Bug 153756 - ldapsmb unable to locate Administrator dn in secrets.tdb
Summary: ldapsmb unable to locate Administrator dn in secrets.tdb
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Other (show other bugs)
Version: unspecified
Hardware: x86-64 SuSE Linux 10.0
: P5 - None : Normal
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-27 17:47 UTC by Forgotten User cNm3bozxnV
Modified: 2006-03-10 10:54 UTC (History)
1 user (show)

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
remove quotas from parameters (452 bytes, patch)
2006-03-01 11:46 UTC, Guenther Deschner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Forgotten User cNm3bozxnV 2006-02-27 17:47:42 UTC 
Though ldapsmb (v. 1.33) correctly autodetects the Admin DN, if fails to locate the corresponding password in /etc/samba/secrets.tdb

-------snip---------
angrenost:/usr/sbin # ldapsmb -v -l -u --debug 10
ldapsmb:parse_smbconf(1935)     parsing [/root/.ldapsmbrc]
ldapsmb:parse_smbconf(1935)     parsing [testparm]
ldapsmb:parse_conf_file(1928)   autodetected "ldap server":             "192.168.1.215"
ldapsmb:parse_conf_file(1928)   autodetected "ldap port":               "389"
ldapsmb:set_on_find(1928)       autodetected "ldap admin dn":           "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:set_on_find(1928)       autodetected "ldap group suffix":              ou=groups
ldapsmb:set_on_find(1928)       autodetected "ldap machine suffix":            ou=people
ldapsmb:set_on_find(1928)       autodetected "ldap suffix":             dc=tol-lamfirith,dc=org
ldapsmb:set_on_find(1928)       autodetected "ldap user suffix":               ou=people
ldapsmb:find_adminpwd_in_tdb(19 strange dn: "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:find_adminpwd_in_tdb(19 sorry. could not find your password in "secrets.tdb"
ldapsmb:find_adminpwd_in_tdb(19 either you set it in [/usr/sbin/ldapsmb] or you use "smbpasswd -w pwd" if you are running [/usr/sbin/ldapsmb] in local mode.
ldapsmb:find_adminpwd_in_tdb(19 exiting.
Use of uninitialized value in string eq at /usr/sbin/ldapsmb line 241.
ldapsmb:check_ldap_pwd(1935)    sorry. you're not root. please set up your password in /root/.ldapsmbrc or directly in /usr/sbin/ldapsmb
-------snip----------

The workaround for this is to modify line 128 of /usr/sbin/ldapsmb to include the correct DN (as provided in /etc/samba/smb.conf)

like so:
my $ADMIN_DN            =       "cn=Administrator,dc=tol-lamfirith,dc=org";
Comment 1 Guenther Deschner 2006-02-28 13:33:27 UTC 
Could you please retry with ldapsmb v. 1.34 and check if that failure is still there?

You can find a packaged version for SuSE Linux 10.0 here: ftp://ftp.suse.com/pub/projects/samba/3.0/i386/10.0/ldapsmb-1.34-16.1.4.i586.rpm
Comment 2 Forgotten User cNm3bozxnV 2006-02-28 15:02:31 UTC 
Same result with 1.34.

----------snip--------------
angrenost:~ # rpm -qa|grep ldapsmb
ldapsmb-1.34-16.1.4
angrenost:~ # md5sum /usr/sbin/ldapsmb
8ad86c5fa11020c413ecae4c628af530  /usr/sbin/ldapsmb

angrenost:~ # ldapsmb -l -u --debug 10
ldapsmb:parse_smbconf(2040)     parsing [/root/.ldapsmbrc]
ldapsmb:parse_smbconf(2040)     parsing [testparm]
ldapsmb:parse_conf_file(2033)   autodetected "ldap server":             "192.168.1.215"
ldapsmb:parse_conf_file(2033)   autodetected "ldap port":               "389"
ldapsmb:set_on_find(2033)       autodetected "ldap admin dn":           "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:set_on_find(2033)       autodetected "ldap group suffix":              ou=groups
ldapsmb:set_on_find(2033)       autodetected "ldap machine suffix":            ou=people
ldapsmb:set_on_find(2033)       autodetected "ldap suffix":             dc=tol-lamfirith,dc=org
ldapsmb:set_on_find(2033)       autodetected "ldap ssl":                start tls
ldapsmb:set_on_find(2033)       autodetected "ldap user suffix":               ou=people
ldapsmb:find_adminpwd_in_tdb(20 strange dn: "cn=Administrator,dc=tol-lamfirith,dc=org"
ldapsmb:find_adminpwd_in_tdb(20 sorry. could not find your password in "secrets.tdb"
ldapsmb:find_adminpwd_in_tdb(20 either you set it in [/usr/sbin/ldapsmb] or you use "smbpasswd -w pwd" if you are running [/usr/sbin/ldapsmb] in local mode.
ldapsmb:find_adminpwd_in_tdb(20 exiting.
Use of uninitialized value in string eq at /usr/sbin/ldapsmb line 292.
ldapsmb:check_ldap_pwd(2040)    sorry. you're not root. please set up your password in /root/.ldapsmbrc or directly in /usr/sbin/ldapsmb





--------snip----------------
Comment 3 Guenther Deschner 2006-02-28 17:48:06 UTC 
Hm, cannot reproduce, could you send me your secrets.tdb via private mail? You may want to overwrite your old password with smbpasswd -w.
Comment 4 Guenther Deschner 2006-03-01 11:46:06 UTC 
Created attachment 70779 [details]
remove quotas from parameters
Comment 5 Guenther Deschner 2006-03-01 11:47:09 UTC 
Ok, got the fix; there will be new packages later. As a workaround just remove the quotes (") around your admin dn.

Thanks for the good feedback!
Comment 6 Guenther Deschner 2006-03-02 08:54:48 UTC 
Does it actually fix it?
Comment 7 Guenther Deschner 2006-03-02 15:42:01 UTC 
At least fixed upstream.
Comment 8 Forgotten User cNm3bozxnV 2006-03-08 15:48:39 UTC 
Hello, sorry, I was out of town, hence my late response.

I have verified that the workaround of removing the quotes from the ldap admin dn parameter in /etc/samba/smb.conf works with a virgin /usr/sbin/ldapsmb v1.33


The patched ldapsmb (patch applied to v1.33 /usr/sbin/ldapsmb from Comment #4) also fixes the problem (with the original quoted ldap admin dn paramter in /etc/samba/smb.conf).
Comment 9 Guenther Deschner 2006-03-10 10:54:00 UTC 
Thanks for the feedback, new tarballs can be found here:
http://www.hhrm.de/~gd/

This will get integrated into the SuSE packages next.