Date: Sun, 9 Feb 2014 06:26:53 GMT From: Dan Burkland <dburklan@me.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/186575: Start of Samba results in "nss_ldap: could not search LDAP server" errors Message-ID: <201402090626.s196Qrdu039893@cgiserv.freebsd.org> Resent-Message-ID: <201402090630.s196U0gA098218@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 186575 >Category: ports >Synopsis: Start of Samba results in "nss_ldap: could not search LDAP server" errors >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 09 06:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Dan Burkland >Release: 10.0 P0 RELEASE >Organization: >Environment: FreeBSD srv06 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: I have recently upgraded my FreeBSD file server from 9.1 to 10.0 and have run into an interesting issue. I have configured this system via "/etc/nsswitch" to utilize my OpenLDAP server for "passwdb" & "group" NSS lookups. The system is configured to talk to the OpenLDAP over TLS and basic things like "getent passwd" & "getent group" work fine and do not result in any errors on the LDAP or FreeBSD servers. When I start Samba however (regardless if it is 3.6, 4.0, or 4.1) I notice the following error messages appear in my OpenLDAP server's logs: Feb 9 00:10:09 srv01 slapd[51720]: conn=2054 fd=43 ACCEPT from IP=10.0.0.15:30785 (IP=0.0.0.0:389) Feb 9 00:10:09 srv01 slapd[51720]: conn=2054 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Feb 9 00:10:09 srv01 slapd[51720]: conn=2054 op=0 STARTTLS Feb 9 00:10:09 srv01 slapd[51720]: conn=2054 op=0 RESULT oid= err=0 text= Feb 9 00:10:09 srv01 slapd[51720]: conn=2054 fd=43 closed (TLS negotiation failure) If I try to connect to the Samba server from a client or run a samba-related command such as "smbpasswd -a <username>" they hang until I kill them. At that point I notice the following error message appear in "/var/log/messages" on the FreeBSD file server: Feb 9 00:11:56 srv06 smbd[97896]: nss_ldap: could not search LDAP server - Server is unavailable This configuration worked just fine in FreeBSD 9.1 so I'm not sure what changed in 10 to prevent this from working properly. As demonstrated previously TLS + LDAP is working properly as confirmed by the "getent passwd" command and OpenLDAP server logs (which indicate a clean TLS connection). Please see the following tar file which should contain all of the necessary files: https://www.dropbox.com/s/2eclhl1k5l2jaxr/FreeBSD_Samba_Problem_Report_Files_20140209.tar.gz If you need any further information from me please shoot me an email. Thanks! Dan >How-To-Repeat: * Start/stop the "samba_server" service Or * Try to connect to the Samba fileshare from a client server >Fix: If I replace the following lines: group: files ldap passwd: files ldap With group: files passwd: files Samba then operates correctly and related commands such as "pdbedit -L -u <username>" work just fine. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402090626.s196Qrdu039893>