[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Samba failed to bind Ldap

To: Buchan Milne <bgmilne@staff.telkomsa.net>
Subject: Re: Samba failed to bind Ldap
From: Emil Sicad - ISD <e_sicad@fcb.mitsumi.co.jp>
Date: Thu, 27 Nov 2008 08:09:49 +0800
Cc: openldap-technical@openldap.org
In-reply-to: <200811261725.30609.bgmilne@staff.telkomsa.net>
References: <492CFB5A.5060501@fcb.mitsumi.co.jp> <200811261725.30609.bgmilne@staff.telkomsa.net>
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Sir,

Good Day!

Below is my smb.conf and slapd.conf file

################ smb.conf ################################ [global] workgroup = FCB.NET realm = FCB.NET netbios aliases = smbldap.fcb.net server string = FCB File Sharing log file = /var/log/samba/log.%m max log size = 500 log level = 2 encrypt passwords = yes passwd program = /usr/local/sbin/smbldap-passwd -o %u socket options = TCP_NODELAY interfaces = eth0 local master = yes preferred master = yes passdb backend = ldapsam domain logons = yes keepalive = 10 os level = 64 ldap passwd sync = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 valid users = isd add user script = /usr/local/sbin/smbldap-useradd -a -m "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add user to group script = /usr/local/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-groupmod -g "%g" "%u" add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add machine script = /usr/local/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false -g 'Domain Computers' '%u' passdb backend = ldapsam:ldaps://127.0.0.1/ ldap ssl = on ldap passwd sync = yes ldap admin dn = cn=Manager,dc=fcb,dc=net ldap delete dn = yes ldap suffix = dc=fcb,dc=net #ldap machine suffix = ou=Computers #ldap users suffix = dc=fcb,dc=net #ldap group suffix = ou=Groups

wins support = yes dos charset = 850 dns proxy = no unix charset = ISO8859-1 logon script = %U.bat [netlogon] comment = Domain Logon Service path = /home/netlogon browseable = No

[ISD]
   comment = Information Systems Division
   path = /home/isd
   valid users = @isd
   read only = No
   create mask = 0660
   directory mask = 0770

[profiles]
   path = /home/samba/profiles
   valid users = %U, "@Domain Admins"
   force user = %U
   read only = No
   create mask = 0600
   directory mask = 0700
   guest ok = Yes
   profile acls = Yes
   browseable = No
   csc policy = disable

########################## slapd.conf ##########################################

include            /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

allow bind_v2

pidfile        /usr/local/var/run/slapd.pid
argsfile    /usr/local/var/run/slapd.args

database    bdb
directory     /var/lib/ldap

suffix          "dc=fcb.net,dc=."
rootdn          "cn=Manager,dc=fcb.net,dc=."


#inserted at 5pm
#limits dn="cn=Manager,dc=fcb,dc=net"
#size.soft=-1
#size.hard=soft

index    objectClass,uidNumber,gidNumber                   eq
index   cn,sn,uid,displayName                       eq,pres,sub
index   memberUid,mail,givenname                       eq,subinitial
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName  eq

rootpw    {SSHA}9c6LGBMLZeqDoEQfDT0lBIlvTw0GYu3k

access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange by dn.children="dc=fcb.net,dc=." write by self write by anonymous auth by * none

access to *
   by dn.children="dc=fcb.net,dc=." write
   by * read

########## E N D############

Thanks,

Emil Sicad

Buchan Milne wrote:

On Wednesday 26 November 2008 09:31:38 Emil Sicad - ISD wrote:

Good day to all,

Im new to LDAP,  I've been working with SAMBA-LDAP implem.
and i have these messages logs:


Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing
Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism
available
Nov 25 17:56:59 smbldap ldap: slapd startup succeededs
Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0]
lib/smbldap.c:smbldap_connect_system(850)
Nov 25 17:57:07 smbldap smbd[9987]:   failed to bind to server with dn=
cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server
Nov 25 17:57:07 smbldap smbd[9987]:       (unknown)
Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0]
lib/smbldap.c:smbldap_search_suffix(1155)
Nov 25 17:57:23 smbldap smbd[9987]:   smbldap_search_suffix: Problem
during the LDAP search: (unknown) (Timed out)

Question 1) Is my ldap working fine?


Can't tell, your ldap logging may not be high enough.

2) Why can't samba bind to Ldap?

You didn't include any of your samba (ldap-related) configuration, and that would really be more relevant on a samba list.

Regards,
Buchan

References:
- Samba failed to bind Ldap
  - From: Emil Sicad - ISD <e_sicad@fcb.mitsumi.co.jp>
- Re: Samba failed to bind Ldap
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: schema design and schema restrictions
Next by Date: Re: Samba failed to bind Ldap
Index(es):
- Chronological
- Thread