[Samba] OpenLDAP and Samba configuration woes

Joel Sass sass.joel at gmail.com
Wed Dec 15 07:22:37 MST 2010


Hello everyone,

I am having an awful time getting Samba to authenticate against my LDAP
database. I am presently receiving the following error when I attempt to run
smbd:

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CENTOSTEST))]

smbldap_search_ext: base => [dc=dresults,dc=com], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=CENTOSTEST))], scope =>
[2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://192.168.1.37

smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb


The full log can be viewed here: http://pastebin.com/i1up0AQS


I have the secrets.tdb file showing what I think is correct for Samba, but I
am not certain. Here's a tdbdump output: http://pastebin.com/2vBU7q6H

I am running 389 Director Services which is a front end for a CentOS/Fedora
openLDAP database. The user that is meant to be the querying/managing user
by 389 is "directory manager". That user name was used by default when I ran
"smbpasswd -w". The secrets.tdb file is located in /etc/samba/secrets.tdb

My smb.conf appears as follows: http://pastebin.com/CLTiXvaX

I am almost positive the problems I am having lie somewhere in the
configuration file above, but I am not sure what it's supposed to look like.
I have since given up on referring to the 389 documents, because I have
found a lot of inconsistencies, which lead me to believe the docs are
outdated.

Lastly, here's my ldap.conf: http://pastebin.com/rU9cnXNh

Now, I am presently able to authenticate against ldap with normal UNIX
users. Getent passwd works fine, and I can use ldapsearch to check accounts.

Someone please tell me what I am missing. I feel like I am really close to
having this resolved, but I am not really sure where I have gone wrong. I
have this funny feeling that there is a configuration issue.

For the record, iptables is totally open, and selinux has been disabled.


Thanks for reading!

Joel


More information about the samba mailing list