[Samba] Re: Problems setting up Samba+LDAP PDC in Debian Sarge

paul kölle paul at subsignal.org
Wed Oct 26 12:36:51 GMT 2005 

Chema wrote:
> I see on log.nmbd:
> 
> [2005/10/25 10:42:15, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
>  add_domain_logon_names:
>  Attempting to become logon server for workgroup CORENA on subnet
> UNICAST_SUBNET
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327)
>  become_domain_master_browser_wins:
>  Attempting to become domain master browser on workgroup CORENA,
> subnet UNICAST_SUBNET.
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
>  become_domain_master_browser_wins: querying WINS server from IP
> 10.9.60.94 <http://10.9.60.94> for domain master browser name CORENA<1b>
> on workgroup
> CORENA
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_logonnames.c:become_logon_server_success(124)
>  become_logon_server_success: Samba is now a logon server for
> workgroup CORENA on subnet UNICAST_SUBNET
> [2005/10/25 10:42:15, 0]
> nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
> Is this "domain master browser name CORENA<1b>" normal?
What make you think those messages have anything to do with the problem
at hand?

> 3. passwd
[snipp]
This is all about pam_ldap/nss_ldap, nothing samba specific.

> 
> With my normal user, if I try to change the password:
> 
> chema at dellj81:~$ ldappasswd
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>        additional info: SASL(-13): user not found: no secret in
> database
> 
> This produces the following sldap output:
> 
> Oct 25 11:45:03 dellj81 slapd[2925]: SASL [conn=55] Error: unable to
> open Berkeley db /etc/sasldb2: No such file or directory
> Oct 25 11:45:03 dellj81 last message repeated 2 times
> Oct 25 11:45:03 dellj81 slapd[2925]: SASL [conn=55] Failure: no secret
> in database
> Oct 25 11:45:03 dellj81 slapd[2925]: conn=55 op=2 RESULT tag=97 err=80
> text=SASL(-13): user not found: no secret in database
> 
> I have yet to enable TLS, so slapd shoulnd't be using SASL, right?
Eh?, you can use ldappasswd -x ... to use simple binds to ldap or setup
/etc/sasl2/slapd.conf to use slapd's internal auxprop plugin and add a
sasl-regexp directive (man slapd.conf) to map SASL id's to DNs.

my /etc/sasl2/slapd.conf (mech_list probably doesn't fit your needs):

#begin
mech_list: GSSAPI DIGEST-MD5 CRAM-MD5 NTLM EXTERNAL
pwcheck_method: auxprop
auxprop_plugin: slapd
#end

cheers
 Paul

More information about the samba mailing list