Hi,
I'm currently setting up a new FreeBSD machine which is mainly acting as a file server using Samba. The user accounts are stored centrally in an LDAP server (OpenLDAP slapd 2.4.23, self compiled to use OpenSSL instead of GnuTLS), which is also used by other services and runs on Debian. The accounts are stored and maintained with the Samba LDAP scheme and the smb-ldap scripts.
I've trouble setting up the LDAP connectivity of Samba. The setup of the Samba host:
Samba configuration:
LDAP cient configuration
A
The problem: whenever I'm starting the Samba service, the connection to the LDAP server fails. Excerpt from the log:
The last line is repeated afterwards, and smbd hangs.
On the LDAP server, I'm getting the following log messages in the debug log:
Does anyone have an idea what am I doing wrong, or knows this problem already?
Thanks in advance!
I'm currently setting up a new FreeBSD machine which is mainly acting as a file server using Samba. The user accounts are stored centrally in an LDAP server (OpenLDAP slapd 2.4.23, self compiled to use OpenSSL instead of GnuTLS), which is also used by other services and runs on Debian. The accounts are stored and maintained with the Samba LDAP scheme and the smb-ldap scripts.
I've trouble setting up the LDAP connectivity of Samba. The setup of the Samba host:
- FreeBSD 10 RC4, amd64
- Samba Version 3.6.22 (port with default options, including LDAP support)
Samba configuration:
Code:
$ testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[home]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
dos charset = CP865
unix charset = iso-8859-1
display charset = iso-8859-1
workgroup = WORKGROUP
server string = File Server
passdb backend = ldapsam:ldap://ldap.server:389
log file = /var/log/samba/log.%m
unix extensions = No
name cache timeout = 300
preferred master = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=admin,dc=ldap,dc=server
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap passwd sync = yes
ldap suffix = dc=ldap,dc=server
ldap user suffix = ou=users
ldap debug level = 8
multicast dns register = No
ldapsam:trusted = yes
idmap config * : ldap_base_dn = dc=ldap,dc=server
idmap config * : ldap_url = ldap://ldap.server:389
idmap config * : range = 10000 - 20000
idmap config * : backend = ldap
use sendfile = Yes
store dos attributes = Yes
wide links = Yes
[home]
comment = home directory
path = /home/%u
read only = No
create mask = 0644
inherit permissions = Yes
LDAP cient configuration
Code:
$ grep '^[^#]' /usr/local/etc/openldap/ldap.conf
BASE dc=ldap,dc=server
URI ldap://ldap.server/
TLS_CACERT /etc/ssl/ca.pem
TLS_REQCERT hard
A
ldapsearch -x -ZZ
works fine.The problem: whenever I'm starting the Samba service, the connection to the LDAP server fails. Excerpt from the log:
Code:
[2014/01/08 23:47:21.493582, 2] lib/smbldap_util.c:278(smbldap_search_domain_info)
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=STORAGE))]
[2014/01/08 23:47:21.493722, 5] lib/smbldap.c:1439(smbldap_search_ext)
smbldap_search_ext: base => [dc=ldap,dc=server], filter => [(&(objectClass=sambaDomain)(sambaDomainName=STORAGE))], scope => [2]
[2014/01/08 23:47:21.493959, 5] lib/smbldap.c:1341(smbldap_close)
The connection to the LDAP server was closed
[2014/01/08 23:47:21.494025, 10] lib/smbldap.c:819(smb_ldap_setup_conn)
smb_ldap_setup_connection: ldap://ldap.server:389
[2014/01/08 23:47:21.509539, 10] lib/ldap_debug_handler.c:26(samba_ldap_log_print_fn)
[LDAP] TLS: can't connect: .
[2014/01/08 23:47:21.510008, 0] lib/smbldap.c:799(smb_ldap_start_tls)
Failed to issue the StartTLS instruction: Connect error
The last line is repeated afterwards, and smbd hangs.
On the LDAP server, I'm getting the following log messages in the debug log:
Code:
Jan 8 23:47:21 LDAP slapd[15453]: conn=1047 fd=13 ACCEPT from IP=FREEBSD_SERVER_IP:23970 (IP=0.0.0.0:389)
Jan 8 23:47:21 LDAP slapd[15453]: conn=1047 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 8 23:47:21 LDAP slapd[15453]: conn=1047 op=0 STARTTLS
Jan 8 23:47:21 LDAP slapd[15453]: conn=1047 op=0 RESULT oid= err=0 text=
Jan 8 23:47:21 LDAP slapd[15453]: conn=1047 fd=13 closed (TLS negotiation failure)
...
Does anyone have an idea what am I doing wrong, or knows this problem already?
Thanks in advance!