Distro : Debian 9 log samba and smb as attachments Le mar. 6 ao?t 2019 ? 09:33, Rowland penny via samba <samba at lists.samba.org> a ?crit :> On 06/08/2019 07:54, Guillaume Couvreur via samba wrote: > > Hello, here are the google logs. > > > > *[2019-08-05 17:04:31,544+0200] [SwingWorker-pool-1-thread-2] [ERROR] > > [plugin.ldap.AbstractLdapHandler] Failed to execute query because the > > object at Base DN: "dc=xxx,dc=xxx" is missing or inaccessible.* > > > > Are there any interesting logs on the samba side? Where can I find them? > > > As you haven't told us which distro you are using, this is a bit > difficult, but typically, they would be in /var/log/samba > > If they are not there, you can find where they are on your DC by running > this: > > samba -b | grep 'LOGFILEBASE' | awk '{print $NF}' > > It may help if you can post the query that is being run. > > Also can you post the smb.conf from the DC > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Guillaume COUVREUR* *Chef de projet technique* guillaume.couvreur at ntico-operation.com 03.66.72.80.79 1A, avenue de l'Harmonie 59650 VILLENEUVE D'ASCQ
On 06/08/2019 08:41, Guillaume Couvreur wrote:> Distro : Debian 9 > > log samba and smb??as attachmentsThe log just tells me that samba_dnsupdate needs looking at. ;-) Try this: Add to the [global] section of smb.conf: ldap server require strong auth = allow_sasl_over_tls Now modify/create /etc/openldap/ldap.conf Add/change: HOST <YOUR_DCs_FQDN> TLS_CACERT /var/lib/samba/private/tls/cert.pem TLS_REQCERT never Restart Samba and try again. If it still doesn't work, can we see 'log.winbindd' Rowland
I can't find /etc/openldap/ldap.conf Le mar. 6 ao?t 2019 ? 10:16, Rowland penny via samba <samba at lists.samba.org> a ?crit :> On 06/08/2019 08:41, Guillaume Couvreur wrote: > > Distro : Debian 9 > > > > log samba and smb as attachments > > The log just tells me that samba_dnsupdate needs looking at. ;-) > > Try this: > > Add to the [global] section of smb.conf: > > ldap server require strong auth = allow_sasl_over_tls > > Now modify/create /etc/openldap/ldap.conf > > Add/change: > > HOST <YOUR_DCs_FQDN> > TLS_CACERT /var/lib/samba/private/tls/cert.pem > TLS_REQCERT never > > Restart Samba and try again. > > If it still doesn't work, can we see 'log.winbindd' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- *Guillaume COUVREUR* *Chef de projet technique* guillaume.couvreur at ntico-operation.com 03.66.72.80.79 1A, avenue de l'Harmonie 59650 VILLENEUVE D'ASCQ
Hai, If its really Debian 9, then i dont think, this is not going to work. >> /etc/openldap/ldap.conf I suggest the following. apt-get install ca-certificates mkdir -p /usr/local/share/ca-certificates/samba-ad-dc ln -s /var/lib/samba/private/tls/cert.pem /usr/local/share/ca-certificates/samba-ad-dc/samba.crt update-ca-certificates /etc/ldap/ldap.conf BASE dc=some,dc=dom,dc=tld URI ldaps://dc1.some.dom.tld ldaps://dc2.some.dom.tld TLS_REQCERT allow # Optional, depending on need add: #BIND_DN = CN=ldapBindUser,OU=Service-Accounts,DC=some,DC=dom,DC=tld #BIND_PW = SomePasshere Something like that. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Guillaume Couvreur via samba > Verzonden: dinsdag 6 augustus 2019 10:23 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] Configuration help > > I can't find /etc/openldap/ldap.conf > > Le mar. 6 ao?t 2019 ? 10:16, Rowland penny via samba > <samba at lists.samba.org> > a ?crit : > > > On 06/08/2019 08:41, Guillaume Couvreur wrote: > > > Distro : Debian 9 > > > > > > log samba and smb as attachments > > > > The log just tells me that samba_dnsupdate needs looking at. ;-) > > > > Try this: > > > > Add to the [global] section of smb.conf: > > > > ldap server require strong auth = allow_sasl_over_tls > > > > Now modify/create /etc/openldap/ldap.conf > > > > Add/change: > > > > HOST <YOUR_DCs_FQDN> > > TLS_CACERT /var/lib/samba/private/tls/cert.pem > > TLS_REQCERT never > > > > Restart Samba and try again. > > > > If it still doesn't work, can we see 'log.winbindd' > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > *Guillaume COUVREUR* > *Chef de projet technique* > guillaume.couvreur at ntico-operation.com > 03.66.72.80.79 > 1A, avenue de l'Harmonie > 59650 VILLENEUVE D'ASCQ > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >