[Samba] login via Samba 4 LDAP
steve
steve at steve-ss.com
Wed Dec 28 12:27:25 MST 2011
Hi
I've rfc2703'd the Samba 4 LDAP for a user e.g. steve4. I can search the
database and view it with phpldapadmin. I can't login from a linux console:
ldapsearch -LLL "(cn=steve4)"
SASL/GSSAPI authentication started
SASL username: steve4 at HH3.SITE
SASL SSF: 56
SASL data security layer installed.
dn: CN=steve4,CN=Users,DC=hh3,DC=site
cn: steve4
instanceType: 4
whenCreated: 20111228090516.0Z
uSNCreated: 3796
name: steve4
objectGUID:: SmOVmHoGLEKtIAG387qdKg==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAb3HIjuGOMdR6frbzWQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: steve4
sAMAccountType: 805306368
userPrincipalName: steve4 at hh3.site
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 129695367160000000
userAccountControl: 512
gidNumber: 100
unixHomeDirectory: /home/CACTUS/steve4
loginShell: /bin/bash
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: user
uidNumber: 3000019
uid: steve4
whenChanged: 20111228160534.0Z
uSNChanged: 3815
distinguishedName: CN=steve4,CN=Users,DC=hh3,DC=site
# refldap://hh3.site/CN=Configuration,DC=hh3,DC=site
# refldap://hh3.site/DC=DomainDnsZones,DC=hh3,DC=site
# refldap://hh3.site/DC=ForestDnsZones,DC=hh3,DC=site
But when I try to login from an openSUSE box:
su steve4
su: user steve4 does not exist
and the logs give:
Dec 28 20:20:04 hh3 worker_nscd: nss-ldap: do_open: do_start_tls
failed:stat=-1
Dec 28 20:20:04 hh3 worker_nscd: nss-ldap: do_open: do_start_tls
failed:stat=-1
Dec 28 20:20:04 hh3 worker_nscd: nss_ldap: could not search LDAP server
- Server is unavailable
I have tried with and without tls using the ca.pem and cert.pem
provisioned in /usr/local/samba/private/tls (it seems that the
certificates CN does not match the FQDN of the server).
Samba gives me:
ldb_wrap open of secrets.ldb
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
etc/nsswitch.conf
passwd: compat
group: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns
passwd_compat: ldap
Anyone been this way before?
Thanks Steve.
More information about the samba
mailing list