I have confirmed this with both the CentOS 5 v3.0.33 RPM and SerNet's v3.5.6 RPM. I tried several values for "password server" in smb.conf (with "security = ads"), but Samba always uses an auto-detected LDAP server and ignores my specification (other changes are picked up with "service smb restart"). I need to override the port, but cannot get it to take. I have tried both real servers with port (e.g., "password server = 140.163.***.***:3268") and "password server = 127.0.0.1". But every time I check, "net ads info" shows the autotdetected LDAP server & default port 389. [root@ananew samba]# uname -a Linux ananew.cbio.mskcc.org 2.6.18-194.el5 #1 SMP Fri Apr 2 14:58:14 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux [root@ananew samba]# rpm -qi samba3 Name : samba3 Relocations: (not relocatable) Version : 3.5.6 Vendor: Service Network GmbH, Goettingen Release : 43.el5 Build Date: Thu 07 Oct 2010 04:49:39 PM EDT Install Date: Fri 11 Feb 2011 09:39:52 AM EST Build Host: sam Group : Productivity/Networking/Samba Source RPM: samba3-3.5.6-43.el5.src.rpm Size : 52760655 License: GPL v3 or later Signature : DSA/SHA1, Wed 13 Oct 2010 06:59:38 AM EDT, Key ID d9921b1cf4428b1a Packager : SerNet Samba Team <Samba@SerNet.DE> URL : http://www.samba.org Summary : SerNet Samba SMB/CIFS file, print and authentication server Description : Samba is a suite of programs which work together to allow clients to access Unix filespace and printers via the SMB/CIFS protocol. [root@ananew samba]# net ads info LDAP server: 140.163.***.*** LDAP server name: SMSKPADSM03.MSKCC.ROOT.MSKCC.ORG Realm: MSKCC.ROOT.MSKCC.ORG Bind Path: dc=MSKCC,dc=ROOT,dc=MSKCC,dc=ORG LDAP port: 389 Server time: Fri, 11 Feb 2011 09:59:15 EST KDC server: 140.163.***.*** Server time offset: 0 [root@ananew samba]# grep "password server" /etc/samba/smb.conf|grep -v \# password server = 127.0.0.1 ; password server = <NT-Server-Name> [root@ananew samba]# grep security /etc/samba/smb.conf|grep -v \# security = ads ; security = ads ; security = user Originally observed with the CentOS 5 RPM: Name : samba Arch : x86_64 Version : 3.0.33 Release : 3.29.el5_5.1 Size : 16 M Repo : updates
Volker, would you like to comment on this one?
Sorry, I'd see this not as a major bug but as an enhancement. Volker
I don't understand. There is a documented feature that doesn't work. Not supporting the specification (the manual page in this case) seems like a bug. Is it just that Samba doesn't support alternate LDAP ports and never has, and the manual page writer just got carried away and made up a nonexistent feature? For us it's major -- Samba cannot communicate with our AD system.
Sorry, but the documentation is wrong. A port option in the ADS world just does not make sense, as we have to contact several services in AD. 445, 389, 135 at least. All of them might be individually redirected. In case you are working with Linux, you might want to try iptables DNAT rules that redirect 389 connects to another port. Volker
Thanks, I will check out iptables DNAT, but the "password server" configuration is specifically for the LDAP service normally on port 389 -- nothing to do with the CIFS file service ports.
(In reply to comment #5) > Thanks, I will check out iptables DNAT, but the "password server" configuration > is specifically for the LDAP service normally on port 389 -- nothing to do with > the CIFS file service ports. The documentation might wrongly indicate so. Historically, "password server" predates our AD and thus LDAP support by years. it came from "security=server", which has nothing to do with LDAP at all. That is pure CIFS on port 139/445. Volker