Bug 730046

Summary:	LDAP server: Samba cannot talk to LDAP over TLS
Product:	[openSUSE] openSUSE 11.4	Reporter:	Forgotten User Ku1lZ_yaEZ <forgotten_Ku1lZ_yaEZ>
Component:	YaST2	Assignee:	Ralf Haferkamp <ralf>
Status:	RESOLVED INVALID	QA Contact:	Jiri Srain <jsrain>
Severity:	Minor
Priority:	P4 - Low	CC:	forgotten_Ku1lZ_yaEZ, forgotten__NtlHAplw6, ralf
Version:	Final
Target Milestone:	---
Hardware:	x86-64
OS:	openSUSE 11.4
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	The samba config file /var/log/y2log ldap search as requested /etc/openldap/ldap.conf /etc/ldap.conf smb.conf /etc/sysconfig/ldap ldapsearch -x -ZZ -d -1 -H ldap://hh1.hh1.site -b "" -s base +

Description Forgotten User Ku1lZ_yaEZ 2011-11-13 07:13:06 UTC

Created attachment 461810 [details]
The samba config file

User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2

When using TLS between Samba and LDAP, the folowing error occurs:

Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556,  0]
lib/smbldap.c:731(smb_ldap_start_tls)
Nov 10 11:20:16 hh1 smbd[6066]:   Failed to issue the StartTLS instruction:

I feel that this is an important security issue and I have offered a solution. 

Could you also fix it for 12.1?




Reproducible: Always

Steps to Reproduce:
1.Using Yast throughout
2.Create root CA
3.Enter it. create and export common server certificaes
4.Make sure that your FQDN matches the CN of the certificates.
5. LDAP server - use tls - use common server certificate
6. Copy YaST-CA.pem to /srv/www/htdocs
7. ldap client check tls box and download the CA from the webserver (there ought to be a way of specifying a file here rather than have to download it from a webserver)
8 ldap client - advanced configuration - create default config
9. Samba server - Identity - PDC - Ldap settings - use ldap
10. Give root password so that other machines can join the samba created domain.

Actual Results:  
Samba does not communicate with LDAP over tls. See error above.



Expected Results:  
Samba connects to LDAP over a TLS connection

It seems that the CA certificate is not being detected.

The problem can be solved by adding:

TLS_REQCERT hard
TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem

to /etc/openldap/ldap.conf

Comment 1 Lars Müller 2011-11-14 09:02:16 UTC

This issue got discussed in a thread at an openSUSE list http://lists.opensuse.org/opensuse/2011-11/msg00363.html

@Lynn: Please add the pointer(s) to the list archive at https://lists.samba.org/ too.

Comment 2 Forgotten User Ku1lZ_yaEZ 2011-11-14 12:35:31 UTC

https://lists.samba.org/archive/samba/2011-November/164820.html

Comment 3 Forgotten User Ku1lZ_yaEZ 2011-11-18 10:27:40 UTC

Info has been given. Any news?
Thanks.

Comment 4 Ralf Haferkamp 2011-11-24 16:11:53 UTC

(In reply to comment #0)
> Created an attachment (id=461810) [details]
> The samba config file
> 
> User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML,
> like Gecko) Chrome/15.0.874.102 Safari/535.2
> 
> When using TLS between Samba and LDAP, the folowing error occurs:
> 
> Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556,  0]
> lib/smbldap.c:731(smb_ldap_start_tls)
> Nov 10 11:20:16 hh1 smbd[6066]:   Failed to issue the StartTLS instruction:
When do you get this error message? Always when starting smbd or only when booting?

I get this message when booting into the system and that seems to be an issue with either samba's or slapd's init script or systemd. Samba seems to be started before OpenLDAP is accepting incoming requests. When using sysvinit the OpenLDAP initscript takes care the it does not succeed until the Server is able to process request (by doing some ldapsearch magic).
But I also see that samba's init script does not have a dependency on OpenLDAP.

Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

> 
> I feel that this is an important security issue and I have offered a solution. 
I don't see yet why this should be a security issue.

[..]
> Reproducible: Always
> 
> Steps to Reproduce:
> 1.Using Yast throughout
> 2.Create root CA
> 3.Enter it. create and export common server certificaes
> 4.Make sure that your FQDN matches the CN of the certificates.
> 5. LDAP server - use tls - use common server certificate
> 6. Copy YaST-CA.pem to /srv/www/htdocs
> 7. ldap client check tls box and download the CA from the webserver (there
> ought to be a way of specifying a file here rather than have to download it
> from a webserver)
There is. Either just enter a file:/// URL or go to the advanced settings. There you'll find option to either select a file or directory manually. I agree though that it could be implemented better from a usuabilty point of view.

OTOH, if you setup the LDAP Server on the localhost you shouldn't need to configure any TLS Settings in ldap-client. The yast2-ldap-server module already configures that for you (at least it did here).

> Actual Results:  
> Samba does not communicate with LDAP over tls. See error above.
Hm, I only get this error once when booting it still seems to work afterwards.

> It seems that the CA certificate is not being detected.
> 
> The problem can be solved by adding:
> 
> TLS_REQCERT hard
> TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem
Usually yast2-ldap-client does this already. Please attach YaST logs (/var/log/YaST/*)

> to /etc/openldap/ldap.conf

Comment 5 Forgotten User Ku1lZ_yaEZ 2011-11-24 17:19:53 UTC

Created attachment 463990 [details]
/var/log/y2log

Included to remove NEEDINFO

Comment 6 Forgotten User Ku1lZ_yaEZ 2011-11-24 17:23:15 UTC

Yast produces this:

/etc/openldap> cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
uri     ldap://hh1.site
base    dc=site
TLS_CACERTDIR   /etc/openldap/cacerts/

The certificate is not found and Samba cannot communicate with LDAP via TLS. Yast does not add the two lines I have given in my solution to this.

Comment 7 Forgotten User Ku1lZ_yaEZ 2011-11-24 17:46:47 UTC

I sent the y2log corresponding to the Yast LDAP client only. But I see that you wanted the whole lot! I tarred the files but it will not let me send anything over 10Mb. Do you really need everything? Do you want me to ftp is somewhere?

Comment 8 Forgotten User Ku1lZ_yaEZ 2011-11-24 17:55:36 UTC

(In reply to comment #4)
> (In reply to comment #0)
> > Created an attachment (id=461810) [details] [details]
> > The samba config file
> > 
> > User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML,
> > like Gecko) Chrome/15.0.874.102 Safari/535.2
> > 
> > When using TLS between Samba and LDAP, the folowing error occurs:
> > 
> > Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556,  0]
> > lib/smbldap.c:731(smb_ldap_start_tls)
> > Nov 10 11:20:16 hh1 smbd[6066]:   Failed to issue the StartTLS instruction:
> When do you get this error message? Always when starting smbd or only when
> booting?
> 
> I get this message when booting into the system and that seems to be an issue
> with either samba's or slapd's init script or systemd. Samba seems to be
> started before OpenLDAP is accepting incoming requests. When using sysvinit the
> OpenLDAP initscript takes care the it does not succeed until the Server is able
> to process request (by doing some ldapsearch magic).
> But I also see that samba's init script does not have a dependency on OpenLDAP.
> 
> Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
> 
> > 
> > I feel that this is an important security issue and I have offered a solution. 
> I don't see yet why this should be a security issue.
> 
> [..]
> > Reproducible: Always
> > 
> > Steps to Reproduce:
> > 1.Using Yast throughout
> > 2.Create root CA
> > 3.Enter it. create and export common server certificaes
> > 4.Make sure that your FQDN matches the CN of the certificates.
> > 5. LDAP server - use tls - use common server certificate
> > 6. Copy YaST-CA.pem to /srv/www/htdocs
> > 7. ldap client check tls box and download the CA from the webserver (there
> > ought to be a way of specifying a file here rather than have to download it
> > from a webserver)
> There is. Either just enter a file:/// URL or go to the advanced settings.

There are no 'advanced settings'. I think you mean ;Advanced Configuration.' no?


> There you'll find option to either select a file or directory manually. 
> though that it could be implemented better from a usuabilty point of view.e

It really does need improving. It's almost as bad as the Yast printer setup module. Only joking.

Yast chooses:
/etc/openldap/cacerts/

> 
> OTOH, if you setup the LDAP Server on the localhost you shouldn't need to
> configure any TLS Settings in ldap-client. The yast2-ldap-server module already
> configures that for you (at least it did here).
> 
> > Actual Results:  
> > Samba does not communicate with LDAP over tls. See error above.
> Hm, I only get this error once when booting it still seems to work afterwards.
> 
> > It seems that the CA certificate is not being detected.
> > 
> > The problem can be solved by adding:
> > 
> > TLS_REQCERT hard
> > TLS_CACERT /etc/openldap/cacerts/YaST-CA.pem
> Usually yast2-ldap-client does this already. Please attach YaST logs
> (/var/log/YaST/*)
> 
> > to /etc/openldap/ldap.conf

Comment 9 Forgotten User Ku1lZ_yaEZ 2011-11-24 17:56:32 UTC

Reproduced on 11.3 and 12.1. Both 32 and 64 bit.

Comment 10 Ralf Haferkamp 2011-11-25 08:35:23 UTC

(In reply to comment #6)
> Yast produces this:
[..]
> uri     ldap://hh1.site
> base    dc=site
> TLS_CACERTDIR   /etc/openldap/cacerts/
> 
> The certificate is not found and Samba cannot communicate with LDAP via TLS.
> Yast does not add the two lines I have given in my solution to this.
TLS_REQCERT hard
doesn't need to be added because it is the hardcoded default when no setting is present.
Can you please attach the output of "ls -l /etc/openldap/cacerts/" it should contain some symlinks named similar to this: e113c810.0. If it doesn't then that is the reason that Samba is not able to read the certificates when using TLS_CACERTDIR instead of TLS_CACERT.


(In reply to comment #7)
> I sent the y2log corresponding to the Yast LDAP client only. But I see that you
> wanted the whole lot! I tarred the files but it will not let me send anything
> over 10Mb. Do you really need everything? Do you want me to ftp is somewhere?
y2log should be enough for now. But could you please additionally attach the output of:
ldapsearch -x -ZZ -d -1 -b "" -s base +

(In reply to comment #8)
> (In reply to comment #4)
> > (In reply to comment #0)
> > > Created an attachment (id=461810) [details] [details] [details]
[..]
> > There is. Either just enter a file:/// URL or go to the advanced settings.
> 
> There are no 'advanced settings'. I think you mean ;Advanced Configuration.'
> no?
Yes, sorry. I was using the german localization on my test system didn't remember the correct button label in english.
 
> > There you'll find option to either select a file or directory manually. 
> > though that it could be implemented better from a usuabilty point of view.e
> 
> It really does need improving. It's almost as bad as the Yast printer setup
> module. Only joking.
:)
 
> Yast chooses:
> /etc/openldap/cacerts/
Yes, because that is where YaST put the certificate after downloading it.

Comment 11 Forgotten User Ku1lZ_yaEZ 2011-11-25 08:57:27 UTC

Created attachment 464047 [details]
ldap search as requested

Comment 12 Forgotten User Ku1lZ_yaEZ 2011-11-25 09:00:13 UTC

ls -l /etc/openldap/cacerts/
total 8
lrwxrwxrwx 1 root root   10 Nov 24 18:00 513085ff.0 -> cacert.pem
lrwxrwxrwx 1 root root   10 Nov 24 18:00 792682eb.0 -> cacert.pem
-rw-r--r-- 1 root root 3056 Nov 24 18:00 cacert.pem


Please remember that this is about Samba connecting to LDAP, not a user logging in from a linux client.

Thanks

Comment 13 Ralf Haferkamp 2011-11-25 09:30:05 UTC

(In reply to comment #11)
> Created an attachment (id=464047) [details]
> ldap search as requested
This is missing the debug output I requested. Either you forget to attach the stderr output I request or you did add the "-d -1" command line options to the ldapsearch command. Please attach the complete output. Also paste your TLS_* settings in /etc/openldap/ldap.conf that were in use when running that command.

(In reply to comment #12)
> ls -l /etc/openldap/cacerts/
> total 8
> lrwxrwxrwx 1 root root   10 Nov 24 18:00 513085ff.0 -> cacert.pem
> lrwxrwxrwx 1 root root   10 Nov 24 18:00 792682eb.0 -> cacert.pem
> -rw-r--r-- 1 root root 3056 Nov 24 18:00 cacert.pem
Hm, this looks good actually. 

> Please remember that this is about Samba connecting to LDAP, not a user logging
> in from a linux client.
I know. But the error messages you got from Samba seemed to indicate that something is wrong with your general LDAP setup. For Samba it should make no difference whether TLS_CACERTDIR or TLS_CACERT is used, as long as the directory is setup properly.

BTW, you seem to have overlooked one of my question from comment#4:
> Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556,  0]
> lib/smbldap.c:731(smb_ldap_start_tls)
> Nov 10 11:20:16 hh1 smbd[6066]:   Failed to issue the StartTLS instruction:

When do you get this error message? Always when starting smbd or only when
booting? What output does "pdbedit -L" give you?

Comment 14 Forgotten User Ku1lZ_yaEZ 2011-11-25 10:18:54 UTC

'When do you get this error message? Always when starting smbd or only when
booting? What output does "pdbedit -L" give you?'

Without my addition to /etc/openldap/ldap.conf this error occurs always on boot and when restarting Samba. With my 2 line workaround it connects fine:

without:
.
> Nov 10 11:20:16 hh1 smbd[6066]: [2011/11/10 11:20:16.268556,  0]
> lib/smbldap.c:731(smb_ldap_start_tls)
> Nov 10 11:20:16 hh1 smbd[6066]:   Failed to issue the StartTLS instruction:
TLS does not work.
- - -

With my workaround: 

Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 ACCEPT from IP=192.168.1.2:55442 (IP=0.0.0.
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 STARTTLS
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=0 RESULT oid= err=0 text=
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 fd=21 TLS established tls_ssf=256 ssf=256
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" method=128
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 BIND dn="cn=admin,dc=site" mech=SIMPLE ssf=0
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=1 RESULT tag=97 err=0 text=
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH base="" scope=0 deref=0 filter="(object
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SRCH attr=supportedControl
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH base="dc=site" scope=2 deref=0 filter="
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SRCH attr=sambaDomainName sambaNextRid samba
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH base="dc=site" scope=2 deref=0 filter="
Nov 25 11:09:55 hh1 slapd[2017]: conn=1033 op=4 SRCH attr=gidNumber sambaSID sambaGroupType 

TLS works fine
- - - 

 grep -v "#" ldap.conf
base    dc=site
bind_policy     soft
pam_lookup_policy       yes
pam_password    exop
nss_initgroups_ignoreusers      root,ldap
nss_schema      rfc2307bis
nss_map_attribute       uniqueMember member
ssl     start_tls
uri     ldap://hh1.site
ldap_version    3
pam_filter      objectClass=posixAccount
tls_cacertfile  /etc/openldap/cacert.pem

- - - 

 pdbedit -L
root:0:root
<snip>
COMPUTER_1$:10001:COMPUTER_1$
STEVE-PC$:10002:STEVE-PC$
<snip>
lynn2:1001:l
steve2:1003:s


It doesn't really matter. _I_ know how to fix it. But that's selfish. The point is, I'd like to help others to use Yast too.

Please let me know if we're getting anywhere. Is it a big problem to be able to apply the workaround to Yast? It's only one or two lines in /etc/openldap/ldap.conf.

Thanks L x

Comment 15 Ralf Haferkamp 2011-11-25 11:03:31 UTC

(In reply to comment #14)
[..]
>  grep -v "#" ldap.conf
> base    dc=site
> bind_policy     soft
> pam_lookup_policy       yes
> pam_password    exop
> nss_initgroups_ignoreusers      root,ldap
> nss_schema      rfc2307bis
> nss_map_attribute       uniqueMember member
> ssl     start_tls
> uri     ldap://hh1.site
> ldap_version    3
> pam_filter      objectClass=posixAccount
> tls_cacertfile  /etc/openldap/cacert.pem
Now this is not /etc/openldap/ldap.conf but /etc/ldap.conf. And it contains yet another certificate configuration. So which one acutally is the correct certificate?
/etc/openldap/cacert.pem
or
/etc/openldap/cacerts/YaST-CA.pem (which you said you have in configured in /etc/openldap/ldap.conf in your initial comment)
or even:
/etc/openldap/certs/cacert.pem


> Please let me know if we're getting anywhere. Is it a big problem to be able
> to apply the workaround to Yast?
Because it shouldn't be needed. And I am trying to find out why YaST created a broken setup in your case. We should fix the real issue instead of adding workarounds. For Samba it doesn't matter if TLS_CACERTDIR or TLS_CACERT are used unless there is either a bug in samba or the openldap client libs. At least when the correct certificate is present in TLS_CACERTDIR and the dir is properly hashed with c_rehash (which it seems to be in your case).

Comment 16 Lars Müller 2011-11-25 11:32:59 UTC

(In reply to comment #4)
[ 8< ]
> But I also see that samba's init script does not have a dependency on OpenLDAP.
> 
> Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb

Sounds reasonable.

The only potential issue I see is: You run Samba without using the ldap service.  But I can't see how this would add more harm.

Comment 17 Forgotten User Ku1lZ_yaEZ 2011-11-25 14:50:12 UTC

/etc/openldap/cacerts/YaST-CA.pem
was with 11.4 using Yast CA Management (when CA Management module in Yast worked).

With 12.1, Yast CA Management is broken so I made my own certificates using openssl.

with 12.1, I put the cert  in:

/etc/openldap

The error is the same whether you use the YaST-CA.pem created via Yast (in the days when CA Management module worked) or my openssl created cacert.pem. 

(In reply to comment #16)
> (In reply to comment #4)
> [ 8< ]
> > But I also see that samba's init script does not have a dependency on OpenLDAP.
> > 
> > Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
> 
> Sounds reasonable.
> 
> The only potential issue I see is: You run Samba without using the ldap
> service.  But I can't see how this would add more harm.

Running Samba without ldap does not give us single sign on nor a convenient place to store names, addresses and 'phone numbers.

Comment 18 Bernhard Wiedemann 2011-11-25 17:00:52 UTC

This is an autogenerated message for OBS integration:
This bug (730046) was mentioned in
https://build.opensuse.org/request/show/93688 Factory / samba

Comment 19 Lars Müller 2011-11-25 23:32:21 UTC

(In reply to comment #17)
[ 8< ]
> > [ 8< ]
> > > But I also see that samba's init script does not have a dependency on OpenLDAP.
> > > 
> > > Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
> > 
> > Sounds reasonable.
> > 
> > The only potential issue I see is: You run Samba without using the ldap
> > service.  But I can't see how this would add more harm.
> 
> Running Samba without ldap does not give us single sign on nor a convenient
> place to store names, addresses and 'phone numbers.

Sorry, you missed the point.  We talked about the service dependencies as they're defined in the init scripts "headers".

In this particular case these two lines show how it will soon look in openSUSE after submit request #93688 got accepted:

# Should-Start:   cupsd winbind nmb ldap
# Should-Stop:    cupsd winbind nmb ldap

This is all not about your particular use case.  This is about how we design the service dependencies in general and abstract.

Comment 20 Forgotten User Ku1lZ_yaEZ 2011-11-26 06:00:20 UTC

(In reply to comment #19)
> (In reply to comment #17)
> [ 8< ]
> > > [ 8< ]
> > > > But I also see that samba's init script does not have a dependency on OpenLDAP.
> > > > 
> > > > Lars: Should there be "ldap" listed in "Should-Start" of /etc/init.d/smb
> > > 
> > > Sounds reasonable.
> > > 
> > > The only potential issue I see is: You run Samba without using the ldap
> > > service.  But I can't see how this would add more harm.
> > 
> > Running Samba without ldap does not give us single sign on nor a convenient
> > place to store names, addresses and 'phone numbers.
> 
> Sorry, you missed the point.  We talked about the service dependencies as
> they're defined in the init scripts "headers".
> 
> In this particular case these two lines show how it will soon look in openSUSE
> after submit request #93688 got accepted:
> 
> # Should-Start:   cupsd winbind nmb ldap
> # Should-Stop:    cupsd winbind nmb ldap
> 
> This is all not about your particular use case.  This is about how we design
> the service dependencies in general and abstract.

Lars, thanks for taking the time to explain this. I'm not a programmer nor bug fixer but know enough about LDAP to set up a server. So sometimes I cannot understand what you are saying at your level of understanding. I'm not a newbie either but sometimes bug reporting goes way over the top of the original requester and branches out to places that a user on my level has no comprehension of.

Comment 21 Forgotten User Ku1lZ_yaEZ 2011-11-26 06:06:52 UTC

Sorry to ask but this has got to a stage where I feel useless and feel that I am wasting your time but have you actually reproduced the bug? Have you seen for yourselves that doing what I did does not do what it ought to do?

I can reproduce the bug in 12.1. Will any future solution also be carried forward to 12.1 too?

Does the comment
> # Should-Start:   cupsd winbind nmb ldap
> # Should-Stop:    cupsd winbind nmb ldap
mean that this is a fix? Will it now be submitted and the bug solved?
Thanks.

Comment 22 Lars Müller 2011-11-26 12:59:30 UTC

Ralf is working on the actual issue as he stated in comment #15.

See in comment 16 why I replied.  EOT from my side.

Comment 23 Bernhard Wiedemann 2011-12-20 02:01:12 UTC

This is an autogenerated message for OBS integration:
This bug (730046) was mentioned in
https://build.opensuse.org/request/show/97141 Factory / samba

Comment 24 Bernhard Wiedemann 2011-12-20 14:01:13 UTC

This is an autogenerated message for OBS integration:
This bug (730046) was mentioned in
https://build.opensuse.org/request/show/97212 Factory / samba

Comment 25 Ralf Haferkamp 2012-01-11 09:56:58 UTC

(In reply to comment #21)
> Sorry to ask but this has got to a stage where I feel useless and feel that I
> am wasting your time but have you actually reproduced the bug? Have you seen
> for yourselves that doing what I did does not do what it ought to do?
No, I was not able to reproduce your problems.

> I can reproduce the bug in 12.1. Will any future solution also be carried
> forward to 12.1 too?
If we find a bug we will of course include the fix in 12.1.

> Does the comment
> > # Should-Start:   cupsd winbind nmb ldap
> > # Should-Stop:    cupsd winbind nmb ldap
> mean that this is a fix? Will it now be submitted and the bug solved?
No, this was just a separate issue we found while trying to analyze this bug.

Comment 26 Ralf Haferkamp 2012-01-11 10:08:31 UTC

Now, to get forward with the real issues could you please provide me with some more information? I suggest to focus on 12.1 for now as this is the most current openSUSE release (backports to older releases can be done once we found the problem). So please provide every bit of the requested info from your 12.1 System.

1. Please attach the following configuration files:
/etc/openldap/ldap.conf
/etc/ldap.conf
/etc/samba/smb.conf
/etc/sysconfig/ldap

2. Please attach the complete (including the debug log!) output of this command, executed on the machine that is supposed to run the samba server:

ldapsearch -x -ZZ -d -1 -H ldap://hh1.site -b "" -s base +

Comment 27 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:04:03 UTC

Created attachment 470679 [details]
/etc/openldap/ldap.conf

Comment 28 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:05:17 UTC

Created attachment 470680 [details]
/etc/ldap.conf

Comment 29 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:13:18 UTC

Created attachment 470684 [details]
smb.conf

Comment 30 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:14:14 UTC

Created attachment 470686 [details]
/etc/sysconfig/ldap

Comment 31 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:21:40 UTC

ldapsearch -x -ZZ -d -1 -H ldap://hh1.site -b "" -s base +

ldap_url_parse_ext(ldap://hh1.site)
ldap_create
ldap_url_parse_ext(ldap://hh1.site:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP hh1.site:389
ldap_connect_to_host: getaddrinfo failed: Name or service not known
ldap_err2string
ldap_start_tls: Can't contact LDAP server (-1)

/var/log/mesages

Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 fd=15 ACCEPT from IP=192.168.1.2:44755 (IP=0.0.0.0:389)
Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 STARTTLS
Jan 11 13:13:38 hh1 slapd[6382]: conn=1001 op=0 RESULT oid= err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 fd=15 TLS established tls_ssf=256 ssf=256
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 BIND dn="cn=admin,dc=hh1,dc=site" method=128
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 BIND dn="cn=admin,dc=hh1,dc=site" mech=SIMPLE ssf=0
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=1 RESULT tag=97 err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SRCH attr=supportedControl
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=hh2))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SRCH attr=sambaPwdHistoryLength
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SRCH attr=sambaMaxPwdAge
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-1000)(sambaSIDList=s-1-22-2-0)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-11)))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SRCH attr=sambaSID
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 ACCEPT from IP=192.168.1.2:44756 (IP=0.0.0.0:389)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 STARTTLS
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=0 RESULT oid= err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 TLS established tls_ssf=256 ssf=256
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=1 BIND dn="" method=128
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=1 RESULT tag=97 err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1002 deferring operation: binding
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1002 fd=19 closed (connection lost)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 ACCEPT from IP=192.168.1.2:44757 (IP=0.0.0.0:389)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 STARTTLS
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=0 RESULT oid= err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 TLS established tls_ssf=256 ssf=256
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=1 BIND dn="" method=128
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=1 RESULT tag=97 err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1003 deferring operation: binding
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1003 fd=19 closed (connection lost)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 ACCEPT from IP=192.168.1.2:44758 (IP=0.0.0.0:389)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 STARTTLS
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=0 RESULT oid= err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 TLS established tls_ssf=256 ssf=256
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=1 BIND dn="" method=128
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=1 RESULT tag=97 err=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: connection_input: conn=1004 deferring operation: binding
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=18 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=19 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=20 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1004 fd=19 closed (connection lost)
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=21 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=22 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=23 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-501)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-513)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-546)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SRCH attr=sambaSID
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=24 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=25 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=26 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=28 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=29 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=32 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-546))"
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=35 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:39 hh1 slapd[6382]: conn=1001 op=34 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:13:43 hh1 nmb[6427]: Shutting down Samba NMB daemon ..done
Jan 11 13:13:43 hh1 nmb[6436]: Starting Samba NMB daemon ..done
Jan 11 13:17:05 hh1 dbus[813]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Jan 11 13:17:05 hh1 dbus-daemon[813]: dbus[813]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Jan 11 13:17:05 hh1 dbus-daemon[813]: (packagekitd:6483): PackageKit-Zypp-DEBUG: zypp_backend_initialize
Jan 11 13:17:05 hh1 dbus-daemon[813]: dbus[813]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Jan 11 13:17:05 hh1 dbus[813]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Jan 11 13:17:25 hh1 dbus-daemon[813]: (packagekitd:6483): PackageKit-Zypp-DEBUG: zypp_backend_destroy
Jan 11 13:18:18 hh1 su: (to root) steve on /dev/pts/1
Jan 11 13:18:39 hh1 slapd[6382]: conn=1001 op=36 UNBIND
Jan 11 13:18:39 hh1 slapd[6382]: conn=1001 fd=15 closed
Jan 11 13:20:32 hh1 smb[6560]: Shutting down Samba SMB daemon ..done
Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 fd=15 ACCEPT from IP=192.168.1.2:44766 (IP=0.0.0.0:389)
Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 STARTTLS
Jan 11 13:20:32 hh1 slapd[6382]: conn=1005 op=0 RESULT oid= err=0 text=
Jan 11 13:20:33 hh1 smb[6569]: Starting Samba SMB daemon ..done
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 fd=15 TLS established tls_ssf=256 ssf=256
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 BIND dn="cn=admin,dc=hh1,dc=site" method=128
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 BIND dn="cn=admin,dc=hh1,dc=site" mech=SIMPLE ssf=0
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=1 RESULT tag=97 err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1005 deferring operation: binding
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SRCH attr=supportedControl
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=hh2))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(uid=root)(objectClass=sambaSamAccount))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SRCH attr=sambaPwdHistoryLength
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SRCH base="sambaDomainName=HH2,dc=hh1,dc=site" scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SRCH attr=sambaMaxPwdAge
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=12 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=13 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-1000)(sambaSIDList=s-1-22-2-0)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-11)))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SRCH attr=sambaSID
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=14 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=16 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=17 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 ACCEPT from IP=192.168.1.2:44767 (IP=0.0.0.0:389)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 STARTTLS
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=0 RESULT oid= err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 TLS established tls_ssf=256 ssf=256
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=1 BIND dn="" method=128
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=1 RESULT tag=97 err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1006 deferring operation: binding
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1006 fd=21 closed (connection lost)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 ACCEPT from IP=192.168.1.2:44768 (IP=0.0.0.0:389)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 STARTTLS
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=0 RESULT oid= err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 TLS established tls_ssf=256 ssf=256
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=1 BIND dn="" method=128
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=1 RESULT tag=97 err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: connection_input: conn=1007 deferring operation: binding
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1007 fd=21 closed (connection lost)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 ACCEPT from IP=192.168.1.2:44769 (IP=0.0.0.0:389)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 STARTTLS
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=0 RESULT oid= err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 TLS established tls_ssf=256 ssf=256
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=1 BIND dn="" method=128
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=1 RESULT tag=97 err=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=hh2\5Cnobody))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1008 fd=21 closed (connection lost)
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=18 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=19 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=20 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-544))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=21 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=22 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=23 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-501)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-513)(sambaSIDList=s-1-5-21-3527315056-4070268576-2044151109-546)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(sambaSIDList=s-1-5-32-546)))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SRCH attr=sambaSID
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=24 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=25 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=26 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513)(objectClass=sambaSamAccount))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-513))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=28 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=29 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546)(objectClass=sambaSamAccount))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=31 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-3527315056-4070268576-2044151109-546))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=32 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=34 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SRCH base="dc=hh1,dc=site" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-546))"
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jan 11 13:20:33 hh1 slapd[6382]: conn=1005 op=35 SEARCH RESULT tag=101 err=0 nentries=0 text=

Comment 32 Forgotten User Ku1lZ_yaEZ 2012-01-11 12:39:55 UTC

Created attachment 470692 [details]
ldapsearch -x -ZZ -d -1 -H ldap://hh1.hh1.site -b "" -s base +

Comment 33 Ralf Haferkamp 2012-01-11 13:01:31 UTC

These attachments seem to come from a server where samba is actually working with StartTLS. I'd need the same information from a non-working machine to be able to debug anything. (Sorry for not pointing that out explicitly)

Comment 34 Forgotten User Ku1lZ_yaEZ 2012-01-11 13:17:09 UTC

Hi Ralph

Don't need the workaround anymore if the tls_cacert is specified as a file in /etc/openldap/ldap.conf

Sorry, but can't reproduce the original error as am now in production on this server.

Mark as resolved and reopen if anyone else finds it?
Thanks for your effort.

Comment 35 Ralf Haferkamp 2012-01-11 13:32:40 UTC

Resolving as per comment#34

Comment 36 Bernhard Wiedemann 2012-01-30 12:01:12 UTC

This is an autogenerated message for OBS integration:
This bug (730046) was mentioned in
https://build.opensuse.org/request/show/102014 12.1 / samba