Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba4 / Open LDAP init DB
829 views
Skip to first unread message
Leander Schäfer
May 17, 2016, 2:00:04 PM5/17/16
to
Hi,
I have been able to successfully install Samba4 and OpenLDAP and connect
them via SSL. The file samba.schema is also loaded into OpenLDAP, but
when I start samba server it looks like it is expecting some basic
structure. My Question at this point is how to provide this the easisest
way? Currently the OpenLDAP DB is entirely empty (virgin) so Samba4
could create anything it needs.
cat /var/log/samba4/log.smbd
[...]
smbldap_open_connection: connection opened
[2016/05/17 19:24:34.065158, 3]
../source3/lib/smbldap.c:1013(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
[2016/05/17 19:24:34.065319, 2]
../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info)
smbldap_search_domain_info: Problem during LDAPsearch: No such object
[2016/05/17 19:24:34.065340, 2]
../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info)
smbldap_search_domain_info: Query was: dc=MYDOMAIN,dc=LocalDomain,
(&(objectClass=sambaDomain)(sambaDomainName=STORAGE-03))
[2016/05/17 19:24:34.065359, 0]
../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain. We cannot work reliably without it.
[2016/05/17 19:24:34.065485, 0]
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ldapsam:"ldap://127.0.0.1/
ldap://Storage-03.MYDOMAIN.LocalDomain/" did not correctly init (error
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
cat /usr/local/etc/smb4.conf
[global]
# Basic server settings
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCALDOMAIN
netbios name = STORAGE-03
# Password backend
passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://Storage-03.MYDOMAIN.LocalDomain/"
ldap admin dn = cn=admin,dc=MYDOMAIN,dc=LocalDomain
ldap suffix = dc=MYDOMAIN,dc=LocalDomain
idmap_ldb:use rfc2307 = Yes
encrypt passwords = yes
invalid users = root
[...]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have been able to successfully install Samba4 and OpenLDAP and connect
them via SSL. The file samba.schema is also loaded into OpenLDAP, but
when I start samba server it looks like it is expecting some basic
structure. My Question at this point is how to provide this the easisest
way? Currently the OpenLDAP DB is entirely empty (virgin) so Samba4
could create anything it needs.
cat /var/log/samba4/log.smbd
[...]
smbldap_open_connection: connection opened
[2016/05/17 19:24:34.065158, 3]
../source3/lib/smbldap.c:1013(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
[2016/05/17 19:24:34.065319, 2]
../source3/passdb/pdb_ldap_util.c:287(smbldap_search_domain_info)
smbldap_search_domain_info: Problem during LDAPsearch: No such object
[2016/05/17 19:24:34.065340, 2]
../source3/passdb/pdb_ldap_util.c:288(smbldap_search_domain_info)
smbldap_search_domain_info: Query was: dc=MYDOMAIN,dc=LocalDomain,
(&(objectClass=sambaDomain)(sambaDomainName=STORAGE-03))
[2016/05/17 19:24:34.065359, 0]
../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain. We cannot work reliably without it.
[2016/05/17 19:24:34.065485, 0]
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ldapsam:"ldap://127.0.0.1/
ldap://Storage-03.MYDOMAIN.LocalDomain/" did not correctly init (error
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
cat /usr/local/etc/smb4.conf
[global]
# Basic server settings
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCALDOMAIN
netbios name = STORAGE-03
# Password backend
passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://Storage-03.MYDOMAIN.LocalDomain/"
ldap admin dn = cn=admin,dc=MYDOMAIN,dc=LocalDomain
ldap suffix = dc=MYDOMAIN,dc=LocalDomain
idmap_ldb:use rfc2307 = Yes
encrypt passwords = yes
invalid users = root
[...]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
May 17, 2016, 2:10:03 PM5/17/16
to
If the first, you will need to remove these lines:
realm = MYDOMAIN.LOCALDOMAIN
idmap_ldb:use rfc2307 = Yes
If you want to set up an AD DC, you will need to remove openldap, it is
(at the moment, this could change though) incompatible with the LDAP
built into a Samba AD DC.
Lets sort out just what you want and then move on from there.
Rowland
0 new messages