Bug 1255 - smbclient "protocol negotiation failed" with ldap suffix = o=base
smbclient "protocol negotiation failed" with ldap suffix = o=base
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: smbclient
3.0.2a
Other Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-09 14:11 UTC by anthony
Modified: 2005-08-24 10:17 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description anthony 2004-04-09 14:11:40 UTC
in smb.conf
passdb backend = ldapsam:ldaps://ldapserver
ldap suffix = o=zzz
ldap ssl = on
ldap admin dn = uid=xxx,ou=yyy,o=zzz
(set secret for admin dn with smbpasswd -w)

# smbclient -L //machine
read_socket_with_timeout: timeout read. read error = Connection reset by peer.
protocol negotiation failed

it doesnt prompt for password yet does initial authentication with ldap admin dn
to ldap server..ldap logs show results ok with no errors
: BIND dn="uid=xxx,ou=yyy,o=zzz" method=128
: BIND dn="uid=xxx,ou=yyy,o=zzz" mech=simple ssf=0
: RESULT tag=97 err=0 text=
: SRCH base="o=zzz" scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))"
: SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid
sambaSID sambaAlgorithmicRidBase objectClass
: SEARCH RESULT tag=101 err=0 nentries=1 text=
: closed


if smb.conf has
ldap suffix = dc=somesearchbase
(or if not set)

# smbclient -L //machine
password: 

but will fail because ldap server setup uses o= in dn 
: BIND dn="uid=xxx,ou=yyy,o=zzz" method=128
: BIND dn="uid=xxx,ou=yyy,o=zzz" mech=simple ssf=0
: RESULT tag=97 err=0 text=
: SRCH base="" scope=2
filter="(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))"
: SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid
sambaSID sambaAlgorithmicRidBase objectClass
: RESULT tag=101 err=32 text=
: SRCH base="" scope=2 filter="(&(uid=myuserid)(objectClass=sambaSamAccount))"
: SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime
sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript
sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial
: RESULT tag=101 err=32 text=
: closed
Comment 1 Gerald (Jerry) Carter 2005-02-08 20:52:39 UTC
Please define the 'ldap user suffix' and retest against 3.0.11.
The LDAP code bas been workied on quite a bit.
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:17:32 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.