Hi! I'm trying to install an ejabberd server on my network. Ejabberd supports LDAP - but when I tried to get it to work, it opened a whole can of worms. Basically where I'm at now, if I use ldapseaerch to try and search for, say, a username - I get NT_STATUS_LOGON_FAILURE - so my question is, does samba have an ldap server build in, or do I need OpenLDAP?
Samba 4.x if configured as an AD domain controller has LDAP server built in. I haven't tested it but it should be OK for authenticating non-samba services. Samba 3.x does not have an internal LDAP server. A samba 3.x can use an external LDAP server (e.g. OpenLDAP or Oracle Directory Server) to store accounts. On 11/24/15 16:41, Jeff Hodson wrote:> Hi! I'm trying to install an ejabberd server on my network. Ejabberd supports LDAP - but when I tried to get it to work, it opened a whole can of worms. > > Basically where I'm at now, if I use ldapseaerch to try and search for, say, a username - I get NT_STATUS_LOGON_FAILURE - so my question is, does samba have an ldap server build in, or do I need OpenLDAP?
On 24/11/15 21:41, Jeff Hodson wrote:> Hi! I'm trying to install an ejabberd server on my network. Ejabberd supports LDAP - but when I tried to get it to work, it opened a whole can of worms. > > Basically where I'm at now, if I use ldapseaerch to try and search for, say, a username - I get NT_STATUS_LOGON_FAILURE - so my question is, does samba have an ldap server build in, or do I need OpenLDAP?In answer to your question, possibly yes and possibly yes :-) You don't tell us what version of Samba you are using or how you have set it up. If it is a version before 4.0.0. then there is no LDAP server builtin. If it is a version from 4.0.0, then there is an LDAP server available, but only if you run Samba as an AD DC. You can also run Samba 4.0.0 onwards just like 3.x.x, in which case you can also use Openldap. You cannot use Samba 4 as an AD DC with Openldap. Rowland
On 24/11/15 23:56, Jeff Hodson wrote:> Ok great! So I'm using the turnkey Linux samba appliance as an ad-dc. It is samba 4.x. > >What you are trying to achieve should be possible, never done it myself, try searching using 'active directory' and 'jabber' in the search terms. Rowland
I've done it with Openfire (Spark), works just fine. On Wed, Nov 25, 2015 at 7:21 AM, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:> On 24/11/15 23:56, Jeff Hodson wrote: > >> Ok great! So I'm using the turnkey Linux samba appliance as an ad-dc. It >> is samba 4.x. >> >> >> > What you are trying to achieve should be possible, never done it myself, > try searching using 'active directory' and 'jabber' in the search terms. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
To perform ldapsearch on AD DC I think you have to authenticate first. As I don't like typing passwords I'm using here GSSAPI to authenticate during LDAP searches. To do that you will need: - kinit to generate a kerberos ticket - GSSAPI libraries (perhaps it's that one Debian 8: libsasl2-modules-gssapi-heimdal, on Centos7 I think you would need cyrus-sasl-gssapi) - the right ldapsearch command: ldapsearch -h <YOUR DC> -v -LLL -b 'OU=Domain Controllers,DC=SAMBA,DC=DOMAIN,DC=TLD' '(objectclass=computer)' dn -Y GSSAPI Hoping this could help... mathias 2015-11-25 10:21 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:> On 24/11/15 23:56, Jeff Hodson wrote: > >> Ok great! So I'm using the turnkey Linux samba appliance as an ad-dc. It >> is samba 4.x. >> >> >> > What you are trying to achieve should be possible, never done it myself, > try searching using 'active directory' and 'jabber' in the search terms. > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >