[Samba] Samba4 / Open LDAP init DB

Rowland penny rpenny at samba.org
Tue May 17 18:03:48 UTC 2016 

On 17/05/16 18:27, Leander Schäfer wrote:
> Hi,
>
> I have been able to successfully install Samba4 and OpenLDAP and 
> connect them via SSL. The file samba.schema is also loaded into 
> OpenLDAP, but when I start samba server it looks like it is expecting 
> some basic structure. My Question at this point is how to provide this 
> the easisest way? Currently the OpenLDAP DB is entirely empty (virgin) 
> so Samba4 could create anything it needs.
>
> cat /var/log/samba4/log.smbd
> [...]
>   smbldap_open_connection: connection opened
> [2016/05/17 19:24:34.065158,  3] 
> ../source3/lib/smbldap.c:1013(smbldap_connect_system)
>   ldap_connect_system: successful connection to the LDAP server
> [2016/05/17 19:24:34.065319,  2] 
> ../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info)
>   smbldap_search_domain_info: Problem during LDAPsearch: No such object
> [2016/05/17 19:24:34.065340,  2] 
> ../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info)
>   smbldap_search_domain_info: Query was: dc=MYDOMAIN,dc=LocalDomain, 
> (&(objectClass=sambaDomain)(sambaDomainName=STORAGE-03))
> [2016/05/17 19:24:34.065359,  0] 
> ../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
>   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to 
> the domain. We cannot work reliably without it.
> [2016/05/17 19:24:34.065485,  0] 
> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
>   pdb backend ldapsam:"ldap://127.0.0.1/ 
> ldap://Storage-03.MYDOMAIN.LocalDomain/" did not correctly init (error 
> was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
>
>
> cat /usr/local/etc/smb4.conf
>
> [global]
>
>   # Basic server settings
>   workgroup          = MYDOMAIN
>   realm              = MYDOMAIN.LOCALDOMAIN
>   netbios name       = STORAGE-03
>
>   # Password backend
>   passdb backend         = ldapsam:"ldap://127.0.0.1/ 
> ldap://Storage-03.MYDOMAIN.LocalDomain/"
>   ldap admin dn          = cn=admin,dc=MYDOMAIN,dc=LocalDomain
>   ldap suffix            = dc=MYDOMAIN,dc=LocalDomain
>   idmap_ldb:use rfc2307  = Yes
>   encrypt passwords      = yes
>   invalid users          = root
> [...]
>
>

Hmm, what are you trying to achieve, an NT4-style PDC or an AD DC ?

If the first, you will need to remove these lines:

realm              = MYDOMAIN.LOCALDOMAIN
idmap_ldb:use rfc2307  = Yes

If you want to set up an AD DC, you will need to remove openldap, it is 
(at the moment, this could change though) incompatible with the LDAP 
built into a Samba AD DC.

Lets sort out just what you want and then move on from there.

Rowland

More information about the samba mailing list