[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: samba ldap

To: Kaushal Shriyan <kaushalshriyan@gmail.com>
Subject: Re: samba ldap
From: Zdenek Styblik <stybla@turnovfree.net>
Date: Wed, 28 Oct 2009 19:42:33 +0100
Cc: Brett Maxfield <brett.maxfield@gmail.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <6b16fb4c0910281130i10c69600kae7ceac83f82a351@mail.gmail.com>
Openpgp: url=http://stinkfoot.org:11371/pks/lookup?op=index&search=Styblik
Organization: OS TurnovFree.net
References: <57E4E4D6-F795-489B-A110-C3B48B509A60@gmail.com> <6b16fb4c0910280836ib53819bo79409c327ca184e6@mail.gmail.com> <4AE8885D.6050103@turnovfree.net> <6b16fb4c0910281114j55597e76g8e9d149ca716818c@mail.gmail.com> <4AE88C9D.20600@turnovfree.net> <6b16fb4c0910281130i10c69600kae7ceac83f82a351@mail.gmail.com>
User-agent: Thunderbird 2.0.0.23 (X11/20090820)

Kaushal Shriyan wrote:
> On Wed, Oct 28, 2009 at 11:55 PM, Zdenek Styblik <stybla@turnovfree.net> wrote:
>> Kaushal Shriyan wrote:
>>> On Wed, Oct 28, 2009 at 11:37 PM, Zdenek Styblik <stybla@turnovfree.net> wrote:
>>>> Kaushal Shriyan wrote:
>>>>> On Wed, Oct 28, 2009 at 5:17 AM, Brett Maxfield
>>>>> <brett.maxfield@gmail.com> wrote:
>>>>>> The log from samba says ldap: where's your test command says ldaps: maybe
>>>>>> try ldap: from test command in case you only listen for ssl?
>>>>>>
>>>>>> On 27/10/2009, at 7:28 PM, Kaushal Shriyan <kaushalshriyan@gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am following https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html
>>>>>>> and ldap works perfectly fine.
>>>>>>> I have issues with connecting to ldap from samba.
>>>>>>>
>>>>>>> I get
>>>>>>>
>>>>>>> [2009/10/27 12:37:28, 1] lib/smbldap.c:another_ldap_try(1153)
>>>>>>> Connection to LDAP server failed for the 9 try!
>>>>>>> [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_open_connection(786)
>>>>>>> smbldap_open_connection: connection opened
>>>>>>> [2009/10/27 12:37:29, 2] lib/smbldap.c:smbldap_connect_system(982)
>>>>>>> failed to bind to server ldap://localhost/ with
>>>>>>> dn="cn=admin,dc=mt,dc=webaroo,dc=com" Error: Can't contact LDAP server
>>>>>>>     (unknown)
>>>>>>>
>>>>>>> I have ldapserver running on the same server as samba server is
>>>>>>> running. when i run ldapsearch -x -H ldaps://localhost. I am able to
>>>>>>> see the user details.
>>>>>>> Please let me know if anyone needs configs and additional information.
>>>>>>> Also when i run smbldap-populate, i get
>>>>>>> http://paste.ubuntu.com/302630/
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Kaushal
>>>>> Hi,
>>>>>
>>>>> Below are my configs.
>>>>>
>>>>> http://pastebin.com/dcb24c87 ---> ldap.conf
>>>>> http://pastebin.com/d721f0d4d ---> slapd.conf
>>>>> http://pastebin.com/d102cbfc5 --->samba.conf
>>>>> http://pastebin.com/d4a02b874 --> smbldap.conf
>>>>> http://pastebin.com/d716fddc0 ---> smbldap_bind.conf
>>>>>
>>>>> I am running both ldap and samba server on the same host running on
>>>>> ubuntu 8.04 Hardy server. I am following
>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html. I get the
>>>>> below issue when i run smbldap-populate I get
>>>>> http://pastebin.com/d30ed0db6.
>>>>>
>>>>> Please let me know if anyone needs more information.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Kaushal
>>>> As three of already pointed out, the error is probably in ldap X ldaps.
>>>> I recommend you to read smbldap.conf carefully.
>>>>
>>>> --- snip ---
>>>> masterLDAP="127.0.0.1"
>>>>
>>>> #
>>>> # Use TLS for LDAP
>>>> #
>>>> # If set to 1, this option will use start_tls for connection
>>>> #
>>>> # (you should also used the port 636)
>>>> #
>>>> # If not defined, parameter is set to "1"
>>>> #
>>>> ldapTLS="0"
>>>> #
>>>> ldapSSL="1"
>>>> ------------
>>>>
>>>> It should be obvious (yes, set ldapSSL=0; set ldapTLS=1).
>>>>
>>>> btw your configs don't show whether is LDAP listening - is it port 389,
>>>> or 636? Or better, it would be great to show parameters passed to # slapd;
>>> Hi Zdenek Styblik
>>>
>>> My slapd is running on port 636. so is it ldapSSL=1; set ldapTLS=0 ?
>>>
>>> Please suggest/guide.
>>>
>>> Thanks,
>>>
>>> Kaushal
>> Try ldapSSL=0 + ldapTLS=1; as ldapSSL would be required for slapd
>> listening at 389, imho.
>> Check the log, if:
>>> failed to bind to server ldap://localhost/ with
>> got changed to:
>>> .... bind to server ldaps://localhost/ ....
>> Zdenek
>>
>> --
>> Zdenek Styblik
>> Net/Linux admin
>> OS TurnovFree.net
>> email: stybla@turnovfree.net
>> jabber: stybla@jabber.turnovfree.net
>>
> 
> Hi Zdenek,
> 
> I changed as suggested by you
> I get http://pastebin.com/d26f0e671
> 
> Any further ideas.
> 
> Thanks,
> 
> Kaushal

And if you set both ldapSSL + ldapTLS = 0?
Also, some logs from samba, or ldap would be great. This output is just
non-saying, sorry.

Zdenek

-- 
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net

References:
- Re: samba ldap
  - From: Brett Maxfield <brett.maxfield@gmail.com>
- Re: samba ldap
  - From: Kaushal Shriyan <kaushalshriyan@gmail.com>
- Re: samba ldap
  - From: Zdenek Styblik <stybla@turnovfree.net>
- Re: samba ldap
  - From: Kaushal Shriyan <kaushalshriyan@gmail.com>
- Re: samba ldap
  - From: Zdenek Styblik <stybla@turnovfree.net>
- Re: samba ldap
  - From: Kaushal Shriyan <kaushalshriyan@gmail.com>

Prev by Date: Re: samba ldap
Next by Date: Re: Which overlays are present in my openldap server ?
Index(es):
- Chronological
- Thread