So this got me thinking that maybe a chunk of my problem is with LDAP itself on the server. Executing "slapcat" shows me what I believe to be the correct content, including what looks like appropriate content underneath the following: dn: sambaDomainName=DRBHOME,dc=drbhome,dc=ca That seems to answer the question about whether the domain info is actually there.>> Can you also post the log where it shows asking for the wrong domain.>Now looking for the correct domain, but still throwing an error (leaving off earlier log lines that don't seem to be relevant to the problem, and don't indicate any errors):>[2016/02/18 20:12:07.200064, 2] ../source3/lib/interface.c:341(add_interface) > added interface eth1 ip=192.168.2.1 bcast=192.168.2.255 netmask=255.255.255.0 >[2016/02/18 20:12:07.209878, 3] ../source3/smbd/server.c:1248(main) > loaded services >[2016/02/18 20:12:07.211751, 3] ../source3/smbd/server.c:1280(main) > Becoming a daemon. >[2016/02/18 20:12:07.216706, 2] ../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info)> smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))]>[2016/02/18 20:12:07.222064, 2] ../source3/lib/smbldap.c:794(smbldap_open_connection)>smbldap_open_connection: connection opened>[2016/02/18 20:12:07.228496, 3] ../source3/lib/smbldap.c:1013(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server >[2016/02/18 20:12:07.229369, 2] ../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info) > smbldap_search_domain_info: Problem during LDAPsearch: No such object >[2016/02/18 20:12:07.229595, 2] ../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info) > smbldap_search_domain_info: Query was: dc=drbhome,dc=ca, (&(objectClass=sambaDomain)(sambaDomainName=DRBHOME)) >[2016/02/18 20:12:07.229709, 0] ../source3/passdb/pdb_ldap.c:6529(pdb_ldapsam_init_common) > pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. >[2016/02/18 20:12:07.229806, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) > pdb backend ldapsam did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
On 19/02/16 01:53, Dave Beach wrote:> So this got me thinking that maybe a chunk of my problem is with LDAP itself on the server. Executing "slapcat" shows me what I believe to be the correct content, including what looks like appropriate content underneath the following: > > dn: sambaDomainName=DRBHOME,dc=drbhome,dc=ca > > That seems to answer the question about whether the domain info is actually there. > > >>> Can you also post the log where it shows asking for the wrong domain. >> Now looking for the correct domain, but still throwing an error (leaving off earlier log lines that don't seem to be relevant to the problem, and don't indicate any errors): >> [2016/02/18 20:12:07.200064, 2] ../source3/lib/interface.c:341(add_interface) >> added interface eth1 ip=192.168.2.1 bcast=192.168.2.255 netmask=255.255.255.0 >> [2016/02/18 20:12:07.209878, 3] ../source3/smbd/server.c:1248(main) >> loaded services >> [2016/02/18 20:12:07.211751, 3] ../source3/smbd/server.c:1280(main) >> Becoming a daemon. >> [2016/02/18 20:12:07.216706, 2] ../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info) > > smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))] >> [2016/02/18 20:12:07.222064, 2] ../source3/lib/smbldap.c:794(smbldap_open_connection) > >smbldap_open_connection: connection opened >> [2016/02/18 20:12:07.228496, 3] ../source3/lib/smbldap.c:1013(smbldap_connect_system) >> ldap_connect_system: successful connection to the LDAP server >> [2016/02/18 20:12:07.229369, 2] ../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info) >> smbldap_search_domain_info: Problem during LDAPsearch: No such object >> [2016/02/18 20:12:07.229595, 2] ../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info) >> smbldap_search_domain_info: Query was: dc=drbhome,dc=ca, (&(objectClass=sambaDomain)(sambaDomainName=DRBHOME)) >> [2016/02/18 20:12:07.229709, 0] ../source3/passdb/pdb_ldap.c:6529(pdb_ldapsam_init_common) >> pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. >> [2016/02/18 20:12:07.229806, 0] ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) >> pdb backend ldapsam did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) > >OK, try running this on the Samba/ldap server: ldapsearch -h 127.0.0.1 -D cn=admin,dc=drbhome,dc=ca -w -b "dc=drbhome,dc=ca" -s sub "(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))" sambaDomainName Can you post the result. Rowland
>OK, try running this on the Samba/ldap server:>ldapsearch -h 127.0.0.1 -D cn=admin,dc=drbhome,dc=ca -w -b "dc=drbhome,dc=ca" -s sub "(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))" sambaDomainName>Can you post the result.ldap_bind: Invalid credentials (49) Hm.
Hi Rowland, hi Dave On 11:51:17 wrote Rowland penny:> On 19/02/16 01:53, Dave Beach wrote: > > So this got me thinking that maybe a chunk of my problem is with > > LDAP itself on the server.Yes, you are right. But it is really only a piece of the problem. You are comming from the 3.5 version of samba. Early in 3.6 some things have changed.> > Executing "slapcat" shows me what I > > believe to be the correct content, including what looks like > > appropriate content underneath the following: > > > > dn: sambaDomainName=DRBHOME,dc=drbhome,dc=ca > > > > That seems to answer the question about whether the domain info is > > actually there. > > > >>> Can you also post the log where it shows asking for the wrong > >>> domain. > >> > >> Now looking for the correct domain, but still throwing an error > >> (leaving off earlier log lines that don't seem to be relevant to > >> the problem, and don't indicate any errors): [2016/02/18 > >> 20:12:07.200064, 2] > >> ../source3/lib/interface.c:341(add_interface) > >> > >> added interface eth1 ip=192.168.2.1 bcast=192.168.2.255 > >> netmask=255.255.255.0 > >> > >> [2016/02/18 20:12:07.209878, 3] > >> ../source3/smbd/server.c:1248(main) > >> > >> loaded services > >> > >> [2016/02/18 20:12:07.211751, 3] > >> ../source3/smbd/server.c:1280(main) > >> > >> Becoming a daemon. > >> > >> [2016/02/18 20:12:07.216706, 2] > >> ../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info) > >> > > > smbldap_search_domain_info: Searching > > > for:[(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))] > >> > >> [2016/02/18 20:12:07.222064, 2] > >> ../source3/lib/smbldap.c:794(smbldap_open_connection) > >> > > >smbldap_open_connection: connection opened > >> > >> [2016/02/18 20:12:07.228496, 3] > >> ../source3/lib/smbldap.c:1013(smbldap_connect_system) > >> > >> ldap_connect_system: successful connection to the LDAP server > >> > >> [2016/02/18 20:12:07.229369, 2] > >> ../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info) > >> > >> smbldap_search_domain_info: Problem during LDAPsearch: No such > >> object > >> > >> [2016/02/18 20:12:07.229595, 2] > >> ../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info) > >> > >> smbldap_search_domain_info: Query was: dc=drbhome,dc=ca, > >> (&(objectClass=sambaDomain)(sambaDomainName=DRBHOME)) > >> > >> [2016/02/18 20:12:07.229709, 0] > >> ../source3/passdb/pdb_ldap.c:6529(pdb_ldapsam_init_common) > >> > >> pdb_init_ldapsam: WARNING: Could not get domain info, nor add > >> one to the domain. We cannot work reliably without it.This is the important message from smbd. 1. domain info not found 2. unable to set domain info 3. without domain info this ldap server ist not our auth source Your second migration problem which pops here up, is that the "smblap tools" could not handle "setting domain info" (which is a self join command) and required since early samba 3.6 version. So, to make it fly: Add these two statements ldapsam:trusted = yes ldapsam:editposix = yes to your smb.conf and restart samba. smblap tools are now disabled, even if the "user/group add/del/modify" statements still are in smb.conf. Verify that "domain info" is set. Compare the sid with the output from: net getdomainsid net getlocalsid Some hints: 1. to debug the ldap queries set olcloglevel to 256 aka filter in slapd 2. After the join is successfull disable ldapsam:editposix and restart samba. This is a must have! smbd does not honor some settings (ldap group suffix, ldap idmap suffix, ldap machine suffix, ldap user suffix) in smb.conf. If you have set olcloglevel you can see what happens with tail -f /var/log/syslog 3. if you wish to go with ldapsam:editposix (much faster then smblap tools) you need to move some objects in ldap> >> [2016/02/18 20:12:07.229806, 0] > >> ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) > >> > >> pdb backend ldapsam did not correctly init (error was > >> NT_STATUS_CANT_ACCESS_DOMAIN_INFO) > > OK, try running this on the Samba/ldap server: > > ldapsearch -h 127.0.0.1 -D cn=admin,dc=drbhome,dc=ca -w -b > "dc=drbhome,dc=ca" -s sub > "(&(objectClass=sambaDomain)(sambaDomainName=DRBHOME))" > sambaDomainName > > Can you post the result. > > Rowland-- Regards Harry Jede