[Samba] login via Samba 4 LDAP

steve steve at steve-ss.com
Wed Dec 28 12:27:25 MST 2011


I've rfc2703'd the Samba 4 LDAP for a user e.g. steve4. I can search the 
database and view it with phpldapadmin. I can't login from a linux console:

ldapsearch -LLL "(cn=steve4)"

SASL/GSSAPI authentication started
SASL username: steve4 at HH3.SITE
SASL data security layer installed.
dn: CN=steve4,CN=Users,DC=hh3,DC=site
cn: steve4
instanceType: 4
whenCreated: 20111228090516.0Z
uSNCreated: 3796
name: steve4
objectGUID:: SmOVmHoGLEKtIAG387qdKg==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: steve4
sAMAccountType: 805306368
userPrincipalName: steve4 at hh3.site
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=hh3,DC=site
pwdLastSet: 129695367160000000
userAccountControl: 512
gidNumber: 100
unixHomeDirectory: /home/CACTUS/steve4
loginShell: /bin/bash
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: user
uidNumber: 3000019
uid: steve4
whenChanged: 20111228160534.0Z
uSNChanged: 3815
distinguishedName: CN=steve4,CN=Users,DC=hh3,DC=site

# refldap://hh3.site/CN=Configuration,DC=hh3,DC=site

# refldap://hh3.site/DC=DomainDnsZones,DC=hh3,DC=site

# refldap://hh3.site/DC=ForestDnsZones,DC=hh3,DC=site

But when I try to login from an openSUSE box:

  su steve4
su: user steve4 does not exist

and the logs give:
Dec 28 20:20:04 hh3 worker_nscd: nss-ldap: do_open: do_start_tls 
Dec 28 20:20:04 hh3 worker_nscd: nss-ldap: do_open: do_start_tls 
Dec 28 20:20:04 hh3 worker_nscd: nss_ldap: could not search LDAP server 
- Server is unavailable

I have tried with and without tls using the ca.pem and cert.pem 
provisioned in /usr/local/samba/private/tls (it seems that the 
certificates CN does not match the FQDN of the server).

Samba gives me:
ldb_wrap open of secrets.ldb
Terminating connection - 'ldapsrv_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() 


passwd:    compat
group:    files ldap
hosts:    files mdns4_minimal [NOTFOUND=return] dns
passwd_compat:    ldap

Anyone been this way before?
Thanks Steve.

More information about the samba mailing list