I am using Samba 2.2.3a, and trying to use ldap for simple sambaAccount lookups. After installing OpenLDAP 2.1, Samba is no longer able to bind to the LDAP server at all apparently. All authentication fails. This appears in the log files. [2003/04/14 18:22:57, 0] passdb/pdb_ldap.c:ldap_connect_system(172) Bind failed: Protocol error [2003/04/14 18:22:57, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) get_md4pw: Workstation station-30$: no account in domain Obviously, LDAP fails to bind. "Protocol error" is not useful at all! Any ideas? Important config below. I have verified that I can bind (using ldapsearch, and other programs), using the exact information below. I have run smbpasswd -w. Jerry Haltom Feedback Plus, Inc. ldap port = 389 ldap suffix = "dc=feedbackplusinc,dc=com" ldap admin dn = "cn=root,dc=feedbackplusinc,dc=com" ldap ssl = off ldap server = localhost
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16 Apr 2003, Jerry Haltom wrote:> I am using Samba 2.2.3a, and trying to use ldap for simple sambaAccount > lookups. > > After installing OpenLDAP 2.1, Samba is no longer able to bind to the > LDAP server at all apparently. All authentication fails. This appears in > the log files.You probably just need to allow LDAPv2 binds. When not using StartTLS, smbd will do a LDAPv2 bind. OpenLDAP 2.1 only allows LDAPv3 binds by default. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+n282IR7qMdg1EfYRAgfFAKCAzEqniCftqCbgK8STbu1yMqz7IgCeN1cf f01UfyVbcRmmvpRg3UwUf+o=5b65 -----END PGP SIGNATURE-----
I have fixed this by patching Samba to use LDAPv3. I added a "ldap version" parameter to the config file, which forces the version used to bind. If anybody is interested, or also has this problem, just ask for patches. I liked this idea better than changing OpenLDAP to allow v2. =) Jerry Haltom Feedback Plus, Inc. On Thu, 2003-04-17 at 22:21, Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 16 Apr 2003, Jerry Haltom wrote: > > > I am using Samba 2.2.3a, and trying to use ldap for simple sambaAccount > > lookups. > > > > After installing OpenLDAP 2.1, Samba is no longer able to bind to the > > LDAP server at all apparently. All authentication fails. This appears in > > the log files. > > You probably just need to allow LDAPv2 binds. When not using StartTLS, > smbd will do a LDAPv2 bind. OpenLDAP 2.1 only allows LDAPv3 binds by > default. > > > > > cheers, jerry > ---------------------------------------------------------------------- > Hewlett-Packard ------------------------- http://www.hp.com > SAMBA Team ---------------------- http://www.samba.org > GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc > "You can never go home again, Oatman, but I guess you can shop there." > --John Cusack - "Grosse Point Blank" (1997) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.0 (GNU/Linux) > Comment: For info see http://quantumlab.net/pine_privacy_guard/ > > iD8DBQE+n282IR7qMdg1EfYRAgfFAKCAzEqniCftqCbgK8STbu1yMqz7IgCeN1cf > f01UfyVbcRmmvpRg3UwUf+o> =5b65 > -----END PGP SIGNATURE----- > >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9 May 2003, Jerry Haltom wrote:> I have fixed this by patching Samba to use LDAPv3. I added a "ldap > version" parameter to the config file, which forces the version used to > bind. If anybody is interested, or also has this problem, just ask for > patches. I liked this idea better than changing OpenLDAP to allow v2. =)IIRC this is fixed in 2.2.8a already. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+u9aDIR7qMdg1EfYRAvdDAJ9Ke1MGLAsjGPatqZrJB6RAJ8t0fgCfS+t3 FSrUFiACegvPRuQWHlUAlbY=VW8b -----END PGP SIGNATURE-----