ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001727ClearOSapp-samba - Windows Networkingpublic2014-05-29 16:112014-07-10 13:20
Reporteruser2 
Assigned Touser2 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version6.5.0 
Target Version6.6.0 Beta 2Fixed in Version6.6.0 Beta 2 
Summary0001727: Changing directory server base domain breaks relationship between Samba and LDAP
DescriptionI changed my Base Domain in the Directory Server part of the webconfig and since then it appears that Samba is no longer able to authenticate with LDAP. Initially in /var/log/samba/log.winbindd-idmp I got:

[2014/05/26 17:12:29.450009, 1] winbindd/idmap.c:288(idmap_init_named_domain)
  no backend defined for idmap config HOME
[2014/05/26 17:12:29.450879, 0] lib/smbldap.c:1225(smbldap_connect_system)
  failed to bind to server ldap://127.0.0.1 [^] with dn="cn=manager,ou=Internal,dc=howitts,dc=lan" Error: Invalid credentials
      (unknown)

then a repeating:

[2014/05/26 17:12:29.451119, 1] lib/smbldap.c:1409(another_ldap_try)
  Connection to LDAP server failed for the 1 try!

I then rebooted and now the following message repeats in /var/log/samba/log.winbindd-idmp:

[2014/05/27 11:26:24.844569, 0] winbindd/idmap_ldap.c:113(get_credentials)
  get_credentials: Unable to fetch auth credentials for cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk in *
[2014/05/27 11:26:24.844620, 1] winbindd/idmap_ldap.c:501(idmap_ldap_db_init)
  idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
[2014/05/27 11:26:24.844666, 1] winbindd/idmap.c:249(idmap_init_domain)
  idmap initialization returned NT_STATUS_ACCESS_DENIED

/etc/samba/smb.winbind.conf appears to be set correctly (i.e it is like the old one but dc=lan now reads dc=co,dc=uk which is as I'd expect)
'ldapsearch -D "cn=manager,ou=Internal,dc=howitts,dc=co,dc=uk" -b "" objectclass=* -w PASSWORD' successfully runs.
Steps To ReproduceSorry but I daren't break my system any further!
TagsNo tags attached.
Attached Files

- Relationships
related to 0001719closeduser2 Changing directory server base domain causes authentication issues 

-  Notes
(0001192)
user2
2014-05-30 10:26

The LDAP password needs to be refreshed inside Samba with:

  smbpasswd -w wxyz

Where wxyz is the LDAP password in /var/clearos/openldap/config.php

Or the "GUI way": reset the Windows Administrator password on the "Server - Windows Networking" page in the web-based administration tool. This action also does an LDAP password refresh.

This password refresh is supposed to happen automatically on a domain name change, but it looks like it was missed (?). Still investigating.

- Issue History
Date Modified Username Field Change
2014-05-29 16:11 user2 New Issue
2014-05-29 16:11 user2 Issue generated from: 0001719
2014-05-29 16:11 user2 Relationship added related to 0001719
2014-05-29 16:11 user2 Status new => acknowledged
2014-05-29 16:15 user2 Summary Changing Directory Server Base Domain => Changing directory server base domain breaks relationship between Samba and LDAP
2014-05-29 16:16 user2 Target Version => 6.6.0 Beta 2
2014-05-30 10:26 user2 Note Added: 0001192
2014-05-30 13:32 user2 Status acknowledged => resolved
2014-05-30 13:32 user2 Fixed in Version => 6.6.0 Beta 2
2014-05-30 13:32 user2 Resolution open => fixed
2014-05-30 13:32 user2 Assigned To => user2
2014-07-10 13:20 user2 Status resolved => closed