[Samba] LDAP authentication not working
Bartra1212
bartra1212 at web.de
Tue Jul 11 06:18:28 UTC 2017
Hi everyone!
I just upgraded my Samba PDC to a active directory (I followed the migration
instruction of samba-wiki). Without any error message or something. *happy*
My PDC was running with a bind9 and slapd->openLDAP. I just turned both
services off and want to use the samba-internal ones.
My problem now is that I can't login with my domain members (just tried it
on my server -> debian stretch).here my details:
*smb.com*
[global]
workgroup = EXAMPLE
realm = example.com
netbios name = PDC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 8.8.8.8
interfaces = br0
ldap server require strong auth = no
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*krb5.conf*
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
*/etc/hosts*
127.0.0.1 localhost
192.168.0.2 hk-server-01.example.com hk-server-01
*/etc/hostname*
hk-server-01
*/etc/resolv.conf*
search example.com
nameserver 192.168.0.1
*/etc/named.conf*
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
*/etc/named.conf.local*
include "/var/lib/samba/private/named.conf";
*/etc/named.conf.options*
options {
directory "/var/cache/bind";
version "0.0.7";
notify no;
empty-zones-enable no;
allow-query { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
forwarders { 8.8.8.8; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.0.2; 127.0.0.1; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
*/etc/named.conf.default-zones*
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
*/etc/nsswitch.conf*
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap
networks: files ldap
protocols: db files ldap
services: db files ldap
ethers: db files ldap
rpc: db files ldap
netgroup: nis ldap
aliases: ldap
*/etc/nslcd.conf*
uid nslcd
gid nslcd
uri ldap://127.0.0.1/
base dc=example,dc=com
pagesize 1000
referrals off
ldap_version 3
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
I tried
The samba service is running but with a warning:
● samba-ad-dc.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2017-07-10 12:12:06 CEST; 3h 11min ago
Docs: man:samba(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1247 (samba)
Status: "smbd: ready to serve connections..."
Memory: 202.4M
CPU: 46.634s
CGroup: /system.slice/samba-ad-dc.service
├─1247 /usr/sbin/samba
├─1299 /usr/sbin/samba
├─1300 /usr/sbin/samba
├─1301 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─1302 /usr/sbin/samba
├─1303 /usr/sbin/samba
├─1304 /usr/sbin/samba
├─1305 /usr/sbin/samba
├─1306 /usr/sbin/samba
├─1307 /usr/sbin/samba
├─1308 /usr/sbin/samba
├─1309 /usr/sbin/samba
├─1310 /usr/sbin/samba
├─1311 /usr/sbin/samba
├─1312 /usr/sbin/samba
├─1313 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─1345 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─1346 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─1353 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
└─1373 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
I just tried this ldapsearch command:
ldapsearch -H ldap://localhost -x
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 1 Operations error
text: 00002020: Operation unavailable without authentication
# numResponses: 1
seems like a authentication problem.As you can see I added"ldap server
require strong auth = no" to my smb.conf but it don't work for my problem
:/..........Has anyone a tip for me?
thanks!
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-authentication-not-working-tp4721248.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list