On Fri, 9 Nov 2018 11:04:49 -0600
dee heffem via samba <samba at lists.samba.org> wrote:
> Hi,
> I'm trying to setup a samba server on Ubuntu 16.04 following the
> docs[1] on the samba wiki.
>
> I have my users in OpenLDAP, along with their Posix attributes.
> They can ssh/sftp to the Linux server and have valid *nix GIDs/UIDs.
>
> I've added the 'passdb backend' and 'ldap suffix' lines
into my
> smb.conf[2] however I'm getting errors[3] in smb.log that the ldap
> server "did not correctly init"
>
> Googling that error message has not turned up anything helpful yet.
> I do not need the samba server to be a domain controller, nor do
> I wish to join my samba server to an AD domain. I just want to
> authenticate users from OpenLDAP as if they were local users so
> they can mount a file share. Is this possible to do?
>
> Thanks
>
>
> [1] docs I'm using
>
https://wiki.samba.org/index.php/Samba_%26_LDAP#Setting_up_PAM_and_NSS_to_use_LDAP
>
>
>
> [2]
> [global]
> workgroup = WORKGROUP
> server string = %h server (Samba, Ubuntu)
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> server role = standalone server
> passdb backend = tdbsam
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> usershare allow guests = yes
>
> passdb backend = ldapsam:ldap://ldap1.my.org
> ldap suffix = dc=my,dc=org
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> guest ok = no
> read only = yes
> create mask = 0700
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> read only = yes
> guest ok = no
>
> [Finance]
> comment = Files for Finance
> path = /mnt/finance/files
> browseable = yes
> read only = yes
> guest ok = no
>
>
>
> [3]
> pdb backend ldapsam:ldap://ldap1.my.org did not correctly init
> (error was NT_STATUS_NO_MEMORY)
> [2018/11/09 10:49:31.794461, 0]
> ../source3/passdb/secrets.c:365(fetch_ldap_pw)
> fetch_ldap_pw: neither ldap secret retrieved!
> [2018/11/09 10:49:31.794526, 0]
> ../source3/passdb/pdb_ldap.c:6433(pdb_init_ldapsam_common)
> pdb_init_ldapsam_common: Failed to retrieve LDAP password from
> secrets.tdb [2018/11/09 10:49:31.794546, 0]
> ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
> pdb backend ldapsam:ldap://ldap1.my.org did not correctly init
> (error was NT_STATUS_NO_MEMORY)
Did you run smbpasswd -w <ldap-password> ?
You also need more ldap lines in smb.conf and have you added the
samba.schema to ldap ?
You could try reading this:
https://wiki.samba.org/index.php/Ldapsam_Editposix
Having said that, there isn't that much difference between
Your standalone server with ldap and an NT4-style PDC and I wouldn't
set up a new one of either. There are numerous problems against the use
of either, coupled with the fact that it is just easier to set up a new
Samba AD DC.
Rowland