Hi
I've just upgraded Samba on Solaris 10 from the bundled version (3.0.33)
to 3.4.0 and winbind don't want to cooperate with LDAP as idmap backend
anymore.
The smb.conf I use is:
[global]
workgroup = CORPROOT
netbios name = usonfs
security = domain
log level = 10
preferred master = no
bind interfaces only = yes
interfaces = usonfs
password server = sg000057.corproot.net sg1006z.corproot.net
winbind uid = 20000-21000
winbind gid = 20000-21000
winbind enum users = no
winbind enum groups = no
# Using ldap server as winbindd backend
idmap backend = ldap:ldap://usoldap01.swissptt.ch
ldap:ldap://usoldap02.swissptt.ch
ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch
ldap idmap suffix = ou=idmap
ldap suffix = dc=swissptt,dc=ch
I compiled Samba myself: configure; make; make install.
It must be something obvious I'm overlooking I hope somebody could
point it out.
Running winbindd as:
/usr/local/samba/sbin/winbindd -d 3 -i -n
I see those messages:
[ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984
idmap_init: using 'ldap' as remote backend
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 1 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 3 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 5 try!
Failed to issue the StartTLS instruction: Connect error
Connection to LDAP server failed for the 7 try!
Thanks for your time.
Regards,
Chris
ldap ssl = off On Thu, 13 Aug 2009 23:26:37 +0200, Chris Osicki <osk at admin.swisscom-mobile.ch> wrote:> Hi > > I've just upgraded Samba on Solaris 10 from the bundled version (3.0.33) > to 3.4.0 and winbind don't want to cooperate with LDAP as idmap backend > anymore. > > The smb.conf I use is: > > [global] > workgroup = CORPROOT > netbios name = usonfs > security = domain > log level = 10 > preferred master = no > bind interfaces only = yes > interfaces = usonfs > > password server = sg000057.corproot.net sg1006z.corproot.net > winbind uid = 20000-21000 > winbind gid = 20000-21000 > winbind enum users = no > winbind enum groups = no > > # Using ldap server as winbindd backend > idmap backend = ldap:ldap://usoldap01.swissptt.ch > ldap:ldap://usoldap02.swissptt.ch > ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch > ldap idmap suffix = ou=idmap > ldap suffix = dc=swissptt,dc=ch > > I compiled Samba myself: configure; make; make install. > > It must be something obvious I'm overlooking I hope somebody could > point it out. > > Running winbindd as: > > /usr/local/samba/sbin/winbindd -d 3 -i -n > > I see those messages: > > [ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984 > idmap_init: using 'ldap' as remote backend > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 1 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 3 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 5 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 7 try! > > > Thanks for your time. > > Regards, > Chris
A big change in ldap usage documented only in the man pages. For 3.3.7 I had to change from this idmap backend = ldap:ldap://niairpfiler1.grc.nia.nih.gov ldap:ldap:// niairpfiler2.grc.nia.nih.gov to this ldap ssl = no idmap backend = ldap:ldap://ldapserv1 idmap alloc backend = ldap idmap alloc config : ldap_user_dn = cn=Manager,dc=X,dc=X idmap alloc config : ldap_base_dn = ou=People,dc=X,dc=X idmap alloc config : ldap_url = ldap://ldapserv2 you have to set your alloc password separately with net idmap command. In my case CentOS 5.3 openldap does not do multimaster, ldapserv1 is master and ldapserv2 is slave. I ended up rolling back to 3.0.3 for other issues. Regardless of quoting etc, 3.3.7 did not support multiple ldapservers listed on the idmap backend line. On Aug 13, 2009, at 5:26 PM, Chris Osicki wrote:> Hi > > I've just upgraded Samba on Solaris 10 from the bundled version > (3.0.33) > to 3.4.0 and winbind don't want to cooperate with LDAP as idmap > backend > anymore. > > The smb.conf I use is: > > [global] > workgroup = CORPROOT > netbios name = usonfs > security = domain > log level = 10 > preferred master = no > bind interfaces only = yes > interfaces = usonfs > > password server = sg000057.corproot.net sg1006z.corproot.net > winbind uid = 20000-21000 > winbind gid = 20000-21000 > winbind enum users = no > winbind enum groups = no > > # Using ldap server as winbindd backend > idmap backend = ldap:ldap://usoldap01.swissptt.ch ldap:ldap:// > usoldap02.swissptt.ch > ldap admin dn = uid=idmapadm,ou=idmap,dc=swissptt,dc=ch > ldap idmap suffix = ou=idmap > ldap suffix = dc=swissptt,dc=ch > > I compiled Samba myself: configure; make; make install. > > It must be something obvious I'm overlooking I hope somebody could > point it out. > > Running winbindd as: > > /usr/local/samba/sbin/winbindd -d 3 -i -n > > I see those messages: > > [ 8286]: sid to uid S-1-5-21-796845957-1547161642-839522115-187984 > idmap_init: using 'ldap' as remote backend > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 1 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 3 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 5 try! > Failed to issue the StartTLS instruction: Connect error > Connection to LDAP server failed for the 7 try! > > > Thanks for your time. > > Regards, > Chris > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba