smbpasswd won't update it's user ACL file (which I assume is /etc/samba/private/secrets.tdb in newer versions of Samba). When I try, I get the following dialog: # smbpasswd fmouse Unknown parameter encountered: "passdb backend" Ignoring unknown parameter "passdb backend" New SMB password: Retype new SMB password: LDAPS option set...! fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb Failed to find entry for user fmouse. Failed to modify password entry for user fmouse I've installed openldap as per <http://www.gentoo.org/doc/en/ldap-howto.xml> but no-go here, either: # ldapsearch -D "cn=Manager,dc=genfic,dc=com" -W ldap_create Enter LDAP Password: ldap_pvt_sasl_getmech ldap_search put_filter: "(objectclass=*)" put_filter: simple put_simple_filter: "objectclass=*" [ ... lots of cruft, snip, snip!] TLS certificate verification: Error, self signed certificate tls_write: want=7, written=7 0000: 15 03 01 00 02 02 30 ......0 TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_sasl_interactive_bind_s: Can't contact LDAP server (81) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed All I really want to do is get samba going so I can back up files on an old Windows PC, and I don't really think I need to get off into SSL-land to get samba working. There oughta be a way to get this done w.o. bringing ldap/ssl into the picture, although I really wouldn't mind doing so if they worked.
This is not a help forum. If you have a bonifide bug, tell us what it is. Please use the mailing lists or discussion forums for support issues. Thank you.
I dont see a clearly indicated bug here, sorry.
I'm sorry if I was less clear here than I should have been. It was late, I'd been working on this for c.a. 8 hours, and I'm fighting a nasty head cold. I generally try to be a Good Guy and keep support issues where they belong and use this forum for genuine bugs. Stripping off the cruft, the bug (and I believe it's a live one) is that the online instructions for building openldap with TLS support direct one to generate a self-signed certificate, however certificate verification reports "TLS certificate verification: Error, self signed certificate." This should not be. Any time I follow online directions on a new ebuild and config, and the result doesn't work, then there's a problem, either with the directions or with the code, which needs to be addressed by someone else. Sorry if I was less than clear. If I'm in error here, then I stand corrected, and I won't presume to reopen this bug, but IMHO it needs developer attention and you may want to do so.
you may prefer to open a new bug about the openldap docs. i dont see a samba bug here, again, sorry. regards.
Donny, you're quite right about the fact that it's not a samba bug, and I'll repost it as an openldap doc bug. I had ldap turned on in my USE var list so the samba ebuild USEd it, so I solved the samba issue by rebuilding without ldap. Sorry for the confusion. At 4 AM after 10 hours or so of working on the problem, and running a fever, I was totally exhausted and frustrated, and not thinking as well as I should have been. What I hit was a real bug, but it deservers a different summary that disassociates it from samba.
