Samba with LDAP backend using Jumpcloud DaaS

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Samba with LDAP backend using Jumpcloud DaaS

      Hi everyone,

      First time posting, but have been reading plenty of your posts! I'm setting up Samba with LDAP using jumpcloud's directory as a service. Jumpcloud will only work with either SSL or TLS enabled in Samba. When I enable Samba with the LDAP backend I'm getting an error:

      Leading me to look at the output from systemctl status:

      Source Code

      1. smbd.service - Samba SMB Daemon
      2. Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
      3. Active: failed (Result: exit-code) since Sun 2018-04-15 14:42:20 BST; 3min 9s ago
      4. Docs: man:smbd(8)
      5. man:samba(7)
      6. man:smb.conf(5)
      7. Process: 4831 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE)
      8. Main PID: 4831 (code=exited, status=1/FAILURE)
      9. Status: "Starting process..."
      10. Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: Adding new domain
      11. Apr 15 14:42:20 phoenix smbd[4831]: [2018/04/15 14:42:20.601860, 5, pid=4831, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1485(smbl
      12. Apr 15 14:42:20 phoenix smbd[4831]: smbldap_add: dn => [sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jumpcloud,dc=com]
      13. Apr 15 14:42:20 phoenix smbd[4831]: [2018/04/15 14:42:20.630532, 1, pid=4831, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap_util.c:
      14. Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: failed to add domain dn= sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jump
      15. Apr 15 14:42:20 phoenix smbd[4831]: unknown
      16. Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Main process exited, code=exited, status=1/FAILURE
      17. Apr 15 14:42:20 phoenix systemd[1]: Failed to start Samba SMB Daemon.
      18. Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Unit entered failed state.
      19. Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Failed with result 'exit-code'.
      Display All



      and journalctl (key lines only):

      Source Code

      1. Apr 15 14:42:20 phoenix smbd[4831]: add_new_domain_info: failed to add domain dn= sambaDomainName=PHOENIX,o=*************REMOVED************,dc=jumpcloud,dc=com with: Referral
      2. Apr 15 14:42:20 phoenix smbd[4831]: smbldap_search_domain_info: Adding domain info for PHOENIX failed with NT_STATUS_UNSUCCESSFUL
      3. Apr 15 14:42:20 phoenix smbd[4831]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
      4. Apr 15 14:42:20 phoenix smbd[4831]: pdb backend ldapsam:ldaps://ldap.jumpcloud.com:636 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
      5. Apr 15 14:42:20 phoenix systemd[1]: Failed to start Samba SMB Daemon.
      6. -- Subject: Unit smbd.service has failed
      7. -- Defined-By: systemd
      8. -- Support: https://www.debian.org/support
      9. --
      10. -- Unit smbd.service has failed.
      11. --
      12. -- The result is failed.
      13. Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Unit entered failed state.
      14. Apr 15 14:42:20 phoenix systemd[1]: smbd.service: Failed with result 'exit-code'.
      Display All


      I also had a look at the smb.conf file once I had attempted to enable Samba with LDAP:

      Source Code

      1. [global]
      2. server string = %h
      3. ldap admin dn = uid=ldaps,ou=Users,o=*************REMOVED************,dc=jumpcloud,dc=com
      4. ldap group suffix = ou=Users
      5. ldap passwd sync = yes
      6. ldap ssl = no
      7. ldap suffix = o=*************REMOVED************,dc=jumpcloud,dc=com
      8. ldap user suffix = ou=Users
      9. log file = /var/log/samba/log.%m
      10. max log size = 1000
      11. syslog = 10
      12. syslog only = Yes
      13. panic action = /usr/share/samba/panic-action %d
      14. disable spoolss = Yes
      15. load printers = No
      16. printcap name = /dev/null
      17. client min protocol = SMB2
      18. pam password change = Yes
      19. passdb backend = ldapsam:ldaps://ldap.jumpcloud.com:636
      20. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
      21. passwd program = /usr/bin/passwd %u
      22. security = USER
      23. socket options = TCP_NODELAY IPTOS_LOWDELAY
      24. dns proxy = No
      25. ldapsam:trusted = no
      26. idmap config * : backend = tdb
      27. printing = bsd
      28. create mask = 0777
      29. directory mask = 0777
      30. aio read size = 16384
      31. aio write size = 16384
      32. use sendfile = Yes
      33. [OFFICESHARE]
      34. path = /srv/dev-disk-by-label-DATA/OFFICESHARE
      35. hide special files = Yes
      36. create mask = 0664
      37. directory mask = 0775
      38. force create mode = 0664
      39. force directory mode = 0775
      40. inherit acls = Yes
      41. inherit permissions = Yes
      42. read only = No
      43. [homes]
      44. comment = Home directories
      45. hide special files = Yes
      46. create mask = 0600
      47. directory mask = 0700
      48. force create mode = 0600
      49. force directory mode = 0700
      50. read only = No
      51. valid users = %S
      Display All


      I think the key line in this is

      Source Code

      1. ldap ssl = no


      I cannot edit this in smb.conf since the file gets overwritten and there is no option for changing this to

      Source Code

      1. ldap ssl = start_tls

      in the Samba settings page. FYI, LDAP is working and populating the users page in the webgui, and also returning users correctly using getent passwd.

      Anybody got any thoughts?

      Thanks for any help!
      Images
      • Screenshot from 2018-04-15 14-42-24.png

        24.07 kB, 401×227, viewed 325 times
    • Just an update for anyone who is following: I've found that editing this file (reference)

      Source Code

      1. /usr/share/openmediavault/mkconf/samba.d/15ldap

      allows me to change settings in the LDAP section of smb.conf. This is useful, since it has allowed me to try different values of the

      Source Code

      1. ldap ssl =
      setting that I referred to earlier. This hasn't allowed the samba service to be enabled, yet, but it is an advance on where I was earlier.

      Would still appreciate any input anyone can offer!
    • Hi subzero79,

      Thanks for your reply. I follow and understand that the modifications made would be erased on upgrade. I've taken a look at the 'New wiki' link in your signature, but respectfully it seems to be more of a brochure than an instruction booklet / howto. Do you mean a different wiki?

      Thanks again for your help!
    • Hi,

      I have not succeeded in successfully integrating the LDAP plugin for my needs. We have settled on a poor system of not changing passwords regularly for the short term. In the mid to long term, I plan to create a Windows domain to manage credentials. I'm not sure if OMV will be the solution for NAS needs at that stage. Apologies I cannot help further.