Harry Rüter
2005-Jan-11 15:34 UTC
[Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated -> Kernel 2.4.27)
My problem :
------------
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]="486DX66"
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base => [dc=hrnet,dc=de], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope => [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base <dc=hrnet,dc=de> with scope sub
# filter: (&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] root@486dx66:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too ....
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
It must be a samba problem as all tools i tried are working
well with Openldap (did mostly try a search to test ..)
Here is my smb.conf (only the globals) :
---snipp---
[global]
netbios name = 486DX66
workgroup = HRDOMAIN
domain logons = Yes
domain master = Yes
security = User
server string = Samba-PDC %v on %h
passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = "dc=hrnet,dc=de"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap port = 1389
ldap admin dn = "cn=ldapadmin,dc=hrnet,dc=de"
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
encrypt passwords = yes
time server = Yes
kernel oplocks = no
short preserve case = yes
wins support = no
case sensitive = no
max log size = 1000
lock dir = /var/lock/samba
log file = /var/log/samba-%m.log
load printers = yes
logon drive = v:
os level = 255
create mask = 0661
logon home = \\%N\%u\.profiles
printing = cups
printcap = cups
---snipp---
So, i would be very thankfull if someone
could give me a hint ...
If mor informations/logs/traces are needed tell
me, i will send them ..
grets Harry
spu@corman.be
2005-Jan-11 15:39 UTC
RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi, have compiled with --with-ldap or --with-ldapsam ? If --with-ldap, you must delete these lines : ldap server = 486dx66.hrnet.de ldap port = 1389 ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 11/01/2005 16:33:31 :> Hi everybody, > > i'm having serious problems with the configuration > of samba 3.0.10. > > First my setup : > > samba-3.0.10 built from source > openldap-2.2.20 built from source > OS : Suse Linux 7.1 (but updated -> Kernel 2.4.27) > > My problem : > ------------ > > I'm trying to use smbpasswd like the following : > > ---snipp--- > [PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina > Netbios name list:- > my_netbios_names[0]="486DX66" > Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/ > Attempting to register passdb backend ldapsam > Successfully added passdb backend 'ldapsam' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend 'ldapsam_compat' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend 'smbpasswd' > Attempting to register passdb backend tdbsam > Successfully added passdb backend 'tdbsam' > Attempting to register passdb backend guest > Successfully added passdb backend 'guest' > Attempting to find an passdb backend to match > > ---snipp--- > > Everything seems to be okay, > but the following lines are the important ones ... > > ---snipp--- > ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam) > Found pdb backend ldapsam > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))] > smbldap_search: base => [dc=hrnet,dc=de], filter => > [(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope => [2] > smbldap_open_connection: ldap://486dx66.hrnet.de:1389/ > smbldap_open_connection: connection opened > fetch_ldap_pw: neither ldap secret retrieved! > ldap_connect_system: Failed to retrieve password from secrets.tdb > Connection to LDAP server failed for the 1 try! > ---snipp--- > > And so on. So, it is said, there's a connection opened to > ldap://486dx66.hrnet.de:1389/ > but it isn't as the logs auf openldap show (there's no entry which shows > any connection from smbpasswd to LDAP-Server, believe me, i can't show > you anything,although loglevel is set to -1, which means that > everything would/will be logged) > > So one could think, there's simple a problem with OpenLDAP, > so let's try a similar search : > > ---snipp--- > [PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H > ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub > '(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))' > # extended LDIF > # > # LDAPv3 > # base <dc=hrnet,dc=de> with scope sub > # filter: (&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN)) > # requesting: ALL > # > > # HRDOMAIN, hrnet.de > dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de > sambaNextUserRid: 41000 > sambaSID: S-1-5-21-2344209003-2394295749-876522236 > objectClass: sambaDomain > sambaAlgorithmicRidBase: 1000 > sambaDomainName: HRDOMAIN > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > [PTS2] root@486dx66:/usr/local/samba3 # > > ---snipp--- > > So OpenLDAP works , i can see it in the logs too .... > (too much to show, so you must believe me ;o) > > Now my question : > > Does anybody see, where the problem comes from, > is there a mistake in my smb.conf or does anyone > have hints/solutions ? > > I tried with ssl=on,ssl=off,ssl = start tls, > but this didn't change anything. > It must be a samba problem as all tools i tried are working > well with Openldap (did mostly try a search to test ..) > > > Here is my smb.conf (only the globals) : > > ---snipp--- > [global] > netbios name = 486DX66 > workgroup = HRDOMAIN > domain logons = Yes > domain master = Yes > security = User > > server string = Samba-PDC %v on %h > > passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/ > > ldap server = 486dx66.hrnet.de > ldap suffix = "dc=hrnet,dc=de" > ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))" > ldap port = 1389 > ldap admin dn = "cn=ldapadmin,dc=hrnet,dc=de" > ldap ssl = off > ldap user suffix = ou=users > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > > encrypt passwords = yes > time server = Yes > > kernel oplocks = no > short preserve case = yes > wins support = no > case sensitive = no > max log size = 1000 > > lock dir = /var/lock/samba > log file = /var/log/samba-%m.log > load printers = yes > logon drive = v: > os level = 255 > create mask = 0661 > logon home = \\%N\%u\.profiles > printing = cups > printcap = cups > > > ---snipp--- > > So, i would be very thankfull if someone > could give me a hint ... > > If mor informations/logs/traces are needed tell > me, i will send them .. > > grets Harry > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Harry Rüter
2005-Jan-11 16:37 UTC
[Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi again, i'm very happy someone out there tries to solute my problem ;o) If you mean the pw for ldap admin dn = "cn=ldapadmin,dc=hrnet,dc=de" yes, i did ... greets Harry William Jojo schrieb:> > > did you set the rootdn password with "smbpasswd -w rootdnpw"? > > > Bill >[deleted]
Mathias.Wohlfarth@mw-eb.de
2005-Jan-11 16:48 UTC
Antwort: [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Did you set the password for your ldapadmin. (smbpasswd -w <password>).
The error message is
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
Seems you forgot this.
regards MW
Mathias Wohlfarth EDV-Beratung
Thomas-Mann-Str.1
53111 Bonn
Tel. 0172 / 53 45 591
01801 / 777 555 33 01
Fax 0228 / 9469181
Email mathias.wohlfarth@mw-eb.de
Harry R?ter <harry_rueter@gmx.de>
Gesendet von: samba-bounces+mathias.wohlfarth=mw-eb.de@lists.samba.org
11.01.2005 16:33
Bitte antworten an harry_rueter
An: samba@lists.samba.org
Kopie:
Thema: [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and
smbpasswd
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated -> Kernel 2.4.27)
My problem :
------------
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]="486DX66"
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base => [dc=hrnet,dc=de], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope => [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base <dc=hrnet,dc=de> with scope sub
# filter: (&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] root@486dx66:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too ....
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
It must be a samba problem as all tools i tried are working
well with Openldap (did mostly try a search to test ..)
Here is my smb.conf (only the globals) :
---snipp---
[global]
netbios name = 486DX66
workgroup = HRDOMAIN
domain logons = Yes
domain master = Yes
security = User
server string = Samba-PDC %v on %h
passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = "dc=hrnet,dc=de"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap port = 1389
ldap admin dn = "cn=ldapadmin,dc=hrnet,dc=de"
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
encrypt passwords = yes
time server = Yes
kernel oplocks = no
short preserve case = yes
wins support = no
case sensitive = no
max log size = 1000
lock dir = /var/lock/samba
log file = /var/log/samba-%m.log
load printers = yes
logon drive = v:
os level = 255
create mask = 0661
logon home = \\%N\%u\.profiles
printing = cups
printcap = cups
---snipp---
So, i would be very thankfull if someone
could give me a hint ...
If mor informations/logs/traces are needed tell
me, i will send them ..
grets Harry
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Harry Rüter
2005-Jan-11 17:49 UTC
[Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi ;o)
here are more informations :
Because just testing and not public you get to know all my secrets ;o)
PW is : secret
slapd.conf (partly ..):
---snipp---
database bdb
suffix "dc=hrnet,dc=de"
rootdn "cn=ldapmanager,dc=hrnet,dc=de"
rootpw secret
directory /usr/local/openldap-2.2/var/openldap-data
index objectClass eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
access to *
by * write
---snipp---
smb.conf (partly, what's of interest) :
---snipp---
# now without passdb backend
# passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = "dc=hrnet,dc=de"
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap port = 1389
ldap admin dn = "cn=ldapmanager,dc=hrnet,dc=de"
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
---snipp---
William Jojo schrieb:>
> I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's
> compiled ok, which I believe it is since you are getting errors about not
> finding the rootdn password.
>
> Hmmm, well, here's a couple of things:
>
> 1) How tight do you have the restrictions on slapd.conf with respect to
> accessing certain containers?
See above, no restrictions now ..
> 2) be certain the rootdn in slapd.conf exactly matches "ldap admin
dn".
See above ...
> 3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes
are
> in place. (i've done that myself :-)
Okay, i did this again after having finished smb.conf ...
> 4) tdbdump the secrets.tdb to verify that the entry in the database shows
> the correct rootdn and password selected.
Seems to be okay ....
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb {
key = "SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de"
data = "secret\00"
}
{
key = "SECRETS/SID/HRDOMAIN"
data =
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key = "SECRETS/SID/486DX66"
data =
"\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}
---snipp---
Here's the output i have now ..
---snipp---
[PTS2] root@486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 -c
etc/smb.conf tina
Netbios name list:-
my_netbios_names[0]="486DX66"
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
New SMB password:
Retype new SMB password:
smbldap_search: base => [dc=hrnet,dc=de], filter =>
[(&(&(uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))],
scope => [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as "cn=ldapmanager,dc=hrnet,dc=de"
failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error:
Can't contact LDAP server
(unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as "cn=ldapmanager,dc=hrnet,dc=de"
[ -- cut here -- ]
---snipp---
So what's wrong ?
Is it that i compiled in --with-ldap AND --with-ldapsam
greets Harry
Possibly Parallel Threads
- Why does this logon-script not work under Win9x ?
- Bug in 2.2.5 ? Configure can't find ldap_start_tls_s ..
- Possibly problem with case of filenames ?
- Patch for 2.2.5 (start_tls with OpenLDAP 2.0.x) is not working ...
- How to debug/fix "err:win32:fixup_imports"