Re: [Samba] Samba cannot contact LDAP server
Disabling SELinux did the trick!! Thank you so much!! > samba@lists.samba.org > > On 7/26/05, Marcin Giedz <[EMAIL PROTECTED]> wrote: >> Dnia wtorek, 26 lipca 2005 04:53, Alex Ward napisa³: >> >> Hello Alex, >> >> Please tell something more about your LDAP configuration - is it working >> at >> all??? Any logs, configuration, linux distro etc. Your samba >> configuration for LDAP seems to be OK ;) so please add some additional >> LDAP >> information. >> >> Marcin >> >> > I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap >> > 2.2.23 to authenticate. Authentication via ldap through the various >> > linux service is working (login, ssh, etc.) via nss. Thus I know that >> > slapd is running and working properly. I used smbldap-tools to >> populate >> > and add test users/groups to the directory, and they worked just fine. >> > But samba, despite being configured correctly, as far as I can tell, >> > cannot even contact LDAP. slapd is running on the loopback interface >> > and logging everything including packets sent. I know from the >> openldap >> > logs that the samba server NEVER contacts the ldap server despite >> having >> > the correct URI (I can see it in the smbd.log file) > > To start testing, turn off SELinux in FC4, as it may be blocking the > communication between Samba and LDAP. Either you do "setenforce 0", or > you edit /etc/sysconfig/selinux, set SELLinux "disabled" and reboot. > > It is very helpful also to install "phpldapadmin", a web interface for > LDAP. It is very easy to install and I find it extremely helpful. In > this way you can easily verify if LDAP is running OK and what is going > on with your accounts. > > Carlos > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba cannot contact LDAP server
samba@lists.samba.org On 7/26/05, Marcin Giedz <[EMAIL PROTECTED]> wrote: > Dnia wtorek, 26 lipca 2005 04:53, Alex Ward napisał: > > Hello Alex, > > Please tell something more about your LDAP configuration - is it working at > all??? Any logs, configuration, linux distro etc. Your samba > configuration for LDAP seems to be OK ;) so please add some additional LDAP > information. > > Marcin > > > I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap > > 2.2.23 to authenticate. Authentication via ldap through the various > > linux service is working (login, ssh, etc.) via nss. Thus I know that > > slapd is running and working properly. I used smbldap-tools to populate > > and add test users/groups to the directory, and they worked just fine. > > But samba, despite being configured correctly, as far as I can tell, > > cannot even contact LDAP. slapd is running on the loopback interface > > and logging everything including packets sent. I know from the openldap > > logs that the samba server NEVER contacts the ldap server despite having > > the correct URI (I can see it in the smbd.log file) To start testing, turn off SELinux in FC4, as it may be blocking the communication between Samba and LDAP. Either you do "setenforce 0", or you edit /etc/sysconfig/selinux, set SELLinux "disabled" and reboot. It is very helpful also to install "phpldapadmin", a web interface for LDAP. It is very easy to install and I find it extremely helpful. In this way you can easily verify if LDAP is running OK and what is going on with your accounts. Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba cannot contact LDAP server
Dnia wtorek, 26 lipca 2005 04:53, Alex Ward napisał: Hello Alex, Please tell something more about your LDAP configuration - is it working at all??? Any logs, configuration, linux distro etc. Your samba configuration for LDAP seems to be OK ;) so please add some additional LDAP information. Marcin > I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap > 2.2.23 to authenticate. Authentication via ldap through the various > linux service is working (login, ssh, etc.) via nss. Thus I know that > slapd is running and working properly. I used smbldap-tools to populate > and add test users/groups to the directory, and they worked just fine. > But samba, despite being configured correctly, as far as I can tell, > cannot even contact LDAP. slapd is running on the loopback interface > and logging everything including packets sent. I know from the openldap > logs that the samba server NEVER contacts the ldap server despite having > the correct URI (I can see it in the smbd.log file) > > Here is the error I'm getting in the logfile... > > [2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726) > Found pdb backend ldapsam > [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))] > [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=neverland,dc=com], filter => > [(&(objectClass=sambaDo > main)(sambaDomainName=neverland))], scope => [2] > [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed > [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://127.0.0.1:389/ > [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as > "cn=Manager > ,dc=neverland,dc=com" > [2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852) > failed to bind to server ldap://127.0.0.1:389/ with > dn="cn=Manager,dc=neverland,dc > =com" Error: Can't contact LDAP server > (unknown) > > The above error repeats over and over about 15 times. > > Here is my smb.conf with comments and share definitions removed > > [global] > > workgroup = NEVERLAND > netbios name = PALERMO > > server string = PALMERO - The wise and mighty domain controller > > passdb backend = ldapsam:ldap://127.0.0.1:389/ > ldap suffix = dc=neverland,dc=com > ldap admin dn = cn=Manager,dc=neverland,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > admin users = root, "@Domain Admins" > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/local/sbin/smbldap-groupmod -x > "%u" "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/local/sbin/smbldap-useradd -w "%m" > > log level = 10 > printcap name = /etc/printcap > load printers = yes > cups options = raw > log file = /var/log/samba/%m.log > max log size = 50 > security = user > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > username map = /etc/samba/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = yes > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > logon path = > logon home = > wins support = yes > dns proxy = no > > > I have been working on this for three days now, and I am about to give > up home and move away from ldap. But I don't want to. Any help is > greatly appreciated! > > Thanks in advance. > > -Al -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba cannot contact LDAP server
Alex, I recommend that you follow, step-by-step, the guidance in the book "Samba-3 by Example", chapter 5. In the technical discussions section you will find detailed guidance for diagnosing your LDAP operability. You can obtain the book from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf In your smb.conf file I do not see mention of the parameter "ldap user suffix" - this is rather important. Please verify that the following commands return valid information: getent passwd getent group - John T. On Monday 25 July 2005 20:53, Alex Ward wrote: > I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap > 2.2.23 to authenticate. Authentication via ldap through the various > linux service is working (login, ssh, etc.) via nss. Thus I know that > slapd is running and working properly. I used smbldap-tools to populate > and add test users/groups to the directory, and they worked just fine. > But samba, despite being configured correctly, as far as I can tell, > cannot even contact LDAP. slapd is running on the loopback interface > and logging everything including packets sent. I know from the openldap > logs that the samba server NEVER contacts the ldap server despite having > the correct URI (I can see it in the smbd.log file) > > Here is the error I'm getting in the logfile... > > [2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726) > Found pdb backend ldapsam > [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394) > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))] > [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [dc=neverland,dc=com], filter => > [(&(objectClass=sambaDo > main)(sambaDomainName=neverland))], scope => [2] > [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed > [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596) > smbldap_open_connection: ldap://127.0.0.1:389/ > [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824) > ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as > "cn=Manager > ,dc=neverland,dc=com" > [2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852) > failed to bind to server ldap://127.0.0.1:389/ with > dn="cn=Manager,dc=neverland,dc > =com" Error: Can't contact LDAP server > (unknown) > > The above error repeats over and over about 15 times. > > Here is my smb.conf with comments and share definitions removed > > [global] > > workgroup = NEVERLAND > netbios name = PALERMO > > server string = PALMERO - The wise and mighty domain controller > > passdb backend = ldapsam:ldap://127.0.0.1:389/ > ldap suffix = dc=neverland,dc=com > ldap admin dn = cn=Manager,dc=neverland,dc=com > ldap ssl = no > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > admin users = root, "@Domain Admins" > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/local/sbin/smbldap-groupmod -x > "%u" "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/local/sbin/smbldap-useradd -w "%m" > > log level = 10 > printcap name = /etc/printcap > load printers = yes > cups options = raw > log file = /var/log/samba/%m.log > max log size = 50 > security = user > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > username map = /etc/samba/smbusers > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = yes > os level = 65 > domain master = yes > preferred master = yes > domain logons = yes > logon path = > logon home = > wins support = yes > dns proxy = no > > > I have been working on this for three days now, and I am about to give > up home and move away from ldap. But I don't want to. Any help is > greatly appreciated! > > Thanks in advance. > > -Al -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba cannot contact LDAP server
I'm setting up a PDC using samba 3.0.14a-2 on fedora 4 with Openldap 2.2.23 to authenticate. Authentication via ldap through the various linux service is working (login, ssh, etc.) via nss. Thus I know that slapd is running and working properly. I used smbldap-tools to populate and add test users/groups to the directory, and they worked just fine. But samba, despite being configured correctly, as far as I can tell, cannot even contact LDAP. slapd is running on the loopback interface and logging everything including packets sent. I know from the openldap logs that the samba server NEVER contacts the ldap server despite having the correct URI (I can see it in the smbd.log file) Here is the error I'm getting in the logfile... [2005/07/25 21:44:51, 5] passdb/pdb_interface.c:make_pdb_methods_name(726) Found pdb backend ldapsam [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_search_domain_info(1394) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=neverland))] [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => [dc=neverland,dc=com], filter => [(&(objectClass=sambaDo main)(sambaDomainName=neverland))], scope => [2] [2005/07/25 21:44:51, 5] lib/smbldap.c:smbldap_close(949) The connection to the LDAP server was closed [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_open_connection(596) smbldap_open_connection: ldap://127.0.0.1:389/ [2005/07/25 21:44:51, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/07/25 21:44:51, 10] lib/smbldap.c:smbldap_connect_system(824) ldap_connect_system: Binding to ldap server ldap://127.0.0.1:389/ as "cn=Manager ,dc=neverland,dc=com" [2005/07/25 21:44:51, 0] lib/smbldap.c:smbldap_connect_system(852) failed to bind to server ldap://127.0.0.1:389/ with dn="cn=Manager,dc=neverland,dc =com" Error: Can't contact LDAP server (unknown) The above error repeats over and over about 15 times. Here is my smb.conf with comments and share definitions removed [global] workgroup = NEVERLAND netbios name = PALERMO server string = PALMERO - The wise and mighty domain controller passdb backend = ldapsam:ldap://127.0.0.1:389/ ldap suffix = dc=neverland,dc=com ldap admin dn = cn=Manager,dc=neverland,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap machine suffix = ou=Computers admin users = root, "@Domain Admins" add user script = /usr/local/sbin/smbldap-useradd -m "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%m" log level = 10 printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon path = logon home = wins support = yes dns proxy = no I have been working on this for three days now, and I am about to give up home and move away from ldap. But I don't want to. Any help is greatly appreciated! Thanks in advance. -Al -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
