Luciano Di Lucrezia wrote:
Hello everybody,
after some not-so-successful searching on the mailing list archives, I
joined this mailing list to report a strange behavior of Samba's I have
found using the LDAP SAM backend, which hopefully may be of some
interest to the developers.
I'm using the LDAP backend mainly to have a single source of
authentication data for Unix and Windows on a server which may someday
grow to a cluster of servers. I've been experimenting with the two
versions of Samba available in Debian GNU/Linux (2.2.3 in the "stable"
branch and 2.999-3.0alpha in the "unstable" branch)
is better make the tests with the 2.2.6 stable version...
and both work fine
it must work fine in different servers... always the startTLS need start with the server's FQDN or fails, you can use alias but is a bit OT (is documented in the OpenLdap list).even using LDAP over SSL (provided that the client connects to the server using only the hostname specified in the server's certificate, which has cost me more than 3 weeks of headaches), but there seems to be a problem arising when the Samba server and the LDAP server (which in my case is OpenLDAP 2.0.23) are not on the same machine.
when run the configure --with-ldapsam, brows the output for "start_tls yes"... if not, the libraries/includes are misplaced.The point is that a lot of connections are made to the LDAP server (which may be ok), but some of them are done using the parameters contained in smb.conf (which IS ok), and some others look like they are made using "hardwired" defaults: namely, host localhost and port 389. Actually, if I use a ssh tunnel to forward port 389 locally on the "slave" Samba server, authentication works just fine. Otherwise, smbclient fails and reports a NT_STATUS_LOGON_FAILURE.
Also you can test an <ldap_distribution>/bin/ldapsearch -ZZ -h <FQDN_server_name> ...
if this fails, your problem is the ldap distribution/libs/binaries.
--
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: [EMAIL PROTECTED]
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
