[Samba] Issues with classicupgrade LDAP
Benjamin Arntzen
barntzen at digipen.edu
Wed Jun 11 19:50:44 MDT 2014
Using this as the options:
passdb backend = ldapsam:ldaps://204.174.42.81
ldap ssl = start tls
results in this:
Attempting to find a passdb backend to match
ldapsam:ldaps://204.174.42.81 (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=DIGIPEN.EDU))]
Failed to issue the StartTLS instruction: Operations error
Connection to LDAP server failed for the 1 try!
On 06/11/2014 06:29 PM, Andrew Bartlett wrote:
> On Wed, 2014-06-11 at 16:52 -0700, Benjamin Arntzen wrote:
>> Hi there,
>>
>> I'm attempting a classicupgrade from Samba3 to Samba4 with an LDAP
>> backend and encountering this error:
>> dpadmin at samba4-dev0:~$ samba-tool domain classicupgrade
>> --dbdir=/var/lib/samba --use-xattrs=yes --realm=ad.digipen.edu
>> /home/dpadmin/smb.conf 2>&1 | tee SambaMigration10.log
>>
>> <snip>
>> init_sam_from_ldap: Entry found for user: steven.redacted
>> init_sam_from_ldap: Entry found for user: lauro.redacted
>> init_sam_from_ldap: Entry found for user: michael.redacted
>> init_sam_from_ldap: Entry found for user: s.redacted
>> Next rid = 132072
>> Failed to bind - LDAP error 13 LDAP_CONFIDENTIALITY_REQUIRED - <TLS
>> confidentiality required> <>
>> Failed to connect to 'ldap://204.174.42.81' with backend 'ldap': (null)
>> ERROR(<type 'exceptions.NameError'>): uncaught exception - global name
>> 'ProvisiongError' is not defined
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
>> 1318, in run
>> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>> File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 801,
>> in upgrade_from_samba3
>> raise ProvisiongError("Could not open ldb connection to %s, the
>> error message is: %s" % (url, e))
>>
>> I have this in my config files:
>> # Password Database
>> #---------------------
>> # passdb backend = ldapsam:ldap://localhost
>> # passdb backend = ldapsam:ldap://ldap.digipen.edu
>> ldap://ldap-primary.digipen.edu
>> passdb backend = ldapsam:ldap://204.174.42.81
>> ldap admin dn = uid=redacted,ou=system,dc=digipen,dc=edu
>> ldap ssl = start tls
>> ldap passwd sync = yes
>> ldap delete dn = no
>> ldap suffix = dc=digipen,dc=edu
>> ldap user suffix = ou=people
>> ldap group suffix = ou=groups
>> ldap machine suffix = ou=computers
>> ldapsam:trusted = yes
>>
>> The rest of the migration (including a lot of init_sam_from_ldap) works
>> fine, and back on 4.0-beta it did *not* produce this issue.
>> Unfortunately I can't go back to that version.
>>
>> Help wanted :(
> The issue is that the second connection to LDAP we may from the python
> code does not know how to use the "ldap ssl = start tls" parameter. Can
> you use ldaps://?
>
> Andrew Bartlett
>
More information about the samba
mailing list