On Mon, 2002-11-18 at 20:15, Ignacio Coupeau wrote: > Luciano Di Lucrezia wrote: > > Hello everybody, > > > > after some not-so-successful searching on the mailing list archives, I > > joined this mailing list to report a strange behavior of Samba's I have > > found using the LDAP SAM backend, which hopefully may be of some > > interest to the developers. > > > > I'm using the LDAP backend mainly to have a single source of > > authentication data for Unix and Windows on a server which may someday > > grow to a cluster of servers. I've been experimenting with the two > > versions of Samba available in Debian GNU/Linux (2.2.3 in the "stable" > > branch and 2.999-3.0alpha in the "unstable" branch) > > is better make the tests with the 2.2.6 stable version... > > and both work fine > > even using LDAP over SSL (provided that the client connects to the > > server using only the hostname specified in the server's certificate, > > which has cost me more than 3 weeks of headaches), but there seems to be > > a problem arising when the Samba server and the LDAP server (which in my > > case is OpenLDAP 2.0.23) are not on the same machine. > > it must work fine in different servers... always the startTLS need start > with the server's FQDN or fails, you can use alias but is a bit OT (is > documented in the OpenLdap list). > > > The point is that a lot of connections are made to the LDAP server > > (which may be ok), but some of them are done using the parameters > > contained in smb.conf (which IS ok), and some others look like they are > > made using "hardwired" defaults: namely, host localhost and port 389. > > Actually, if I use a ssh tunnel to forward port 389 locally on the > > "slave" Samba server, authentication works just fine. Otherwise, > > smbclient fails and reports a NT_STATUS_LOGON_FAILURE. > > > > when run the configure --with-ldapsam, brows the output for "start_tls > yes"... if not, the libraries/includes are misplaced.
Just as a note here - in Samba 3.0, configuring --with-ldapsam does not change the use of ldap. Instead, we detect it based on headers etc, and build it as an optional module. However, we changed the parameters around a bit - see 'passdb backend' in smb.conf(5). I re-added the --with-ldapsam option to configure, and now it controls a 'backwards compatibility mode', where we should operate with Samba 2.2 compatible settings. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part