ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001727ClearOSapp-samba - Windows Networkingpublic2014-05-29 16:112014-07-10 13:20
Reporteruser2 
Assigned Touser2 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version6.5.0 
Target Version6.6.0 Beta 2Fixed in Version6.6.0 Beta 2 
Summary0001727: Changing directory server base domain breaks relationship between Samba and LDAP
DescriptionI changed my Base Domain in the Directory Server part of the webconfig and since then it appears that Samba is no longer able to authenticate with LDAP. Initially in /var/log/samba/log.winbindd-idmp I got:

[2014/05/26 17:12:29.450009, 1] winbindd/idmap.c:288(idmap_init_named_domain)
  no backend defined for idmap config HOME
[2014/05/26 17:12:29.450879, 0] lib/smbldap.c:1225(smbldap_connect_system)
  failed to bind to server ldap://127.0.0.1 [^] with dn="cn=manager,ou=Internal,dc=howitts,dc=lan" Error: Invalid credentials
      (unknown)

then a repeating:

[2014/05/26 17:12:29.451119, 1] lib/smbldap.c:1409(another_ldap_try)
  Connection to LDAP server failed for the 1 try!

I then rebooted and now the following message repeats in /var/log/samba/log.winbindd-idmp:

[2014/05/27 11:26:24.844569, 0] winbindd/idmap_ldap.c:113(get_credentials)
  get_credentials: Unable to fetch auth credentials for cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk in *
[2014/05/27 11:26:24.844620, 1] winbindd/idmap_ldap.c:501(idmap_ldap_db_init)
  idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
[2014/05/27 11:26:24.844666, 1] winbindd/idmap.c:249(idmap_init_domain)
  idmap initialization returned NT_STATUS_ACCESS_DENIED

/etc/samba/smb.winbind.conf appears to be set correctly (i.e it is like the old one but dc=lan now reads dc=co,dc=uk which is as I'd expect)
'ldapsearch -D "cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk" -b "" objectclass=* -w PASSWORD' successfully runs.
Steps To ReproduceSorry but I daren't break my system any further!
Additional Information
TagsNo tags attached.
Relationships
related to 0001719closed user2 Changing directory server base domain causes authentication issues 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2014-05-29 16:11user2New Issue
2014-05-29 16:11user2Issue generated from: 0001719
2014-05-29 16:11user2Relationship addedrelated to 0001719
2014-05-29 16:11user2Statusnew => acknowledged
2014-05-29 16:15user2SummaryChanging Directory Server Base Domain => Changing directory server base domain breaks relationship between Samba and LDAP
2014-05-29 16:16user2Target Version => 6.6.0 Beta 2
2014-05-30 10:26user2Note Added: 0001192
2014-05-30 13:32user2Statusacknowledged => resolved
2014-05-30 13:32user2Fixed in Version => 6.6.0 Beta 2
2014-05-30 13:32user2Resolutionopen => fixed
2014-05-30 13:32user2Assigned To => user2
2014-07-10 13:20user2Statusresolved => closed

Notes
(0001192)
user2   
2014-05-30 10:26   
The LDAP password needs to be refreshed inside Samba with:

  smbpasswd -w wxyz

Where wxyz is the LDAP password in /var/clearos/openldap/config.php

Or the "GUI way": reset the Windows Administrator password on the "Server - Windows Networking" page in the web-based administration tool. This action also does an LDAP password refresh.

This password refresh is supposed to happen automatically on a domain name change, but it looks like it was missed (?). Still investigating.