[Samba] LDAP authentication not working

Bartra1212 bartra1212 at web.de
Tue Jul 11 06:18:28 UTC 2017

Hi everyone!

I just upgraded my Samba PDC to a active directory (I followed the migration
instruction of samba-wiki). Without any error message or something. *happy*

My PDC was running with a bind9 and slapd->openLDAP. I just turned both
services off and want to use the samba-internal ones.

My problem now is that I can't login with my domain members (just tried it
on my server -> debian stretch).here my details:

        workgroup = EXAMPLE
        realm = example.com
        netbios name = PDC
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder =
        interfaces = br0
        ldap server require strong auth = no
        path = /var/lib/samba/sysvol/example.com/scripts
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

        default_realm = EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

*/etc/hosts*       localhost    hk-server-01.example.com hk-server-01


search example.com

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

include "/var/lib/samba/private/named.conf";

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query {;; };
        allow-recursion {;; };
        forwarders {; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 {;; };
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

zone "." {
        type hint;
        file "/etc/bind/db.root";

zone "localhost" {
        type master;
        file "/etc/bind/db.local";

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap
networks:       files ldap

protocols:      db files ldap
services:       db files ldap
ethers:         db files ldap
rpc:            db files ldap

netgroup:       nis ldap
aliases:        ldap

uid nslcd
gid nslcd
uri ldap://
base dc=example,dc=com
pagesize 1000
referrals off
ldap_version 3
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

I tried

The samba service is running but with a warning:
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11min ago
     Docs: man:samba(8)
 Main PID: 1247 (samba)
   Status: "smbd: ready to serve connections..."
   Memory: 202.4M
      CPU: 46.634s
   CGroup: /system.slice/samba-ad-dc.service
           ├─1247 /usr/sbin/samba
           ├─1299 /usr/sbin/samba
           ├─1300 /usr/sbin/samba
           ├─1301 /usr/sbin/smbd -D --option=server role check:inhibit=yes
           ├─1302 /usr/sbin/samba
           ├─1303 /usr/sbin/samba
           ├─1304 /usr/sbin/samba
           ├─1305 /usr/sbin/samba
           ├─1306 /usr/sbin/samba
           ├─1307 /usr/sbin/samba
           ├─1308 /usr/sbin/samba
           ├─1309 /usr/sbin/samba
           ├─1310 /usr/sbin/samba
           ├─1311 /usr/sbin/samba
           ├─1312 /usr/sbin/samba
           ├─1313 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─1345 /usr/sbin/smbd -D --option=server role check:inhibit=yes
           ├─1346 /usr/sbin/smbd -D --option=server role check:inhibit=yes
           ├─1353 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           └─1373 /usr/sbin/smbd -D --option=server role check:inhibit=yes

I just tried this ldapsearch command:
ldapsearch -H ldap://localhost -x
# extended LDIF
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

# numResponses: 1

seems like a authentication problem.As you can see I added"ldap server
require strong auth = no" to my smb.conf but it don't work for my problem
:/..........Has anyone a tip for me?


View this message in context: http://samba.2283325.n4.nabble.com/LDAP-authentication-not-working-tp4721248.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list