Samba with LDAP backend using Jumpcloud DaaS

  • Hi everyone,


    First time posting, but have been reading plenty of your posts! I'm setting up Samba with LDAP using jumpcloud's directory as a service. Jumpcloud will only work with either SSL or TLS enabled in Samba. When I enable Samba with the LDAP backend I'm getting an error:


    Leading me to look at the output from systemctl status:



    and journalctl (key lines only):



    I also had a look at the smb.conf file once I had attempted to enable Samba with LDAP:


    I think the key line in this is


    Code
    ldap ssl = no


    I cannot edit this in smb.conf since the file gets overwritten and there is no option for changing this to

    Code
    ldap ssl = start_tls


    in the Samba settings page. FYI, LDAP is working and populating the users page in the webgui, and also returning users correctly using getent passwd.


    Anybody got any thoughts?


    Thanks for any help!

  • Just an update for anyone who is following: I've found that editing this file (reference)


    Code
    /usr/share/openmediavault/mkconf/samba.d/15ldap


    allows me to change settings in the LDAP section of smb.conf. This is useful, since it has allowed me to try different values of the

    Code
    ldap ssl =

    setting that I referred to earlier. This hasn't allowed the samba service to be enabled, yet, but it is an advance on where I was earlier.


    Would still appreciate any input anyone can offer!

  • Hi subzero79,


    Thanks for your reply. I follow and understand that the modifications made would be erased on upgrade. I've taken a look at the 'New wiki' link in your signature, but respectfully it seems to be more of a brochure than an instruction booklet / howto. Do you mean a different wiki?


    Thanks again for your help!

  • Hi,


    i'm also trying to get JumpCloud working with LDAP plugin. I'm getting the same error as you, may you can help with me with the configuration/changes?

  • Hi,


    I have not succeeded in successfully integrating the LDAP plugin for my needs. We have settled on a poor system of not changing passwords regularly for the short term. In the mid to long term, I plan to create a Windows domain to manage credentials. I'm not sure if OMV will be the solution for NAS needs at that stage. Apologies I cannot help further.

  • I am also getting error like -


    May 19 11:54:14 openmediavault smbd[7754]: 0000200A: objectclass sambaDomain is not a valid objectClass in schema
    May 19 11:54:14 openmediavault systemd[1]: Failed to start Samba SMB Daemon.
    -- Subject: Unit smbd.service has failed
    -- Defined-By: systemd
    -- Support: https://www.debian.org/support
    --
    -- Unit smbd.service has failed.
    --
    -- The result is failed.
    May 19 11:54:14 openmediavault smbd[7754]: [2019/05/19 11:54:14.216507, 0] ../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
    May 19 11:54:14 openmediavault systemd[1]: smbd.service: Unit entered failed state.
    May 19 11:54:14 openmediavault smbd[7754]: smbldap_search_domain_info: Adding domain info for OPENMEDIAVAULT failed with NT_STATUS_UNSUCCESSFUL
    May 19 11:54:14 openmediavault systemd[1]: smbd.service: Failed with result 'exit-code'.
    May 19 11:54:14 openmediavault smbd[7754]: [2019/05/19 11:54:14.216536, 0] ../source3/passdb/pdb_ldap.c:6540(pdb_ldapsam_init_common)
    May 19 11:54:14 openmediavault smbd[7754]: pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably
    without it.
    May 19 11:54:14 openmediavault smbd[7754]: [2019/05/19 11:54:14.216554, 0] ../source3/passdb/pdb_interface.c:180(make_pdb_method_name)
    May 19 11:54:14 openmediavault smbd[7754]: pdb backend ldapsam:ldap://192.168.1.180:389 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOM



    Anyone any guide to fix this. I am not able to start SMB after adding LDAP service.

  • Hi, sorry for english, I'm brazilian and I'm using Google Translate.


    I started doing some tests with SMB and LDAP on OMV during the past week and had some similar problems. The service did not start and gave some errors when trying to register the server SMB in openLDAP.



    I was able to resolve this only after importing the Samba schema into the LDAP base. Here are the links to the tutorials that helped me with this:


    https://help.ubuntu.com/lts/serverguide/samba-ldap.html.en
    https://help.ubuntu.com/lts/se…en#openldap-configuration


    I hope you can help, see you later!

  • Hi keven


    I've been trying to follow the steps on the guides you've linked to get my jumpcloud LDAP connected. The "smbldap-config" script was missing from the "smbldap-tools" package so I manually installed a new smbldap-tools debian package named "smbldap-tools_0.9.9-1ubuntu3_all.deb" and after that I was able to run the config script. I was able to get to the this point


    "sudo smbldap-populate -g 10000 -u 10000 -r 10000".


    "adding new entry: dc=jumpcloud,dc=com
    failed to add entry: Referral received at /usr/sbin/smbldap-populate line 500.
    adding new entry: ou=Users,dc=jumpcloud,dc=com
    failed to add entry: Referral received at /usr/sbin/smbldap-populate line 500.
    failed to search entry: invalid DN at /usr/sbin/smbldap-populate line 480."


Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!