[Samba] Samba 3.x server with LDAP backend doesn't work
We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Is there a documented procedure on how to connect samba users to a backend ldap server? Chapter 5 of Samba 3 by Example http://www.samba.org/samba/docs/man/Samba-Guide/happy.html PDF version: http://www.samba.org/samba/docs/Samba3-ByExample.pdf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. don't forget to set set the ldap password with smbpasswd -w Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. On 05/16/13 11:27, Gollapalli, Prakash wrote: We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
And just to clarify you can use ldapsearch with the samba admin credentials as well? What is the ldap server? (Openldap ?) On 05/16/13 16:44, Gollapalli, Prakash wrote: Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
