[Samba] Samba 3.x server with LDAP backend doesn't work

Gollapalli, Prakash pgoll at med.umich.edu
Thu May 16 14:44:04 MDT 2013

>Did you try w/o start TLS support?   I realize this can have security
implications, so this is only to see if the problem is with TLS or with
the configuration in general.

I have tried without TLS support and without SSL (replaced ldaps with ldap)

   passdb backend = ldapsam:ldap://<company_ldap_server>/
   ldap ssl = off
   ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz
   ldap suffix = dc=xxx,dc=yyy,dc=zzz
   ldap delete dn = no
   ldap user suffix = ou=People
   ldap group suffix = ou=Groups

Now I get the following error:
[2013/05/16 16:38:14,  0] lib/smbldap.c:1052(smbldap_connect_system)
  failed to bind to server ldap://<company_ldap_server>/ with dn="cn=Adminid,dc=xxx,dc=yyy,dc=zzz" Error: Confidentiality required

>It the LDAP server is on the same server as the samba server then I
don't think you will need TLS encryption, since there isn't LAN traffic
to snoop.

Our LDAP server is not on the same server. It is a central enterprise server

>don't forget to set set the ldap password with "smbpasswd -w"

I did this part for the Adminid

>Also I think "ldaps" means ldap over SSL, not ldap+tls.   I would also
use ldapclient tools (e.g. the command line ldapsearch or the gui Apache
Directory Studio ldap browser and editor) to make sure you can connect
to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL.     You
need to make sure you have all the certificates configured correctly.

LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work

Thanks, Prakash
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues 

More information about the samba mailing list