LDAP+SAMBA login issues

linux samba openldap ldap
7,318

I solved the issue by running following command:

smbpasswd -w <MyLiteralPassword>
Share:
7,318

Related videos on Youtube

peris
Author by

peris

Updated on September 18, 2022

Comments

  • peris
    peris over 1 year

    I'm on a clean Ubuntu 13.10 install and I've just installed and configured openldap+samba. While I'm trying to configure a domain controller plus user shares. In order to ease LDAP management I've also installed gosa and lam ( LDAP Account Manager ).

    My issue regards to samba when it's trying to connect to ldap:

    # pdbedit -L -Uadmin
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=PBA))]
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with dn="cn=admin,dc=exedra,dc=cat" Error: Invalid credentials
        (unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with dn="cn=admin,dc=exedra,dc=cat" Error: Invalid credentials
        (unknown)
Connection to LDAP server failed for the 2 try!
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with dn="cn=admin,dc=exedra,dc=cat" Error: Invalid credentials
        (unknown)
Connection to LDAP server failed for the 3 try!

    Here's the server log:

    Nov 21 10:40:58 srv1 slapd[30707]: conn=1088 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 21 10:55:42 srv1 slapd[30707]: conn=1089 fd=29 ACCEPT from IP=127.0.0.1:56558 (IP=0.0.0.0:389)
Nov 21 10:55:42 srv1 slapd[30707]: conn=1089 op=0 BIND dn="cn=admin,dc=exedra,dc=cat" method=128
Nov 21 10:55:42 srv1 slapd[30707]: conn=1089 op=0 RESULT tag=97 err=49 text=
Nov 21 10:55:42 srv1 slapd[30707]: conn=1089 op=1 UNBIND
Nov 21 10:55:42 srv1 slapd[30707]: conn=1089 fd=29 closed
Nov 21 10:55:43 srv1 slapd[30707]: conn=1090 fd=29 ACCEPT from IP=127.0.0.1:56559 (IP=0.0.0.0:389)
Nov 21 10:55:43 srv1 slapd[30707]: conn=1090 op=0 BIND dn="cn=admin,dc=exedra,dc=cat" method=128
Nov 21 10:55:43 srv1 slapd[30707]: conn=1090 op=0 RESULT tag=97 err=49 text=
Nov 21 10:55:43 srv1 slapd[30707]: conn=1090 op=1 UNBIND
Nov 21 10:55:43 srv1 slapd[30707]: conn=1090 fd=29 closed
Nov 21 10:55:44 srv1 slapd[30707]: conn=1091 fd=29 ACCEPT from IP=127.0.0.1:56560 (IP=0.0.0.0:389)
Nov 21 10:55:44 srv1 slapd[30707]: conn=1091 op=0 BIND dn="cn=admin,dc=exedra,dc=cat" method=128
Nov 21 10:55:44 srv1 slapd[30707]: conn=1091 op=0 RESULT tag=97 err=49 text=
Nov 21 10:55:44 srv1 slapd[30707]: conn=1091 op=1 UNBIND
Nov 21 10:55:44 srv1 slapd[30707]: conn=1091 fd=29 closed

    As you can see there's a wrong password somewhere. It looks like samba provides a password while authenticating against LDAP while maybe it shouldn't as I can run search through ldap without password:

     ldapsearch -x -LLL -b dc=exedra,dc=cat 'uid=admin' -W
Enter LDAP Password: 
dn: cn=System Administrator-admin,ou=People,dc=exedra,dc=cat
objectClass: top
objectClass: person
objectClass: gosaAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
givenName: System
sn: Administrator
cn: System Administrator-admin
uid: admin
sambaDomainName: exedra.cat
sambaAcctFlags: [XU         ]
sambaPrimaryGroupSID: S-1-5-21-2410480708-3229887800-873095019-21003
sambaSID: S-1-5-21-2410480708-3229887800-873095019-41002
loginShell: /bin/bash
homeDirectory: /home/admin
uidNumber: 20001
gidNumber: 10001

    But I don't understand why my password here is blank. Here you can see the same above result but without using -W option so no password is asked nor provided:

    ldapsearch -x -LLL -b dc=exedra,dc=cat 'uid=admin'
dn: cn=System Administrator-admin,ou=People,dc=exedra,dc=cat
objectClass: top
objectClass: person
objectClass: gosaAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: posixAccount
givenName: System
sn: Administrator
cn: System Administrator-admin
uid: admin
sambaDomainName: exedra.cat
sambaAcctFlags: [XU         ]
sambaPrimaryGroupSID: S-1-5-21-2410480708-3229887800-873095019-21003
sambaSID: S-1-5-21-2410480708-3229887800-873095019-41002
loginShell: /bin/bash
homeDirectory: /home/admin
uidNumber: 20001
gidNumber: 10001

    If i provide a dn in ldapsearch sentence i'm force to authenticate: 

    # ldapsearch -x -h localhost -D "cn=admin,dc=exedra,dc=cat" -W
Enter LDAP Password: 
ldap_bind: Server is unwilling to perform (53)
        additional info: unauthenticated bind (DN with no password) disallowed

    If I supply the password everything runs fine:
    During LDAP installation, I set up a LDAP admin password for my admin user called admin which credentials I use to login into gosa and lam without problems.
    It looks pretty strange as I need the admin password when using LDAP web management tools.

    Extra info

    As I'm new to LDAP and I've just took a read at the following doc and once I thought I successfully installed and configured LDAP. I read the following doc to configure samba server against LDAP.

    Through web management tools I also managed to add some users and groups without issues but I'm suffering lot of issues when trying to browse through samba.

    Does anyone know where I went wrong? Thanks in advanced!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the other alternative to test a LDAP connection on linux machine
Using LDAPSEARCH to return all Groups and OU's in an Active Directory domain
ldap_modify: No such object (32)
Difference between openldap 2.3 and 2.4
How to copy a LDAP entry and all the subtree on a Linux/openldap server?
How can I get FreeNAS to work with LDAP authentication?
Allowing LDAP users to change password
How does LDAP handle supplementary/secondary user groups?
How do I modify the value of an attribute with OpenLDAP?
Find users currently logged in using ldap?