[Samba] Samba unable to bind to LDAP server
Steve Brown
sbrown25 at gmail.com
Thu Nov 15 15:55:01 GMT 2007
I've spent the last several days trying to get Samba to bind to our
OpenDirectory server for user authentication with no success.
Whenever I try start Samba, it complains that the connection to the
LDAP server failed with invalid credentials. I am authenticating
other services against the LDAP server through NSS, so I am a bit at a
loss as to why Samba won't run. I'm also a bit at a loss as to why I
can't just tell Samba to use the same PAM modules that the other
servers are using and just have authentication chug happily along
through existing mechanisms. At any rate, here are the details right
now:
Samba 3.0.26a built with ./configure --prefix=/usr/local --enable-fhs
--with-ldap --with-pam --with-configdir=/etc/samba
--with-logfilebase=/var/log/samba
$ cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
netbios name = Samuel
security = user
passdb backend = ldapsam:ldap://192.168.19.1/
ldap suffix = dc=vpn,dc=a3dauto,dc=com
ldap admin dn = dc=vpn,dc=a3dauto,dc=com
ldap user suffix = cn=users
ldap group suffix = cn=groups
[test]
path = /mnt/smb
read only = no
guest ok = no
$ sudo /usr/local/sbin/smbd -iS
smbd version 3.0.26a started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
failed to bind to server ldap://192.168.19.1/ with
dn="dc=vpn,dc=a3dauto,dc=com" Error: Invalid credentials
(unknown)
Connection to LDAP server failed for the 1 try!
Connection to LDAP server failed for the 2 try!
I am able to query the LDAP server using ldapsearch -x just fine,
which tells me that my settings in /etc/openldap/ldap.conf are
correct. I assumed that I could just duplicate the same settings in
smb.conf, add my admin password through smbpasswd -W and everything
would Just Work (tm), but that is obviously not the case. I did some
reviewing of network traffic comparing and it seems that the only
difference between successful binds and Samba's binds is that Samba is
sending the dn when trying to bind and others are just binding then
sending the dn later. So my questions are as follows:
1) Is there anything that I am missing in the configuration that would
make everything roll over?
2) Is there a way to make Samba use the PAM / NSS mechanism that is
already working?
Thanks.
More information about the samba
mailing list