[Samba] SAMBA AD and Google Cloud Directory Sync

Rowland Penny rpenny at samba.org
Fri Jun 2 18:24:24 UTC 2017 

On Fri, 2 Jun 2017 13:39:15 -0400
William Muller via samba <samba at lists.samba.org> wrote:

> I've successfully setup SAMBA AD following the guide at jimshaver.net
> and have been able to create all of my users without a problem. When
> I launch GCDS and attempt to test the LDAP connection via LDAP+SSL
> via port 636 I get the following error:

Why didn't you follow the Samba wiki ?

Not saying there is anything wrong with the howto you referred to, OK,
I am a liar, there is lots wrong with it ;-)

you don't need most of the first lot of packages, they are needed if
you are going to compile Samba yourself.

The howto uses ext4, so you don't need to modify /etc/fstab.

[quote] We need to be certain that dc1 always resolves to localhost.
[/quote]

No you don't, it needs to resolv to the DCs ipaddress and FQDN,
127.0.1.1 should be removed.

'ntp' isn't setup correctly, no 'ntpsigndsocket' line and 'mssntp'
isn't mentioned.

He seems to be using '192.168.0.1' as the forwarder, not saying you
cannot, but pound to a penny, that is his router and hence his gateway,
probably better using something like '8.8.8.8' instead.

There other things that you need to do, such as test various 'host'
settings.


> 
> *[2017-06-02 13:32:34,537] [SwingWorker-pool-1-thread-5] [DEBUG]
> [plugin.ldap.AbstractLdapHandler]
> javax.naming.AuthenticationException: [LDAP: error code 49 - Simple
> Bind Failed: NT_STATUS_LOGON_FAILURE]* *[2017-06-02 13:32:34,537]
> [SwingWorker-pool-1-thread-5] [ERROR]
> [plugin.ldap.AbstractLdapHandler] Failed to execute query because the
> object at Base DN: "OU=Test,DC=dc,DC=org" is missing or
> inaccessible.* *[2017-06-02 13:32:34,537]
> [SwingWorker-pool-1-thread-5] [DEBUG]
> [page.ldap.LdapTestConnectionWorker] RuntimeException in executeRule:
> Failed to execute query because the object at Base DN:
> "OU=Test,DC=dc,DC=org" is missing or inaccessible.*
> 
> As a test I've enabled Anonymous browsing and the base dn of
> "dc=dc,dc=org" is able to be queried however, it still won't find any
> OU giving me the same error "is missing or inaccessible".
> 
> I've reached out to Google but they were little help and seemed
> frustrated that I was attempting to use SAMBA4.
> 
> Has anyone successfully used GCDS with Samba4 acting as AD?
> 

Not sure if anybody has used GCDS, but have you actually created any
'OUs', there are none by default.

Rowland

More information about the samba mailing list