[Samba] Samba cannot contact LDAP server

John H Terpstra jht at Samba.Org
Tue Jul 26 03:13:33 GMT 2005


Alex,

I recommend that you follow, step-by-step, the guidance in the book "Samba-3 
by Example", chapter 5. In the technical discussions section you will find 
detailed guidance for diagnosing your LDAP operability.

You can obtain the book from: 		
	http://www.samba.org/samba/docs/Samba3-ByExample.pdf

In your smb.conf file I do not see mention of the parameter "ldap user suffix" 
- this is rather important.

Please verify that the following commands return valid information:

	getent passwd
	getent group

- John T.

On Monday 25 July 2005 20:53, Alex Ward wrote:
> I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap
> 2.2.23 to authenticate.  Authentication via ldap through the various
> linux service is working (login, ssh, etc.) via nss.  Thus I know that
> slapd is running and working properly.  I used smbldap-tools to populate
> and add test users/groups to the directory, and they worked just fine.
> But samba, despite being configured correctly, as far as I can tell,
> cannot even contact LDAP.  slapd is running on the loopback interface
> and logging everything including packets sent.  I know from the openldap
> logs that the samba server NEVER contacts the ldap server despite having
> the correct URI (I can see it in the smbd.log file)
>
> Here is the error I'm getting in the logfile...
>
> [2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726)
>   Found pdb backend ldapsam
> [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394)
>   Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))]
> [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038)
>   smbldap_search: base => [dc=neverland,dc=com], filter =>
> [(&(objectClass=sambaDo
> main)(sambaDomainName=neverland))], scope => [2]
> [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949)
>   The connection to the LDAP server was closed
> [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596)
>   smbldap_open_connection: ldap://127.0.0.1:389/
> [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824)
>   ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as
> "cn=Manager
> ,dc=neverland,dc=com"
> [2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852)
>   failed to bind to server ldap://127.0.0.1:389/ with
> dn="cn=Manager,dc=neverland,dc
> =com" Error: Can't contact LDAP server
>         (unknown)
>
> The above error repeats over and over about 15 times.
>
> Here is my smb.conf with comments and share definitions removed
>
> [global]
>
>   workgroup = NEVERLAND
>   netbios name = PALERMO
>
>   server string = PALMERO - The wise and mighty domain controller
>
>   passdb backend = ldapsam:ldap://127.0.0.1:389/
>   ldap suffix = dc=neverland,dc=com
>   ldap admin dn = cn=Manager,dc=neverland,dc=com
>   ldap ssl = no
>   ldap group suffix = ou=Groups
>   ldap machine suffix = ou=Computers
>   admin users = root, "@Domain Admins"
>   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
>   delete user from group script = /usr/local/sbin/smbldap-groupmod -x
> "%u" "%g"
>   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
>   add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
>
>   log level = 10
>   printcap name = /etc/printcap
>   load printers = yes
>   cups options = raw
>   log file = /var/log/samba/%m.log
>   max log size = 50
>   security = user
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/smbpasswd
>   username map = /etc/samba/smbusers
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   local master = yes
>   os level = 65
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>   logon path =
>   logon home =
>   wins support = yes
>   dns proxy = no
>
>
> I have been working on this for three days now, and I am about to give
> up home and move away from ldap.  But I don't want to. Any help is
> greatly appreciated!
>
> Thanks in advance.
>
> -Al

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list