samba - May 2016 - Samba4 / Open LDAP init DB

Hi,

I have been able to successfully install Samba4 and OpenLDAP and connect 
them via SSL. The file samba.schema is also loaded into OpenLDAP, but 
when I start samba server it looks like it is expecting some basic 
structure. My Question at this point is how to provide this the easisest 
way? Currently the OpenLDAP DB is entirely empty (virgin) so Samba4 
could create anything it needs.

cat /var/log/samba4/log.smbd
[...]
   smbldap_open_connection: connection opened
[2016/05/17 19:24:34.065158,  3] 
../source3/lib/smbldap.c:1013(smbldap_connect_system)
   ldap_connect_system: successful connection to the LDAP server
[2016/05/17 19:24:34.065319,  2] 
../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info)
   smbldap_search_domain_info: Problem during LDAPsearch: No such object
[2016/05/17 19:24:34.065340,  2] 
../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info)
   smbldap_search_domain_info: Query was: dc=MYDOMAIN,dc=LocalDomain, 
(&(objectClass=sambaDomain)(sambaDomainName=STORAGE-03))
[2016/05/17 19:24:34.065359,  0] 
../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to 
the domain. We cannot work reliably without it.
[2016/05/17 19:24:34.065485,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
   pdb backend ldapsam:"ldap://127.0.0.1/ 
ldap://Storage-03.MYDOMAIN.LocalDomain/" did not correctly init (error 
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)


cat /usr/local/etc/smb4.conf

[global]

   # Basic server settings
   workgroup          = MYDOMAIN
   realm              = MYDOMAIN.LOCALDOMAIN
   netbios name       = STORAGE-03

   # Password backend
   passdb backend         = ldapsam:"ldap://127.0.0.1/ 
ldap://Storage-03.MYDOMAIN.LocalDomain/"
   ldap admin dn          = cn=admin,dc=MYDOMAIN,dc=LocalDomain
   ldap suffix            = dc=MYDOMAIN,dc=LocalDomain
   idmap_ldb:use rfc2307  = Yes
   encrypt passwords      = yes
   invalid users          = root
[...]

On 17/05/16 18:27, Leander Schäfer wrote:
> Hi,
>
> I have been able to successfully install Samba4 and OpenLDAP and 
> connect them via SSL. The file samba.schema is also loaded into 
> OpenLDAP, but when I start samba server it looks like it is expecting 
> some basic structure. My Question at this point is how to provide this 
> the easisest way? Currently the OpenLDAP DB is entirely empty (virgin) 
> so Samba4 could create anything it needs.
>
> cat /var/log/samba4/log.smbd
> [...]
>   smbldap_open_connection: connection opened
> [2016/05/17 19:24:34.065158,  3] 
> ../source3/lib/smbldap.c:1013(smbldap_connect_system)
>   ldap_connect_system: successful connection to the LDAP server
> [2016/05/17 19:24:34.065319,  2] 
> ../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info)
>   smbldap_search_domain_info: Problem during LDAPsearch: No such object
> [2016/05/17 19:24:34.065340,  2] 
> ../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info)
>   smbldap_search_domain_info: Query was: dc=MYDOMAIN,dc=LocalDomain, 
> (&(objectClass=sambaDomain)(sambaDomainName=STORAGE-03))
> [2016/05/17 19:24:34.065359,  0] 
> ../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
>   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to 
> the domain. We cannot work reliably without it.
> [2016/05/17 19:24:34.065485,  0] 
> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
>   pdb backend ldapsam:"ldap://127.0.0.1/ 
> ldap://Storage-03.MYDOMAIN.LocalDomain/" did not correctly init (error
> was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
>
>
> cat /usr/local/etc/smb4.conf
>
> [global]
>
>   # Basic server settings
>   workgroup          = MYDOMAIN
>   realm              = MYDOMAIN.LOCALDOMAIN
>   netbios name       = STORAGE-03
>
>   # Password backend
>   passdb backend         = ldapsam:"ldap://127.0.0.1/ 
> ldap://Storage-03.MYDOMAIN.LocalDomain/"
>   ldap admin dn          = cn=admin,dc=MYDOMAIN,dc=LocalDomain
>   ldap suffix            = dc=MYDOMAIN,dc=LocalDomain
>   idmap_ldb:use rfc2307  = Yes
>   encrypt passwords      = yes
>   invalid users          = root
> [...]
>
>
Hmm, what are you trying to achieve, an NT4-style PDC or an AD DC ?

If the first, you will need to remove these lines:

realm              = MYDOMAIN.LOCALDOMAIN
idmap_ldb:use rfc2307  = Yes

If you want to set up an AD DC, you will need to remove openldap, it is 
(at the moment, this could change though) incompatible with the LDAP 
built into a Samba AD DC.

Lets sort out just what you want and then move on from there.

Rowland