[Samba] ldapsearch with samba4

Andrew Dumaresq dumaresq at gmail.com
Sat Apr 23 12:34:21 MDT 2011 

Hi,

I've got ldapsearch mostly working:

root at morannon:/usr/local/samba/private/tls# ldapsearch 
'(sAMAccountName=dumaresq)'
SASL/GSSAPI authentication started
SASL username: administrator at XXX
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (sAMAccountName=dumaresq)
# requesting: ALL
#

results in here...


# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1


I cannot get ldapsearch -Z  or ldaps working:

ldapsearch '(sAMAccountName=dumaresq)' -Z
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Server is unwilling to perform (53)
         additional info: SASL:[GSSAPI]: Sign or Seal are not allowed if 
TLS is used


Here is what I get in samba.log when I do did that command:

[2011/04/23 14:29:56,  3] 
../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2011/04/23 14:29:56,  3] 
../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2011/04/23 14:29:56,  3] 
../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2011/04/23 14:29:56,  3] 
../source4/smbd/service_stream.c:62(stream_terminate_connection)
   Terminating connection - 'ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2011/04/23 14:29:56,  3] 
../source4/smbd/process_single.c:104(single_terminate)
   single_terminate: reason[ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]


I'm not sure where to go from here.  I've tried several different 
options in /etc/ldap/ldap.conf and I always get that error, unless I 
comment out #TLS_REQCERT allow
then I get:

ldapsearch '(sAMAccountName=dumaresq)' -Z
ldap_start_tls: Connect error (-11)
         additional info: (unknown error code)
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
         additional info: (unknown error code)

with:
[2011/04/23 14:31:29,  3] 
../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2011/04/23 14:31:29,  3] 
../source4/lib/ldb-samba/ldb_wrap.c:319(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2011/04/23 14:31:29,  1] 
../source4/lib/tls/tls_tstream.c:542(tstream_tls_retry_read)
   TLS ../source4/lib/tls/tls_tstream.c:542 - A record packet with 
illegal version was received.
[2011/04/23 14:31:29,  3] 
../source4/smbd/service_stream.c:62(stream_terminate_connection)
   Terminating connection - 'ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR'
[2011/04/23 14:31:29,  3] 
../source4/smbd/process_single.c:104(single_terminate)
   single_terminate: reason[ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]

in samba.log

Neither of those are helpful, I've tried stracing, but I don't see an 
errors.  I believe this is a cert issue, but I'm not sure exactly what 
the cert issue is.

Thanks

More information about the samba mailing list