[Samba] Fw:ldap access domain AD failed on 4.7.6 and 4.8.0
Ryan
ryanyang51 at 163.com
Thu Apr 12 07:19:16 UTC 2018
Hi,
I want to use samba as AD on SLES 11 SP3. And I can make samba 4.5.x into some rpms which works well.
Recently I try to build samba 4.8.0 using my spec file which works well on samba4.5.x. But when I test these rpms there is a problem. When I use ldap to access the domain to query some domain info, it remains me the directory service is not operational. This problem also appears in samba4.7.6 with my spec file.Besides, I tried to use AD Explorer to connect the AD. It also failed with “this directory service is unavailable”.
And here are my configure options in spec file:
PATH_OPTS="\
--enable-fhs \
--with-lockdir=%{_localstatedir}/cache/samba \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--sysconfdir=%{_sysconfdir} \
--datadir=%{_datadir} \
--includedir=%{_includedir} \
--libdir=%{_libdir} \
--libexecdir=%{_libexecdir} \
--localstatedir=%{_localstatedir} \
--sharedstatedir=%{_sharedstatedir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--with-pammodulesdir=/%{_lib}/security \"
BUILD_OPTS="\
--disable-rpath-install \
--bundled-libraries=ALL \
%if %{make_devel}
--enable-developer \
--picky-developer \
--enable-krb5developer \
%endif"
CONF_OPTS="\
--enable-cups \
--enable-gnutls \
--with-acl-support \
--with-automount \
--with-pam \
--without-profiling-data \
--with-quotas \
--with-syslog \
--with-utmp \
--with-winbind \
--with-ads \
--with-dnsupdate \
--with-cluster-support \
%if %{with_libarchive}
--with-libarchive \
%else
--without-libarchive \
%endif
%if %{make_dmapi}
--with-dmapi \
%else
--without-dmapi \
%endif
--with-shared-modules=%{shared_modules} \"
./configure $PATH_OPTS $BUILD_OPTS $CONF_OPTS
This is my smb.conf :
[global]
bind interfaces only = Yes
interfaces = 8.22.145.173 127.0.0.1
log file = /var/FusionAccess/LiteAD/log.samba
log level = 2
max log size = 15000
netbios name = SAMBATEST2
realm = TESTSAMBA476.HAUWEI.COM
server role = active directory domain controller
workgroup = TESTSAMBA476
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[netlogon]
path = /var/lib/samba/sysvol/testsamba476.hauwei.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
In log.samba I found those when I use ldap to access the domain:
[2018/04/11 15:31:18.303677, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2018/04/11 15:31:18.303917, 2] ../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]
[2018/04/11 15:31:18.307704, 2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 24315 () exited with status 0
[2018/04/11 15:31:18.347855, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2018/04/11 15:31:18.348237, 2] ../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]
[2018/04/11 15:31:18.352456, 2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 24316 () exited with status 0
Is there any change for ldap default configuration in samba4.7.x and samba4.8.x comparing to samba 4.5.x? If so, what should I do tomake it back to normal.
Thanks
RyanYang
More information about the samba
mailing list