[Samba] samba can not contact the ldap server
robert rottermann
robert at redcor.ch
Wed Feb 18 12:32:10 GMT 2009
hi there,
I am working trough a tutorial on setting up samba and ldbap on a suses 11.1 box
everything worked fine so far but now samba can not contact the the ldap server.
all command trying it issue the following error message.
Failed to issue the StartTLS instruction: Can't contact LDAP server
how can I trace down what causes this?
thanks for your help
I added my slapd.conf and the global parts of the smb.conf
robert
---------------------------------------------------------------------
[global]
workgroup = redcor
map to guest = Bad User
passdb backend = ldapsam:ldap://haydn.redcor.net/
printcap name = /etc/printcap
logon path = \\%N\profile\%U
logon drive = H:
domain logons = Yes
os level = 99
domain master = Yes
ldap admin dn = cn=manager,dc=redcor,dc=ch
ldap group suffix = ou=groups
ldap machine suffix = ou=hosts
ldap passwd sync = Yes
ldap suffix = dc=redcor,dc=ch
ldap ssl = start tls
ldap user suffix = ou=users
cups options = raw
# By default run with minimal logging. However, if you need to debug
# 5 is a fairly verbose logging level.
log level = 5
log file = /var/log/samba/log.redcor
---------------------------------------------------------------------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/yast.schema
# Define global ACLs to disable default read access.
include acl.conf
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# equivalent to TLS_CACERT
TLSCertificateFile /etc/ssl/ldapcert.pem
# selbst-signiertes Zertifikat
# equivalent to TLS_KEY
TLSCertificateKeyFile /etc/ssl/ldapkey.pem
# privater Schluessel
# equivalent to TLS_CERT
TLSCACertificateFile /etc/ssl/demoCA/cacert.pem
# Certificate Authority
# this is equivalent to TLS_REQCERT
#TLSVerifyClient allow
#TLSVerifyClient try
#TLSVerifyClient demand
#Verfahrensweise
TLSCipherSuite HIGH:MEDIUM:+SSLv2
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=redcor,dc=ch"
checkpoint 1024 5
cachesize 10000
rootdn "cn=Administrator,"dc=redcor,dc=ch"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw blablabla
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
More information about the samba
mailing list