[389-users] Problem with samba and 389 Directory server with LDAPS

Angel Bosch Mora angbosch at conselldemallorca.net
Wed Sep 28 07:39:22 UTC 2011 

you have to use FQDN when connecting securely. and you have to use the exact name used in the certificate. 







I am getting the following message in the /var/log/samba/smbd.log file when I start up samba and try to connect as a user. 



[2011/09/27 14:23:33, 1] lib/smbldap.c:another_ldap_try(1153) 

Connection to LDAP server failed for the 15 try! 

[2011/09/27 14:23:34, 10] lib/smbldap.c:smb_ldap_setup_conn(630) 

smb_ldap_setup_connection: ldaps://192.168.3.79 

[2011/09/27 14:23:34, 2] lib/smbldap.c:smbldap_open_connection(786) 

smbldap_open_connection: connection opened 

[2011/09/27 14:23:34, 10] lib/smbldap.c:smbldap_connect_system(951) 

ldap_connect_system: Binding to ldap server ldaps://192.168.x.x as "cn=directory manager,dc=stag,dc=cle,dc=us" 

[2011/09/27 14:23:34, 2] lib/smbldap.c:smbldap_connect_system(982) 

failed to bind to server ldaps://192.168.x.x with dn="cn=directory manager,dc=stag,dc=cle,dc=us" Error: Can't contact LDAP server 

(unknown) 



Relevant part of the smb.conf 



passdb backend = ldapsam:ldaps://192.168.x.x 

ldap suffix = dc=stag,dc=cle,dc=us 

ldap machine suffix = ou=people 

ldap user suffix = ou=people 

ldap group suffix = ou=groups 

ldap passwd sync = yes 

ldap admin dn = cn=directory manager,dc=stag,dc=cle,dc=us 

obey pam restrictions = yes 



I was able to run smbpasswd –w to add the dn admin password to the secrets.tdb but am unable to add additional users as well, again getting a cannot contact ldap server message. I had this working on another machine, but that machine was needed for another purpose and lost the setup. I know I must be missing something simple and am checking the HOWTO for samba on the 389-Directory Server site. 

David Hoskinson | DATATRAK International 
Systems Engineer 
Mayfield Heights, Ohio, USA 
+1.440.443.0082 x 124 (p ) | +1.216 .280.5457 (m) 
david.hoskinson at datatrak.net | www.datatrak.net 


-- 
389 users mailing list 
389-users at lists.fedoraproject.org 
https://admin.fedoraproject.org/mailman/listinfo/389-users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110928/76f1d738/attachment.html>

More information about the 389-users mailing list