OpenLDAP with Samba Issue



  • I am trying to authenticate OpenLDAP Users with Samba. I thought i had all of the settings correct on my smb.conf, but smb wont start... This is the log error message that i get:

    [2017/05/11 15:42:02.337376,  2] ../source3/param/loadparm.c:2685(lp_do_section)
      Processing section "[Share1]"
    [2017/05/11 15:42:02.337886,  2] ../source3/lib/interface.c:345(add_interface)
      added interface eno1 ip=IP bcast=bcast netmask=netmask
    [2017/05/11 15:42:02.339401,  1] ../source3/profile/profile.c:51(set_profile_level)
      INFO: Profiling turned OFF from pid 25024
    [2017/05/11 15:42:02.340437,  2] ../source3/passdb/pdb_interface.c:161(make_pdb_method_name)
      No builtin backend found, trying to load plugin
    [2017/05/11 15:42:02.344946,  2] ../lib/util/modules.c:196(do_smb_load_module)
      Module 'ldapsam' loaded
    [2017/05/11 15:42:02.345050,  2] ../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info)
      smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SERVER))]
    [2017/05/11 15:42:02.425340,  0] ../source3/lib/smbldap.c:575(smbldap_start_tls)
      Failed to issue the StartTLS instruction: Operations error
    [2017/05/11 15:42:02.425432,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
      Connection to LDAP server failed for the 1 try!
    [2017/05/11 15:42:03.489827,  0] ../source3/lib/smbldap.c:575(smbldap_start_tls)
      Failed to issue the StartTLS instruction: Operations error
    [2017/05/11 15:42:03.489891,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
      Connection to LDAP server failed for the 1 try!
    [2017/05/11 15:42:04.553952,  0] ../source3/lib/smbldap.c:575(smbldap_start_tls)
      Failed to issue the StartTLS instruction: Operations error
    [2017/05/11 15:42:04.554018,  1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect)
      Connection to LDAP server failed for the 1 try!
    [2017/05/11 15:42:05.569184,  1] ../source3/passdb/pdb_ldap_util.c:236(add_new_domain_info)
      add_new_domain_info: failed to add domain dn= sambaDomainName=SERVER,dc=company,dc=com with: Object class violation
            unknown object class "sambaDomain"
    
    [2017/05/11 15:42:05.569233,  0] ../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
      smbldap_search_domain_info: Adding domain info for SERVER failed with NT_STATUS_UNSUCCESSFUL
    [2017/05/11 15:42:05.569292,  0] ../source3/passdb/pdb_ldap.c:6540(pdb_ldapsam_init_common)
      pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
    [2017/05/11 15:42:05.569315,  0] ../source3/passdb/pdb_interface.c:180(make_pdb_method_name)
      pdb backend ldapsam:ldaps://ldapserveraddress did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
    

    Here is my smb.conf if anyone can go through it to figure out what i am doing wrong. Ive checked several places online and none have been helpful so far.

    [global]
            workgroup = SERVER
    
            server string = Samba Server on server-name
    
            interfaces = eno1
            hosts allow = ranges to allow
    
            strict locking = no
            kernel oplocks = no
            reset on zero vc = yes
            vfs objects = acl_xattr
            map acl inherit = yes
            store dos attributes = yes
    # --------------------------- Allow LDAP Authentication--------------------
            passdb backend = ldapsam:ldaps://ldapserver
            ldap suffix = dc=company,dc=com
            ldap admin dn = uid=test 
    # For Security
            server signing = mandatory
            smb encrypt = mandatory
            client min protocol = smb3
            client max protocol = smb3
    # --------------------------- Logging Options -----------------------------
    
            log level = 2
            # log files split per-machine:
            log file = /var/log/samba/log.%m
            # 5MB per file before rotation
            max log size = 5000
            idmap config * : backend = tdb
    
    # --------------------------- Printing Options -----------------------------
    
            load printers = no
    

    Cross posting this for Alex Duarte who isn't getting a lot of eyes on it.


  • Service Provider

    You show your Samba configs, but not your LDAP configs. But it looks like LDAP is the issue.





  • Why samba instead of sssd?


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.