[Samba] Samba 3.x server with LDAP backend doesn't work

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu May 16 15:37:10 MDT 2013 

And just to clarify you can use ldapsearch with the samba admin 
credentials as well?


What is the ldap server?  (Openldap ?)




On 05/16/13 16:44, Gollapalli, Prakash wrote:
>> Did you try w/o start TLS support?   I realize this can have security
> implications, so this is only to see if the problem is with TLS or with
> the configuration in general.
>
> I have tried without TLS support and without SSL (replaced ldaps with ldap)
>
>     passdb backend = ldapsam:ldap://<company_ldap_server>/
>     ldap ssl = off
>     ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz
>     ldap suffix = dc=xxx,dc=yyy,dc=zzz
>     ldap delete dn = no
>     ldap user suffix = ou=People
>     ldap group suffix = ou=Groups
>
> Now I get the following error:
> [2013/05/16 16:38:14,  0] lib/smbldap.c:1052(smbldap_connect_system)
>    failed to bind to server ldap://<company_ldap_server>/ with dn="cn=Adminid,dc=xxx,dc=yyy,dc=zzz" Error: Confidentiality required
>          (unknown)
>
>> It the LDAP server is on the same server as the samba server then I
> don't think you will need TLS encryption, since there isn't LAN traffic
> to snoop.
>
> Our LDAP server is not on the same server. It is a central enterprise server
>
>> don't forget to set set the ldap password with "smbpasswd -w"
> I did this part for the Adminid
>
>> Also I think "ldaps" means ldap over SSL, not ldap+tls.   I would also
> use ldapclient tools (e.g. the command line ldapsearch or the gui Apache
> Directory Studio ldap browser and editor) to make sure you can connect
> to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL.     You
> need to make sure you have all the certificates configured correctly.
>
> LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work
>
> Thanks, Prakash
> **********************************************************
> Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues

More information about the samba mailing list