[Samba] LDAP authentication not working

Bartra1212 bartra1212 at web.de
Tue Jul 11 06:18:28 UTC 2017 

Hi everyone!

I just upgraded my Samba PDC to a active directory (I followed the migration
instruction of samba-wiki). Without any error message or something. *happy*

My PDC was running with a bind9 and slapd->openLDAP. I just turned both
services off and want to use the samba-internal ones.

My problem now is that I can't login with my domain members (just tried it
on my server -> debian stretch).here my details:

*smb.com*
[global]
        workgroup = EXAMPLE
        realm = example.com
        netbios name = PDC
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 8.8.8.8
        interfaces = br0
        ldap server require strong auth = no
[netlogon]
        path = /var/lib/samba/sysvol/example.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

*krb5.conf*
[libdefaults]
        default_realm = EXAMPLE.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

*/etc/hosts*
127.0.0.1       localhost
192.168.0.2    hk-server-01.example.com hk-server-01

*/etc/hostname*
hk-server-01

*/etc/resolv.conf*
search example.com
nameserver 192.168.0.1

*/etc/named.conf*
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

*/etc/named.conf.local*
include "/var/lib/samba/private/named.conf";

*/etc/named.conf.options*
options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

*/etc/named.conf.default-zones*
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

*/etc/nsswitch.conf*
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap
networks:       files ldap

protocols:      db files ldap
services:       db files ldap
ethers:         db files ldap
rpc:            db files ldap

netgroup:       nis ldap
aliases:        ldap

*/etc/nslcd.conf*
uid nslcd
gid nslcd
uri ldap://127.0.0.1/
base dc=example,dc=com
pagesize 1000
referrals off
ldap_version 3
tls_cacertfile /etc/ssl/certs/ca-certificates.crt



I tried

The samba service is running but with a warning:
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
   Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11min ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 1247 (samba)
   Status: "smbd: ready to serve connections..."
   Memory: 202.4M
      CPU: 46.634s
   CGroup: /system.slice/samba-ad-dc.service
           ├─1247 /usr/sbin/samba
           ├─1299 /usr/sbin/samba
           ├─1300 /usr/sbin/samba
           ├─1301 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─1302 /usr/sbin/samba
           ├─1303 /usr/sbin/samba
           ├─1304 /usr/sbin/samba
           ├─1305 /usr/sbin/samba
           ├─1306 /usr/sbin/samba
           ├─1307 /usr/sbin/samba
           ├─1308 /usr/sbin/samba
           ├─1309 /usr/sbin/samba
           ├─1310 /usr/sbin/samba
           ├─1311 /usr/sbin/samba
           ├─1312 /usr/sbin/samba
           ├─1313 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           ├─1345 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─1346 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
           ├─1353 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
           └─1373 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground

I just tried this ldapsearch command:
ldapsearch -H ldap://localhost -x
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication

# numResponses: 1


seems like a authentication problem.As you can see I added"ldap server
require strong auth = no" to my smb.conf but it don't work for my problem
:/..........Has anyone a tip for me?

thanks! 



--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-authentication-not-working-tp4721248.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list