[Samba] LDAP problem

Quinn Fissler qfissler at gmail.com
Mon Jan 7 00:44:48 GMT 2008 

The account which you use to bind can be defined in the database or the
rootdn in the slapd.conf

There is also the option for anonymous binding - that's why I say use
slapcat as it sidesteps the binding issue but has the limitation that it
must be done on the ldap server (or its shared data area).

You can leave slapd running when you do slapcat for diags (you may wish to
stop ldap if you wanted to use slapcat to do a full backup of the directory,
but for these diags, its just a quick way of sanity checking the data)

I asked why you needed to restore as it's very unusual to lose data in this
way.

Was ldap reinstalled?

How about samba?

(Has some other thing changed after this power failure - like the smb.conf,
smbldap confs, ldap.conf or slapd.conf)

I take it that you're getting this running for Monday morning.

Q

On 07/01/2008, Tanguy Léost <tanguy.leost at free.fr> wrote:
>
> le 07.01.2008 00:43  Quinn Fissler ecrivait :
> > Why did you need to restore from the ldif?
> >
> > Are you sure it was a recent backup? How was it made?
> >
>
> Thanks very much for replying.
>
> I had to restore form a ldif file because the ldap seemed
> to be broken. Since we restored it, slpad is running again.
> I presume the restore was ok. I didn't do it myself.
>
> (By the way, I haven't had a look at the ldap administration,
> so I'm not quite used to the commands)
>
>
> > A quick way to browse the ldap data is:
> >  slapcat | less
> >
>
> I stopped slapd and tried it, it seems ok to me.
> I can see the data from my ldap.
>
>
> > on the ldap server. You can search quickly using the search functions in
> > "less" - just like in vi.
> >
> >
> > The log looks odd - I don't have a samba installation to hand to check
> > but we see a user called "Invite" and also some entries which seem to be
> > due a null user name:
> >
> >  >>[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
> >  >>check_sam_security: Couldn't find user '' in passdb file.
> >
>
> Yes, i'm puzzled too. "Invite" in french means "guest".
> I have no idea why it looks for the guest account.
>
> I looked furher, and something looks strange.
> If I try:
> #ldapsearch -D "cn=Manger,dc=company,dc=fr"
> I get this:
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>          additional info: SASL(-13): user not found: no secret in database
>
> It looks like it can't find the Manager account, doesn't it?
>
>
>
> > If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue
> > between the client and the pdc.
> >
> > Q
> >
> >
>
>
> I'll have a look at this.
>
> Thanks for your help
>

More information about the samba mailing list