[Samba] Samba LDAP rootpw error

Matt Richards matt at mattstone.net
Sun Mar 26 23:36:23 GMT 2006 

> Sorry Matt, I've got it going now - at least to the point of getting the
> smbldap-populate to work. The next issue is smbpasswd -a root. It's not
> working. Also, I've installed phpldapadmin and can't get it to connect
> either. The issue now seems to be a TLS connection between Samba and
> LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
> For example, both phpldapadmin and lsmbldap-usermod -J Administrator
> complain about TLS connections to the LDAP server.
>
> I've been looking at the idealx.org instructions for TLS with LDAP but
> still not getting it working.
>
>
> -----------------------------------------------------------------------
>
> Further to the above:
> Trying to get TLS working is a pain. I've also had only slightly better
> luck with trying to not use it. When I don't use it, I can get
> ldapsearch to return a result. However, Samba doesn't seem to want to
> talk to it. When I try to get TLS running, I get TLS errors everywhere. :(
>
>
> Right now I've got it configured, I believe, to not use TLS. When I run
> smbpasswd, I get:
>
> semper:/etc/smbldap-tools# smbpasswd -a root
> fetch_ldap_pw: neither ldap secret retrieved!
> ldap_connect_system: Failed to retrieve password from secrets.tdb
> Connection to LDAP server failed for the 1 try!
>

:) glad its working, hehe er.
ldap_connect_system: Failed to retrieve password from secrets.tdb

from the http://samba.idealx.org/smbldap-tools.en.html doc ...

don't forget to also set the samba account password in secrets.tdb file :

smbpasswd -w samba

... from man smbpasswd ...

       -w password
              This parameter is only available if Samba has been compiled
with
              LDAP support. The -w switch is used to specify the  password
 to
              be  used with theldap admin dn. Note that the password is
stored
              in the secrets.tdb and is keyed off  of  the  admin's  DN. 
This
              means that if the value of ldap admin dn ever changes, the
pass-
              word will need to be manually updated as well.

HTH

Matt.


> I've attached my various .conf files again. Sorry to be such a pain, but
> I am not having any luck by myself.
>
> -------------------------------------------------------------------------
>
> BTW - Here's the results of an ldapsearch:
>
> semper:/var/lib/ldap# smbldap-populate -a Administrator -b nobody
> -semper:/var/lib/ldap# ldapsearch -D cn=admin,dc=rahim-dale,dc=org -b
> dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=rahim-dale,dc=org> with scope sub
> # filter: (objectclass=*)
> # requesting:
> #
>
> # rahim-dale.org
> dn: dc=rahim-dale,dc=org
>
> # admin, rahim-dale.org
> dn: cn=admin,dc=rahim-dale,dc=org
>
> # Users, rahim-dale.org
> dn: ou=Users,dc=rahim-dale,dc=org
>
> # Groups, rahim-dale.org
> dn: ou=Groups,dc=rahim-dale,dc=org
>
> # Computers, rahim-dale.org
> dn: ou=Computers,dc=rahim-dale,dc=org
>
> # Idmap, rahim-dale.org
> dn: ou=Idmap,dc=rahim-dale,dc=org
>
> # rahim-dale, rahim-dale.org
> dn: sambaDomainName=rahim-dale,dc=rahim-dale,dc=org
>
> # Administrator, Users, rahim-dale.org
> dn: uid=Administrator,ou=Users,dc=rahim-dale,dc=org
>
> # nobody, Users, rahim-dale.org
> dn: uid=nobody,ou=Users,dc=rahim-dale,dc=org
>
> # Domain Admins, Groups, rahim-dale.org
> dn: cn=Domain Admins,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Users, Groups, rahim-dale.org
> dn: cn=Domain Users,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Guests, Groups, rahim-dale.org
> dn: cn=Domain Guests,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Computers, Groups, rahim-dale.org
> dn: cn=Domain Computers,ou=Groups,dc=rahim-dale,dc=org
>
> # Administrators, Groups, rahim-dale.org
> dn: cn=Administrators,ou=Groups,dc=rahim-dale,dc=org
>
> # Print Operators, Groups, rahim-dale.org
> dn: cn=Print Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Backup Operators, Groups, rahim-dale.org
> dn: cn=Backup Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Replicators, Groups, rahim-dale.org
> dn: cn=Replicators,ou=Groups,dc=rahim-dale,dc=org
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 18
> # numEntries: 17
>
>

More information about the samba mailing list