[Samba] Samba 3.x server with LDAP backend doesn't work

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu May 16 10:14:21 MDT 2013


Did you try w/o start TLS support?   I realize this can have security 
implications, so this is only to see if the problem is with TLS or with 
the configuration in general.

It the LDAP server is on the same server as the samba server then I 
don't think you will need TLS encryption, since there isn't LAN traffic 
to snoop.

don't forget to set set the ldap password with "smbpasswd -w"

Also I think "ldaps" means ldap over SSL, not ldap+tls.   I would also 
use ldapclient tools (e.g. the command line ldapsearch or the gui Apache 
Directory Studio ldap browser and editor) to make sure you can connect 
to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL.     You 
need to make sure you have all the certificates configured correctly.





On 05/16/13 11:27, Gollapalli, Prakash wrote:
> We have a central LDAP server for our enterprise on a Linux box.  I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server.   So far my efforts have been unsuccessful.  Here is my ldap section of the smb.conf file:
>
> passdb backend = ldapsam:ldaps://<company_ldap_server>/
> ldap ssl = start tls
> ldap suffix = dc=xxx,dc=yyy,dc=zzz
> ldap delete dn = no
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
>
> Here is the error I am seeing in the Samba errorlog:
>
> [2013/05/16 11:08:14,  0] lib/smbldap.c:656(smb_ldap_start_tls)
>    Failed to issue the StartTLS instruction: Can't contact LDAP server
> [2013/05/16 11:08:14,  1] lib/smbldap.c:1231(another_ldap_try)
>    Connection to LDAP server failed for the 1 try!
>
> Is there a documented procedure on how to connect samba users to a backend ldap server?
>
> Any help with is greatly appreciated
>
> Thanks, Prakash
> **********************************************************
> Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues



More information about the samba mailing list