[Bug 730046] New: LDAP server: Samba cannot talk to LDAP over TLS

newer
[Bug 731571] New: Samba crash when...

bugzilla_noreply＠novell.com

13 Nov 2011 13 Nov '11

07:13

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c0 Summary: LDAP server: Samba cannot talk to LDAP over TLS Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lynn@steve-ss.com QAContact: jsrain@suse.com Found By: --- Blocker: --- Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) The samba config file User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2 When using TLS between Samba and LDAP, the folowing error occurs: Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: I feel that this is an important security issue and I have offered a solution. Could you also fix it for 12.1? Reproducible: Always Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) 8 ldap client - advanced configuration - create default config 9. Samba server - Identity - PDC - Ldap settings - use ldap 10. Give root password so that other machines can join the samba created domain. Actual Results: Samba does not communicate with LDAP over tls. See error above. Expected Results: Samba connects to LDAP over a TLS connection It seems that the CA certificate is not being detected. The problem can be solved by adding: TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem to /etc/openldap/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

14 Nov 14 Nov

09:02

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c1 Lars Müller changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com --- Comment #1 from Lars Müller 2011-11-14 10:02:16 CET --- This issue got discussed in a thread at an openSUSE list http://lists.opensuse.org/opensuse/2011-11/msg00363.html @Lynn: Please add the pointer(s) to the list archive at https://lists.samba.org/ too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:35

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c2 --- Comment #2 from lynn wilson 2011-11-14 12:35:31 UTC --- https://lists.samba.org/archive/samba/2011-November/164820.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

18 Nov 18 Nov

10:27

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c3 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #3 from lynn wilson 2011-11-18 10:27:40 UTC --- Info has been given. Any news? Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

24 Nov 24 Nov

16:11

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c4 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |lmuelle@suse.com, | |rhafer@suse.com InfoProvider| |lynn@steve-ss.com --- Comment #4 from Ralf Haferkamp 2011-11-24 17:11:53 CET --- (In reply to comment #0)

...

Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] The samba config file

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2

When using TLS between Samba and LDAP, the folowing error occurs:

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: When do you get this error message? Always when starting smbd or only when booting?

I get this message when booting into the system and that seems to be an issue with either samba's or slapd's init script or systemd. Samba seems to be started before OpenLDAP is accepting incoming requests. When using sysvinit the OpenLDAP initscript takes care the it does not succeed until the Server is able to process request (by doing some ldapsearch magic). But I also see that samba's init script does not have a dependency on OpenLDAP. Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

...

I feel that this is an important security issue and I have offered a solution.

...

Reproducible: Always

Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) There is. Either just enter a file:/// URL or go to the advanced settings. There you'll find option to either select a file or directory manually. I agree

I don't see yet why this should be a security issue. [..] though that it could be implemented better from a usuabilty point of view. OTOH, if you setup the LDAP Server on the localhost you shouldn't need to configure any TLS Settings in ldap-client. The yast2-ldap-server module already configures that for you (at least it did here).

...

Actual Results: Samba does not communicate with LDAP over tls. See error above. Hm, I only get this error once when booting it still seems to work afterwards.

...

It seems that the CA certificate is not being detected.

The problem can be solved by adding:

TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem Usually yast2-ldap-client does this already. Please attach YaST logs (/var/log/YaST/*)

...

to /etc/openldap/ldap.conf

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:19

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c5 --- Comment #5 from lynn wilson 2011-11-24 17:19:53 UTC --- Created an attachment (id=463990) --> (http://bugzilla.novell.com/attachment.cgi?id=463990) /var/log/y2log Included to remove NEEDINFO -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:23

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c6 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #6 from lynn wilson 2011-11-24 17:23:15 UTC --- Yast produces this: /etc/openldap> cat ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never uri ldap://hh1.site base dc=site TLS_CACERTDIR /etc/openldap/cacerts/ The certificate is not found and Samba cannot communicate with LDAP via TLS. Yast does not add the two lines I have given in my solution to this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:46

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c7 --- Comment #7 from lynn wilson 2011-11-24 17:46:47 UTC --- I sent the y2log corresponding to the Yast LDAP client only. But I see that you wanted the whole lot! I tarred the files but it will not let me send anything over 10Mb. Do you really need everything? Do you want me to ftp is somewhere? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:55

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c8 --- Comment #8 from lynn wilson 2011-11-24 17:55:36 UTC --- (In reply to comment #4)

...

(In reply to comment #0)

...
Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] [details] The samba config file

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2

When using TLS between Samba and LDAP, the folowing error occurs:

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: When do you get this error message? Always when starting smbd or only when booting?

I get this message when booting into the system and that seems to be an issue with either samba's or slapd's init script or systemd. Samba seems to be started before OpenLDAP is accepting incoming requests. When using sysvinit the OpenLDAP initscript takes care the it does not succeed until the Server is able to process request (by doing some ldapsearch magic). But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

...
I feel that this is an important security issue and I have offered a solution.

I don't see yet why this should be a security issue.

[..]

...
Reproducible: Always

Steps to Reproduce: 1.Using Yast throughout 2.Create root CA 3.Enter it. create and export common server certificaes 4.Make sure that your FQDN matches the CN of the certificates. 5. LDAP server - use tls - use common server certificate 6. Copy YaST-CA.pem to /srv/www/htdocs 7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver) There is. Either just enter a file:/// URL or go to the advanced settings.

There are no 'advanced settings'. I think you mean ;Advanced Configuration.' no?

...

There you'll find option to either select a file or directory manually. though that it could be implemented better from a usuabilty point of view.e

It really does need improving. It's almost as bad as the Yast printer setup module. Only joking. Yast chooses: /etc/openldap/cacerts/

...

OTOH, if you setup the LDAP Server on the localhost you shouldn't need to configure any TLS Settings in ldap-client. The yast2-ldap-server module already configures that for you (at least it did here).

...
Actual Results: Samba does not communicate with LDAP over tls. See error above. Hm, I only get this error once when booting it still seems to work afterwards.

...
It seems that the CA certificate is not being detected.

The problem can be solved by adding:

TLS_REQCERT hard TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem Usually yast2-ldap-client does this already. Please attach YaST logs (/var/log/YaST/*)

...
to /etc/openldap/ldap.conf

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:56

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c9 --- Comment #9 from lynn wilson 2011-11-24 17:56:32 UTC --- Reproduced on 11.3 and 12.1. Both 32 and 64 bit. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

25 Nov 25 Nov

08:35

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

...

Yast produces this: [..] uri ldap://hh1.site base dc=site TLS_CACERTDIR /etc/openldap/cacerts/

The certificate is not found and Samba cannot communicate with LDAP via TLS. Yast does not add the two lines I have given in my solution to this. TLS_REQCERT hard doesn't need to be added because it is the hardcoded default when no setting is

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c10 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com AssignedTo|bnc-team-screening@forge.pr |rhafer@suse.com |ovo.novell.com | --- Comment #10 from Ralf Haferkamp 2011-11-25 09:35:23 CET --- (In reply to comment #6) present. Can you please attach the output of "ls -l /etc/openldap/cacerts/" it should contain some symlinks named similar to this: e113c810.0. If it doesn't then that is the reason that Samba is not able to read the certificates when using TLS_CACERTDIR instead of TLS_CACERT. (In reply to comment #7)

...

I sent the y2log corresponding to the Yast LDAP client only. But I see that you wanted the whole lot! I tarred the files but it will not let me send anything over 10Mb. Do you really need everything? Do you want me to ftp is somewhere? y2log should be enough for now. But could you please additionally attach the output of: ldapsearch -x -ZZ -d -1 -b "" -s base +

(In reply to comment #8)

...

(In reply to comment #4)

...
(In reply to comment #0)

...
Created an attachment (id=461810) --> (http://bugzilla.novell.com/attachment.cgi?id=461810) [details] [details] [details] [..] There is. Either just enter a file:/// URL or go to the advanced settings.

There are no 'advanced settings'. I think you mean ;Advanced Configuration.' no? Yes, sorry. I was using the german localization on my test system didn't remember the correct button label in english.

...

...
There you'll find option to either select a file or directory manually. though that it could be implemented better from a usuabilty point of view.e

It really does need improving. It's almost as bad as the Yast printer setup module. Only joking. :)

...

Yast chooses: /etc/openldap/cacerts/ Yes, because that is where YaST put the certificate after downloading it.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

08:57

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c11 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #11 from lynn wilson 2011-11-25 08:57:27 UTC --- Created an attachment (id=464047) --> (http://bugzilla.novell.com/attachment.cgi?id=464047) ldap search as requested -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

09:00

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c12 --- Comment #12 from lynn wilson 2011-11-25 09:00:13 UTC --- ls -l /etc/openldap/cacerts/ total 8 lrwxrwxrwx 1 root root 10 Nov 24 18:00 513085ff.0 -> cacert.pem lrwxrwxrwx 1 root root 10 Nov 24 18:00 792682eb.0 -> cacert.pem -rw-r--r-- 1 root root 3056 Nov 24 18:00 cacert.pem Please remember that this is about Samba connecting to LDAP, not a user logging in from a linux client. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

09:30

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c13 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com --- Comment #13 from Ralf Haferkamp 2011-11-25 10:30:05 CET --- (In reply to comment #11)

...

Created an attachment (id=464047) --> (http://bugzilla.novell.com/attachment.cgi?id=464047) [details] ldap search as requested This is missing the debug output I requested. Either you forget to attach the stderr output I request or you did add the "-d -1" command line options to the ldapsearch command. Please attach the complete output. Also paste your TLS_* settings in /etc/openldap/ldap.conf that were in use when running that command.

(In reply to comment #12)

...

ls -l /etc/openldap/cacerts/ total 8 lrwxrwxrwx 1 root root 10 Nov 24 18:00 513085ff.0 -> cacert.pem lrwxrwxrwx 1 root root 10 Nov 24 18:00 792682eb.0 -> cacert.pem -rw-r--r-- 1 root root 3056 Nov 24 18:00 cacert.pem Hm, this looks good actually.

...

Please remember that this is about Samba connecting to LDAP, not a user logging in from a linux client. I know. But the error messages you got from Samba seemed to indicate that something is wrong with your general LDAP setup. For Samba it should make no difference whether TLS_CACERTDIR or TLS_CACERT is used, as long as the directory is setup properly.

BTW, you seem to have overlooked one of my question from comment#4:

...

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction:

When do you get this error message? Always when starting smbd or only when booting? What output does "pdbedit -L" give you? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:18

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c14 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #14 from lynn wilson 2011-11-25 10:18:54 UTC --- 'When do you get this error message? Always when starting smbd or only when booting? What output does "pdbedit -L" give you?' Without my addition to /etc/openldap/ldap.conf this error occurs always on boot and when restarting Samba. With my 2 line workaround it connects fine: without: .

...

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556, 0] lib/smbldap.c:731(smb_ldap_start_tls) Nov 10 11:20:16 hh1 smbd[6066]: Failed to issue the StartTLS instruction: TLS does not work.

With my workaround: Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 ACCEPT from IP=192.168.1.2:55442 (IP=0.0.0. Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 STARTTLS Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 RESULT oid= err=0 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 TLS established tls_ssf=256 ssf=256 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" method=128 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" mech=SIMPLE ssf=0 Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 RESULT tag=97 err=0 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH base="" scope=0 deref=0 filter="(object Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH attr=supportedControl Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH base="dc=site" scope=2 deref=0 filter=" Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH attr=sambaDomainName sambaNextRid samba Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH base="dc=site" scope=2 deref=0 filter=" Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH attr=gidNumber sambaSID sambaGroupType TLS works fine - - - grep -v "#" ldap.conf base dc=site bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://hh1.site ldap_version 3 pam_filter objectClass=posixAccount tls_cacertfile /etc/openldap/cacert.pem - - - pdbedit -L root:0:root <snip> COMPUTER_1$:10001:COMPUTER_1$ STEVE-PC$:10002:STEVE-PC$ <snip> lynn2:1001:l steve2:1003:s It doesn't really matter. _I_ know how to fix it. But that's selfish. The point is, I'd like to help others to use Yast too. Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? It's only one or two lines in /etc/openldap/ldap.conf. Thanks L x -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11:03

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c15 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com Severity|Major |Critical --- Comment #15 from Ralf Haferkamp 2011-11-25 12:03:31 CET --- (In reply to comment #14) [..]

...

grep -v "#" ldap.conf base dc=site bind_policy soft pam_lookup_policy yes pam_password exop nss_initgroups_ignoreusers root,ldap nss_schema rfc2307bis nss_map_attribute uniqueMember member ssl start_tls uri ldap://hh1.site ldap_version 3 pam_filter objectClass=posixAccount tls_cacertfile /etc/openldap/cacert.pem Now this is not /etc/openldap/ldap.conf but /etc/ldap.conf. And it contains yet another certificate configuration. So which one acutally is the correct certificate? /etc/openldap/cacert.pem or /etc/openldap/cacerts/YaST-CA.pem (which you said you have in configured in /etc/openldap/ldap.conf in your initial comment) or even: /etc/openldap/certs/cacert.pem

...

Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? Because it shouldn't be needed. And I am trying to find out why YaST created a broken setup in your case. We should fix the real issue instead of adding workarounds. For Samba it doesn't matter if TLS_CACERTDIR or TLS_CACERT are used unless there is either a bug in samba or the openldap client libs. At least when the correct certificate is present in TLS_CACERTDIR and the dir is properly hashed with c_rehash (which it seems to be in your case).

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11:33

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c16 --- Comment #16 from Lars Müller 2011-11-25 12:32:59 CET --- (In reply to comment #4) [ 8< ]

...

But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

Sounds reasonable. The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:50

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c17 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #17 from lynn wilson 2011-11-25 14:50:12 UTC --- /etc/openldap/cacerts/YaST-CA.pem was with 11.4 using Yast CA Management (when CA Management module in Yast worked). With 12.1, Yast CA Management is broken so I made my own certificates using openssl. with 12.1, I put the cert in: /etc/openldap The error is the same whether you use the YaST-CA.pem created via Yast (in the days when CA Management module worked) or my openssl created cacert.pem. (In reply to comment #16)

...

(In reply to comment #4) [ 8< ]

...
But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

Sounds reasonable.

The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.

Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:00

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c18 --- Comment #18 from Bernhard Wiedemann 2011-11-25 18:00:52 CET --- This is an autogenerated message for OBS integration: This bug (730046) was mentioned in https://build.opensuse.org/request/show/93688 Factory / samba -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

23:32

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c19 --- Comment #19 from Lars Müller 2011-11-26 00:32:21 CET --- (In reply to comment #17) [ 8< ]

...

...
[ 8< ]

...
But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

Sounds reasonable.

The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.

Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers.

Sorry, you missed the point. We talked about the service dependencies as they're defined in the init scripts "headers". In this particular case these two lines show how it will soon look in openSUSE after submit request #93688 got accepted: # Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap This is all not about your particular use case. This is about how we design the service dependencies in general and abstract. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

26 Nov 26 Nov

06:00

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c20 --- Comment #20 from lynn wilson 2011-11-26 06:00:20 UTC --- (In reply to comment #19)

...

(In reply to comment #17) [ 8< ]

...
...
[ 8< ]

...
But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

Sounds reasonable.

The only potential issue I see is: You run Samba without using the ldap service. But I can't see how this would add more harm.

Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers.

Sorry, you missed the point. We talked about the service dependencies as they're defined in the init scripts "headers".

In this particular case these two lines show how it will soon look in openSUSE after submit request #93688 got accepted:

# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap

This is all not about your particular use case. This is about how we design the service dependencies in general and abstract.

Lars, thanks for taking the time to explain this. I'm not a programmer nor bug fixer but know enough about LDAP to set up a server. So sometimes I cannot understand what you are saying at your level of understanding. I'm not a newbie either but sometimes bug reporting goes way over the top of the original requester and branches out to places that a user on my level has no comprehension of. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

06:06

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c21 --- Comment #21 from lynn wilson 2011-11-26 06:06:52 UTC --- Sorry to ask but this has got to a stage where I feel useless and feel that I am wasting your time but have you actually reproduced the bug? Have you seen for yourselves that doing what I did does not do what it ought to do? I can reproduce the bug in 12.1. Will any future solution also be carried forward to 12.1 too? Does the comment

...

# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap mean that this is a fix? Will it now be submitted and the bug solved? Thanks.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:59

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c22 --- Comment #22 from Lars Müller 2011-11-26 13:59:30 CET --- Ralf is working on the actual issue as he stated in comment #15. See in comment 16 why I replied. EOT from my side. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

20 Dec 20 Dec

02:01

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c23 --- Comment #23 from Bernhard Wiedemann 2011-12-20 03:01:12 CET --- This is an autogenerated message for OBS integration: This bug (730046) was mentioned in https://build.opensuse.org/request/show/97141 Factory / samba -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:01

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c24 --- Comment #24 from Bernhard Wiedemann 2011-12-20 15:01:13 CET --- This is an autogenerated message for OBS integration: This bug (730046) was mentioned in https://build.opensuse.org/request/show/97212 Factory / samba -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11 Jan 11 Jan

09:57

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c25 --- Comment #25 from Ralf Haferkamp 2012-01-11 10:56:58 CET --- (In reply to comment #21)

...

Sorry to ask but this has got to a stage where I feel useless and feel that I am wasting your time but have you actually reproduced the bug? Have you seen for yourselves that doing what I did does not do what it ought to do? No, I was not able to reproduce your problems.

...

I can reproduce the bug in 12.1. Will any future solution also be carried forward to 12.1 too? If we find a bug we will of course include the fix in 12.1.

...

Does the comment

...
# Should-Start: cupsd winbind nmb ldap # Should-Stop: cupsd winbind nmb ldap mean that this is a fix? Will it now be submitted and the bug solved? No, this was just a separate issue we found while trying to analyze this bug.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:08

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c26 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com --- Comment #26 from Ralf Haferkamp 2012-01-11 11:08:31 CET --- Now, to get forward with the real issues could you please provide me with some more information? I suggest to focus on 12.1 for now as this is the most current openSUSE release (backports to older releases can be done once we found the problem). So please provide every bit of the requested info from your 12.1 System. 1. Please attach the following configuration files: /etc/openldap/ldap.conf /etc/ldap.conf /etc/samba/smb.conf /etc/sysconfig/ldap 2. Please attach the complete (including the debug log!) output of this command, executed on the machine that is supposed to run the samba server: ldapsearch -x -ZZ -d -1 -H ldap://hh1.site -b "" -s base + -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:04

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c27 --- Comment #27 from lynn wilson 2012-01-11 12:04:03 UTC --- Created an attachment (id=470679) --> (http://bugzilla.novell.com/attachment.cgi?id=470679) /etc/openldap/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:05

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c28 --- Comment #28 from lynn wilson 2012-01-11 12:05:17 UTC --- Created an attachment (id=470680) --> (http://bugzilla.novell.com/attachment.cgi?id=470680) /etc/ldap.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:13

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c29 --- Comment #29 from lynn wilson 2012-01-11 12:13:18 UTC --- Created an attachment (id=470684) --> (http://bugzilla.novell.com/attachment.cgi?id=470684) smb.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:14

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c30 --- Comment #30 from lynn wilson 2012-01-11 12:14:14 UTC --- Created an attachment (id=470686) --> (http://bugzilla.novell.com/attachment.cgi?id=470686) /etc/sysconfig/ldap -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:21

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c31 lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | --- Comment #31 from lynn wilson 2012-01-11 12:21:40 UTC --- ldapsearch -x -ZZ -d -1 -H ldap://hh1.site -b "" -s base + ldap_url_parse_ext(ldap://hh1.site) ldap_create ldap_url_parse_ext(ldap://hh1.site:389/??base) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP hh1.site:389 ldap_connect_to_host: getaddrinfo failed: Name or service not known ldap_err2string ldap_start_tls: Can't contact LDAP server (-1) /var/log/mesages Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 fd=15 ACCEPT from IP=192.168.1.2:44755 (IP=0.0.0.0:389) Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 STARTTLS Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 RESULT oid= err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 fd=15 TLS established tls_ssf=256 ssf=256 Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 BIND dn="cn=admin,dc=hh1,dc=site" method=128 Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 BIND dn="cn=admin,dc=hh1,dc=site" mech=SIMPLE ssf=0 Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 RESULT tag=97 err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SRCH attr=supportedControl Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=hh2))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SRCH attr=sambaPwdHistoryLength Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SRCH attr=sambaMaxPwdAge Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-1000)(sambaSIDList=s-1-22-2-0)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-11)))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SRCH attr=sambaSID Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 ACCEPT from IP=192.168.1.2:44756 (IP=0.0.0.0:389) Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 STARTTLS Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 RESULT oid= err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 TLS established tls_ssf=256 ssf=256 Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=1 BIND dn="" method=128 Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=1 RESULT tag=97 err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1002 deferring operation: binding Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 closed (connection lost) Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 ACCEPT from IP=192.168.1.2:44757 (IP=0.0.0.0:389) Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 STARTTLS Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 RESULT oid= err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 TLS established tls_ssf=256 ssf=256 Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=1 BIND dn="" method=128 Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=1 RESULT tag=97 err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1003 deferring operation: binding Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 closed (connection lost) Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 ACCEPT from IP=192.168.1.2:44758 (IP=0.0.0.0:389) Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 STARTTLS Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 RESULT oid= err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 TLS established tls_ssf=256 ssf=256 Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=1 BIND dn="" method=128 Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=1 RESULT tag=97 err=0 text= Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1004 deferring operation: binding Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 closed (connection lost) Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-501)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-513)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-546)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SRCH attr=sambaSID Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-546))" Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:13:43 hh1 nmb[6427]: Shutting down Samba NMB daemon ..done Jan 11 13:13:43 hh1 nmb[6436]: Starting Samba NMB daemon ..done Jan 11 13:17:05 hh1 dbus[813]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) Jan 11 13:17:05 hh1 dbus-daemon[813]: dbus[813]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) Jan 11 13:17:05 hh1 dbus-daemon[813]: (packagekitd:6483): PackageKit-Zypp-DEBUG: zypp_backend_initialize Jan 11 13:17:05 hh1 dbus-daemon[813]: dbus[813]: [system] Successfully activated service 'org.freedesktop.PackageKit' Jan 11 13:17:05 hh1 dbus[813]: [system] Successfully activated service 'org.freedesktop.PackageKit' Jan 11 13:17:25 hh1 dbus-daemon[813]: (packagekitd:6483): PackageKit-Zypp-DEBUG: zypp_backend_destroy Jan 11 13:18:18 hh1 su: (to root) steve on /dev/pts/1 Jan 11 13:18:39 hh1 slapd[6382]: conn=1001 op=36 UNBIND Jan 11 13:18:39 hh1 slapd[6382]: conn=1001 fd=15 closed Jan 11 13:20:32 hh1 smb[6560]: Shutting down Samba SMB daemon ..done Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 fd=15 ACCEPT from IP=192.168.1.2:44766 (IP=0.0.0.0:389) Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 STARTTLS Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 RESULT oid= err=0 text= Jan 11 13:20:33 hh1 smb[6569]: Starting Samba SMB daemon ..done Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 fd=15 TLS established tls_ssf=256 ssf=256 Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 BIND dn="cn=admin,dc=hh1,dc=site" method=128 Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 BIND dn="cn=admin,dc=hh1,dc=site" mech=SIMPLE ssf=0 Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 RESULT tag=97 err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1005 deferring operation: binding Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SRCH attr=supportedControl Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=hh2))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SRCH attr=sambaPwdHistoryLength Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SRCH attr=sambaMaxPwdAge Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-1000)(sambaSIDList=s-1-22-2-0)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-11)))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SRCH attr=sambaSID Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 ACCEPT from IP=192.168.1.2:44767 (IP=0.0.0.0:389) Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 STARTTLS Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 RESULT oid= err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 TLS established tls_ssf=256 ssf=256 Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=1 BIND dn="" method=128 Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=1 RESULT tag=97 err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1006 deferring operation: binding Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 closed (connection lost) Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 ACCEPT from IP=192.168.1.2:44768 (IP=0.0.0.0:389) Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 STARTTLS Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 RESULT oid= err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 TLS established tls_ssf=256 ssf=256 Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=1 BIND dn="" method=128 Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=1 RESULT tag=97 err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1007 deferring operation: binding Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 closed (connection lost) Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 ACCEPT from IP=192.168.1.2:44769 (IP=0.0.0.0:389) Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 STARTTLS Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 RESULT oid= err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 TLS established tls_ssf=256 ssf=256 Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=1 BIND dn="" method=128 Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=1 RESULT tag=97 err=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 closed (connection lost) Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-501)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-513)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-546)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SRCH attr=sambaSID Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SEARCH RESULT tag=101 err=0 nentries=0 text= Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-546))" Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SEARCH RESULT tag=101 err=0 nentries=0 text= -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:39

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c32 --- Comment #32 from lynn wilson 2012-01-11 12:39:55 UTC --- Created an attachment (id=470692) --> (http://bugzilla.novell.com/attachment.cgi?id=470692) ldapsearch -x -ZZ -d -1 -H ldap://hh1.hh1.site -b "" -s base + -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:41

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Critical |Minor -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:50

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #470686|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:50

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #470680|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

12:51

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #470679|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13:01

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c33 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |lynn@steve-ss.com --- Comment #33 from Ralf Haferkamp 2012-01-11 14:01:31 CET --- These attachments seem to come from a server where samba is actually working with StartTLS. I'd need the same information from a non-working machine to be able to debug anything. (Sorry for not pointing that out explicitly) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13:17

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c34 --- Comment #34 from lynn wilson 2012-01-11 13:17:09 UTC --- Hi Ralph Don't need the workaround anymore if the tls_cacert is specified as a file in /etc/openldap/ldap.conf Sorry, but can't reproduce the original error as am now in production on this server. Mark as resolved and reopen if anyone else finds it? Thanks for your effort. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13:17

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c lynn wilson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lynn@steve-ss.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13:32

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c35 Ralf Haferkamp changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #35 from Ralf Haferkamp 2012-01-11 14:32:40 CET --- Resolving as per comment#34 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

30 Jan 30 Jan

12:01

New subject: [Bug 730046] LDAP server: Samba cannot talk to LDAP over TLS

https://bugzilla.novell.com/show_bug.cgi?id=730046 https://bugzilla.novell.com/show_bug.cgi?id=730046#c36 --- Comment #36 from Bernhard Wiedemann 2012-01-30 13:01:12 CET --- This is an autogenerated message for OBS integration: This bug (730046) was mentioned in https://build.opensuse.org/request/show/102014 12.1 / samba -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

4471

Age (days ago)

4549

Last active (days ago)

List overview

Download

41 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 730046] New: LDAP server: Samba cannot talk to LDAP over TLS

tags

participants (1)