> load printers = yes
> cups options = raw
> log file = /var/log/samba/%m.log
> max log size = 50
> security = user
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> username map = /etc/samba/smbusers
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = yes
> os level = 65
> domain master = yes
> preferred master = yes
> domain logons = yes
> logon path =
> logon home =
> wins support = yes
> dns proxy = no
>
>
> I have been working on this for three days now, and I am about to give
> up home and move away from ldap. But I don't want to. Any help is
> greatly appreciated!
>
> Thanks in advance.
>
> -Al
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list