Bug 153756

Summary: ldapsmb unable to locate Administrator dn in secrets.tdb
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Forgotten User cNm3bozxnV <forgotten_cNm3bozxnV>
Component: OtherAssignee: Guenther Deschner <gd>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: forgotten_cNm3bozxnV
Version: unspecified   
Target Milestone: ---   
Hardware: x86-64   
OS: SuSE Linux 10.0   
Whiteboard:
Found By: Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: remove quotas from parameters

Description Forgotten User cNm3bozxnV 2006-02-27 17:47:42 UTC 
Though ldapsmb (v. 1.33) correctly autodetects the Admin DN, if fails to locate the corresponding password in /etc/samba/secrets.tdb

-------snip---------
angrenost:/usr/sbin # ldapsmb -v -l -u --debug 10
ldapsmb:parse_smbconf(1935)     parsing [/root/.ldapsmbrc]
ldapsmb:parse_smbconf(1935)     parsing [testparm]
ldapsmb:parse_conf_file(1928)   autodetected "ldap server":             "192.168.1.215"
ldapsmb:parse_conf_file(1928)   autodetected "ldap port":               "389"
ldapsmb:set_on_find(1928)       autodetected "ldap admin dn":           "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:set_on_find(1928)       autodetected "ldap group suffix":              ou=groups
ldapsmb:set_on_find(1928)       autodetected "ldap machine suffix":            ou=people
ldapsmb:set_on_find(1928)       autodetected "ldap suffix":             dc=tol-lamfirith,dc=org
ldapsmb:set_on_find(1928)       autodetected "ldap user suffix":               ou=people
ldapsmb:find_adminpwd_in_tdb(19 strange dn: "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:find_adminpwd_in_tdb(19 sorry. could not find your password in "secrets.tdb"
ldapsmb:find_adminpwd_in_tdb(19 either you set it in [/usr/sbin/ldapsmb] or you use "smbpasswd -w pwd" if you are running [/usr/sbin/ldapsmb] in local mode.
ldapsmb:find_adminpwd_in_tdb(19 exiting.
Use of uninitialized value in string eq at /usr/sbin/ldapsmb line 241.
ldapsmb:check_ldap_pwd(1935)    sorry. you're not root. please set up your password in /root/.ldapsmbrc or directly in /usr/sbin/ldapsmb
-------snip----------

The workaround for this is to modify line 128 of /usr/sbin/ldapsmb to include the correct DN (as provided in /etc/samba/smb.conf)

like so:
my $ADMIN_DN            =       "cn=Administrator,dc=tol-lamfirith,dc=org";
Comment 1 Guenther Deschner 2006-02-28 13:33:27 UTC 
Could you please retry with ldapsmb v. 1.34 and check if that failure is still there?

You can find a packaged version for SuSE Linux 10.0 here: ftp://ftp.suse.com/pub/projects/samba/3.0/i386/10.0/ldapsmb-1.34-16.1.4.i586.rpm
Comment 2 Forgotten User cNm3bozxnV 2006-02-28 15:02:31 UTC 
Same result with 1.34.

----------snip--------------
angrenost:~ # rpm -qa|grep ldapsmb
ldapsmb-1.34-16.1.4
angrenost:~ # md5sum /usr/sbin/ldapsmb
8ad86c5fa11020c413ecae4c628af530  /usr/sbin/ldapsmb

angrenost:~ # ldapsmb -l -u --debug 10
ldapsmb:parse_smbconf(2040)     parsing [/root/.ldapsmbrc]
ldapsmb:parse_smbconf(2040)     parsing [testparm]
ldapsmb:parse_conf_file(2033)   autodetected "ldap server":             "192.168.1.215"
ldapsmb:parse_conf_file(2033)   autodetected "ldap port":               "389"
ldapsmb:set_on_find(2033)       autodetected "ldap admin dn":           "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:set_on_find(2033)       autodetected "ldap group suffix":              ou=groups
ldapsmb:set_on_find(2033)       autodetected "ldap machine suffix":            ou=people
ldapsmb:set_on_find(2033)       autodetected "ldap suffix":             dc=tol-lamfirith,dc=org
ldapsmb:set_on_find(2033)       autodetected "ldap ssl":                start tls
ldapsmb:set_on_find(2033)       autodetected "ldap user suffix":               ou=people
ldapsmb:find_adminpwd_in_tdb(20 strange dn: "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:find_adminpwd_in_tdb(20 sorry. could not find your password in "secrets.tdb"
ldapsmb:find_adminpwd_in_tdb(20 either you set it in [/usr/sbin/ldapsmb] or you use "smbpasswd -w pwd" if you are running [/usr/sbin/ldapsmb] in local mode.
ldapsmb:find_adminpwd_in_tdb(20 exiting.
Use of uninitialized value in string eq at /usr/sbin/ldapsmb line 292.
ldapsmb:check_ldap_pwd(2040)    sorry. you're not root. please set up your password in /root/.ldapsmbrc or directly in /usr/sbin/ldapsmb





--------snip----------------
Comment 3 Guenther Deschner 2006-02-28 17:48:06 UTC 
Hm, cannot reproduce, could you send me your secrets.tdb via private mail? You may want to overwrite your old password with smbpasswd -w.
Comment 4 Guenther Deschner 2006-03-01 11:46:06 UTC 
Created attachment 70779 [details]
remove quotas from parameters
Comment 5 Guenther Deschner 2006-03-01 11:47:09 UTC 
Ok, got the fix; there will be new packages later. As a workaround just remove the quotes (") around your admin dn.

Thanks for the good feedback!
Comment 6 Guenther Deschner 2006-03-02 08:54:48 UTC 
Does it actually fix it?
Comment 7 Guenther Deschner 2006-03-02 15:42:01 UTC 
At least fixed upstream.
Comment 8 Forgotten User cNm3bozxnV 2006-03-08 15:48:39 UTC 
Hello, sorry, I was out of town, hence my late response.

I have verified that the workaround of removing the quotes from the ldap admin dn parameter in /etc/samba/smb.conf works with a virgin /usr/sbin/ldapsmb v1.33


The patched ldapsmb (patch applied to v1.33 /usr/sbin/ldapsmb from Comment #4) also fixes the problem (with the original quoted ldap admin dn paramter in /etc/samba/smb.conf).
Comment 9 Guenther Deschner 2006-03-10 10:54:00 UTC 
Thanks for the feedback, new tarballs can be found here:
http://www.hhrm.de/~gd/

This will get integrated into the SuSE packages next.