Re: [Samba] Samba LDAP timeout
Adam Tauno Williams wrote: I've never used Ubuntu; but I'd be surprised your Samba is really built without SSL support, in fact, I think it is really your libldap that is in question. Are you setting " ldap ssl = start_tls" ??? Don't use an "ldaps:///" URL. If you LDAP server is local just use ldapi:/// with is faster anyway and you don't need any encryption. After some more research and talking to people at Ubuntu forums, it turns out that (due to licensing issues?) Ubuntu OpenSSL packages are way behind the current revision. libldap is likewise several revisions behind. The solution is simply to build from scratch. Note that I would recommend building from the official OpenLDAP tarballs rather than the Ubuntu source packages because there are known security flaws in the old sources Ubuntu uses. Oddly, Debian seems to be on top of the issue and has the latest stable libldap in their repos. Thanks for the help and advice, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP timeout
Adam Tauno Williams wrote: I've never used Ubuntu; but I'd be surprised your Samba is really built without SSL support, in fact, I think it is really your libldap that is in question. ldd /usr/lib/libldap.so reveals that it is not linked to libssl, while it is on the server that has this working. Are you setting " ldap ssl = start_tls" ??? Don't use an "ldaps:///" URL. I have tried all combinations of ldap://, ldaps://, ssl = on, ssl = start_tls. All variations yield similar results. If you LDAP server is local just use ldapi:/// with is faster anyway and you don't need any encryption. Unfortunately, it is not local. I've started a thread on Ubuntu forums. If I learn anything useful I'll post it here. Thanks for the thoughts. -- http://www.0x09.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP timeout
> It now works without SSL. With SSL is a different issue. > [2005/07/06 10:48:24, 1] lib/smbldap.c:another_ldap_try(990) >Connection to LDAP server failed for the 10 try! > [2005/07/06 10:48:25, 1] lib/smbldap.c:another_ldap_try(990) >Connection to LDAP server failed for the 11 try! > [2005/07/06 10:48:26, 1] lib/smbldap.c:another_ldap_try(990) >Connection to LDAP server failed for the 12 try! > [2005/07/06 10:48:27, 1] lib/smbldap.c:another_ldap_try(990) >Connection to LDAP server failed for the 13 try! > [2005/07/06 10:48:29, 0] lib/smbldap.c:smbldap_search_suffix(1155) >smbldap_search_suffix: Problem during the LDAP search: (unknown) > (Timed out) > It appears that SSL may not be compiled into Samba, as there is no > libssl.so listing in "ldd /usr/sbin/smbd". While I could compile from > source, this would slightly complicate long term maitenance of the > server. Does anyone have advice for using SSL with Samba/LDAP on Ubuntu > Hoary? I've never used Ubuntu; but I'd be surprised your Samba is really built without SSL support, in fact, I think it is really your libldap that is in question. Are you setting " ldap ssl = start_tls" ??? Don't use an "ldaps:///" URL. If you LDAP server is local just use ldapi:/// with is faster anyway and you don't need any encryption. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP timeout
Adam Tauno Williams wrote: [2005/07/06 09:26:35, 0] lib/smbldap.c:smbldap_connect_system(812) ldap_connect_system: Failed to retrieve password from secrets.tdb <- Did you set the LDAP bind password? Yes! That did the trick. Thank you very much. I shouldn't have overlooked something so simple. It now works without SSL. With SSL is a different issue. [2005/07/06 10:48:24, 1] lib/smbldap.c:another_ldap_try(990) Connection to LDAP server failed for the 10 try! [2005/07/06 10:48:25, 1] lib/smbldap.c:another_ldap_try(990) Connection to LDAP server failed for the 11 try! [2005/07/06 10:48:26, 1] lib/smbldap.c:another_ldap_try(990) Connection to LDAP server failed for the 12 try! [2005/07/06 10:48:27, 1] lib/smbldap.c:another_ldap_try(990) Connection to LDAP server failed for the 13 try! [2005/07/06 10:48:29, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) It appears that SSL may not be compiled into Samba, as there is no libssl.so listing in "ldd /usr/sbin/smbd". While I could compile from source, this would slightly complicate long term maitenance of the server. Does anyone have advice for using SSL with Samba/LDAP on Ubuntu Hoary? Thanks again, Ian -- http://www.0x09.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP timeout
> [2005/07/06 09:26:35, 0] lib/smbldap.c:smbldap_connect_system(812) > ldap_connect_system: Failed to retrieve password from secrets.tdb > <- Did you set the LDAP bind password? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba LDAP timeout
Hi, Have you stored your bind DN ldap password with smbpasswd -w ? Best regards, Bruno Guerreiro -Original Message- From: Ian Smith-Heisters [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 6 de Julho de 2005 15:12 To: samba@lists.samba.org Subject: [Samba] Samba LDAP timeout Hello, I'm having trouble configuring an Ubuntu Hoary Samba server to use LDAP for authentication (the server is named "dixie"). I'm basing my configuration on another server here at work that connects just fine. When I try to just list samba shares on dixie with $ smbclient -L dixie -U faker It takes quite some time for the request to go through before failing. Looking at the log file reveals that it can't access the ldap server: [2005/07/06 09:26:35, 0] lib/smbldap.c:smbldap_connect_system(812) ldap_connect_system: Failed to retrieve password from secrets.tdb [2005/07/06 09:26:35, 1] lib/smbldap.c:another_ldap_try(990) Connection to LDAP server failed for the 15 try! [2005/07/06 09:26:37, 0] lib/smbldap.c:fetch_ldap_pw(312) fetch_ldap_pw: neither ldap secret retrieved! [2005/07/06 09:26:37, 0] lib/smbldap.c:smbldap_connect_system(812) ldap_connect_system: Failed to retrieve password from secrets.tdb [2005/07/06 09:26:37, 0] lib/smbldap.c:smbldap_search_suffix(1155) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) But from a shell on dixie I /can/ do ldap requests: $ ldapsearch uid=faker -b "ou=people,dc=marlboro,dc=edu" -h ldap.marlboro.edu -x # extended LDIF # # LDAPv3 # base with scope sub # filter: uid=faker # requesting: ALL # # faker, people, marlboro.edu dn: uid=faker,ou=people,dc=marlboro,dc=edu objectClass: eduMarlboroPerson objectClass: posixAccount objectClass: radiusProfile objectClass: sambaSamAccount sn: Fakerson givenName: Faker cn: Faker Fakerson displayName: Faker Fakerson gecos: Faker Fakerson uid: faker mail: [EMAIL PROTECTED] loginShell: /bin/bash uidNumber: 11702 homeDirectory: /home/guest/faker dialupAccess: TRUE eduMarlboroJobDescription: This is a fake job description. The quick brown fox jumped over the lazy dog. eduMarlboroNetworkAccess: false gidNumber: 50004 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 The ldap portion of my smb.conf is exactly the same as it is in the server where this works: security = user encrypt passwords = true passdb backend = ldapsam:ldaps://ldap.marlboro.edu ldap ssl = yes ldap suffix = dc=marlboro,dc=edu ldap user suffix = ou=people ldap admin dn = "cn=smbadmin,ou=People,dc=marlboro,dc=edu" ldap delete dn = no ldap filter = (|(&(objectclass=posixAccount)(uid=%u)(|(gidNumber=50001)(gidNumber=50003))( !(eduMarlboroNetworkAccess=false)))(&(objectclass=posixAccount)(uid=%u)(!(gi dNumber=50001))(!(gidNumber=50003))(eduMarlboroNetworkAccess=true))) obey pam restrictions = yes I've tried setting SSL to no and the backend to "ldapsam:ldap://ldap.marlboro.edu";, but it has no effect on the connectivity. Is there a related configuration setting that I'm overlooking? Samba /is/ compiled to use ldap: $ ldd /usr/sbin/smbd | grep ldap libldap.so.2 => /usr/lib/libldap.so.2 (0xb7fb1000) Any help on this matter would be greatly appreciated. Thanks much. -Ian Smith-Heisters -- http://www.0x09.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
