Web lists-archives.com

[Samba] Fw:ldap access domain AD failed on 4.7.6 and 4.8.0




Hi,
I want to use samba as AD on SLES 11 SP3. And I can make samba 4.5.x into some rpms which works well.

 

Recently I try to build samba 4.8.0 using my spec file which works well on samba4.5.x. But when I test these rpms there is a problem. When I use ldap to access the domain to query some domain info, it remains me the directory service is not operational. This problem also appears in samba4.7.6 with my spec file.Besides, I tried to use AD Explorer to connect the AD. It also failed with “this directory service is unavailable”.

 

 

And here are my configure options in spec file:

 

PATH_OPTS="\

--enable-fhs \

         --with-lockdir=%{_localstatedir}/cache/samba \

         --prefix=%{_prefix} \

         --exec-prefix=%{_exec_prefix} \

         --bindir=%{_bindir} \

         --sbindir=%{_sbindir} \

         --sysconfdir=%{_sysconfdir} \

         --datadir=%{_datadir} \

         --includedir=%{_includedir} \

         --libdir=%{_libdir} \

         --libexecdir=%{_libexecdir} \

         --localstatedir=%{_localstatedir} \

         --sharedstatedir=%{_sharedstatedir} \

         --mandir=%{_mandir} \

         --infodir=%{_infodir} \

         --with-pammodulesdir=/%{_lib}/security \"

BUILD_OPTS="\

         --disable-rpath-install \

         --bundled-libraries=ALL \

%if %{make_devel}

                  --enable-developer \

                  --picky-developer \

                  --enable-krb5developer \

%endif"

CONF_OPTS="\

         --enable-cups \

         --enable-gnutls \

         --with-acl-support \

         --with-automount \

         --with-pam \

         --without-profiling-data \

         --with-quotas \

         --with-syslog \

         --with-utmp \

         --with-winbind \

         --with-ads \

         --with-dnsupdate \

         --with-cluster-support \

%if %{with_libarchive}

                  --with-libarchive \

%else

                  --without-libarchive \

%endif

%if %{make_dmapi}

                  --with-dmapi \

%else

                  --without-dmapi \

%endif

         --with-shared-modules=%{shared_modules} \"

./configure $PATH_OPTS $BUILD_OPTS $CONF_OPTS

 

This is my smb.conf :

 

[global]

        bind interfaces only = Yes

        interfaces = 8.22.145.173 127.0.0.1

        log file = /var/FusionAccess/LiteAD/log.samba

        log level = 2

        max log size = 15000

        netbios name = SAMBATEST2

        realm = TESTSAMBA476.HAUWEI.COM

        server role = active directory domain controller

        workgroup = TESTSAMBA476

        idmap_ldb:use rfc2307 = yes

 

 

        ldap server require strong auth = no

        load printers = no

        printing = bsd

        printcap name = /dev/null

        disable spoolss = yes

 

[netlogon]

        path = /var/lib/samba/sysvol/testsamba476.hauwei.com/scripts

        read only = No

 

[sysvol]

        path = /var/lib/samba/sysvol

        read only = No

 

 

In log.samba I found those when I use ldap to access the domain:

 

[2018/04/11 15:31:18.303677,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)

  NTLMSSP NTLM2 packet check failed due to invalid signature!

[2018/04/11 15:31:18.303917,  2] ../source4/smbd/process_standard.c:473(standard_terminate)

  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]

[2018/04/11 15:31:18.307704,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)

  Child 24315 () exited with status 0

[2018/04/11 15:31:18.347855,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)

  NTLMSSP NTLM2 packet check failed due to invalid signature!

[2018/04/11 15:31:18.348237,  2] ../source4/smbd/process_standard.c:473(standard_terminate)

  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]

[2018/04/11 15:31:18.352456,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)

  Child 24316 () exited with status 0

 

Is there any change for ldap default configuration in samba4.7.x and samba4.8.x comparing to samba 4.5.x? If so, what should I do tomake it back to normal.

Thanks
RyanYang
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba