0

I installed samba and made it a simple domain controller, and I intend to set it to make the authentication over OpenLDAP. The problem is I can NOT run both slapd and samba processes at the same time.

If I ran Samba at first (samba will run and work normally), and then next the slapd, the slapd will not run, it tells me that the port is being used, and I am not able to use it.

slapd starting process outout:

root@linuxserver:/home/mohammed# /etc/init.d/slapd status ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol) Loaded: loaded (/etc/init.d/slapd) Active: failed (Result: exit-code) since Wed 2016-02-17 11:31:36 CET; 41s ago Docs: man:systemd-sysv-generator(8) Process: 10297 ExecStop=/etc/init.d/slapd stop (code=exited, status=0/SUCCESS)
Process: 10697 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE)

Feb 17 11:31:36 linuxserver.example.local slapd[10701]: @(#) $OpenLDAP: slapd (Ubuntu) (Sep 15 2015 21:34:22) $ buildd@lgw01-27:/build/openldap-cOgeXt/openldap-2.4.41+dfsg/debian/build/servers/slapd Feb 17 11:31:36 linuxserver.example.local slapd[10701]: daemon: bind(9) failed errno=98 (Address already in use) Feb 17 11:31:36 linuxserver.example.local slapd[10701]: daemon: bind(9) failed errno=98 (Address already in use) Feb 17 11:31:36 linuxserver.example.local slapd[10701]: slapd stopped. Feb 17 11:31:36 linuxserver.example.local slapd[10701]: connections_destroy: nothing to destroy. Feb 17 11:31:36 linuxserver.example.local systemd[1]: slapd.service: Control process exited, code=exited status=1 Feb 17 11:31:36 linuxserver.example.local systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol). Feb 17 11:31:36 linuxserver.example.local systemd[1]: slapd.service: Unit entered failed state. Feb 17 11:31:36 linuxserver.example.local systemd[1]: slapd.service: Failed with result 'exit-code'. Feb 17 11:31:36 linuxserver.example.local slapd[10697]: ...fail!

and if I did the opposite, so if I ran slapd at first (it will run correctly), and then next samba, samba will not work because it tells that there is somthing going wrong with the port, and I cannot use it.

samba starting process outout:

root@linuxserver:/home/mohammed# /etc/init.d/samba status ● samba-ad-dc.service - LSB: start Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc) Active: active (running) since Wed 2016-02-17 11:38:03 CET; 3s ago Docs: man:systemd-sysv-generator(8) Process: 10774 ExecStop=/etc/init.d/samba-ad-dc stop (code=exited, status=0/SUCCESS) Process: 11026 ExecStart=/etc/init.d/samba-ad-dc start (code=exited, status=0/SUCCESS) CGroup: /system.slice/samba-ad-dc.service ├─11055 /usr/sbin/samba -D ├─11058 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground └─11071 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground

Feb 17 11:38:05 linuxserver.example.local samba[11060]: [2016/02/17 11:38:05.303292, 0] ../source4/smbd/service_stream.c:346(stream_setup_socket) Feb 17 11:38:05 linuxserver.example.local samba[11060]: Failed to listen on ::1:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED Feb 17 11:38:05 linuxserver.example.local samba[11060]: [2016/02/17 11:38:05.303771, 0] ../source4/ldap_server/ldap_server.c:821(add_socket) Feb 17 11:38:05 linuxserver.example.local samba[11060]: ldapsrv failed to bind to ::1:389 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED Feb 17 11:38:05 linuxserver.example.local samba[11060]: [2016/02/17 11:38:05.304082, 0] ../source4/smbd/service_task.c:35(task_server_terminate) Feb 17 11:38:05 linuxserver.example.local samba[11060]:
task_server_terminate: [Failed to startup ldap server task] Feb 17 11:38:05 linuxserver.example.local samba[11037]: STATUS=daemon 'samba' finished starting up and ready to serve connectionssamba_terminate: Failed t...rver task Feb 17 11:38:06 linuxserver.example.local smbd[11058]: [2016/02/17 11:38:06.082490, 0] ../lib/util/become_daemon.c:136(daemon_ready) Feb 17 11:38:06 linuxserver.example.local smbd[11072]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsUnable to connect to CUPS s...escriptor Feb 17 11:38:06 linuxserver.example.local smbd[11071]:
STATUS=daemon 'smbd' finished starting up and ready to serve connectionsfailed to retrieve printer ...UCCESSFUL Hint: Some lines were ellipsized, use -l to show in full.

And here is my smb.conf:

[global]
        workgroup = EXAMPLE
        realm = EXAMPLE.LOCAL
        netbios name = LINUXSERVER
        server role = active directory domain controller
        dns forwarder = 8.8.8.8
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/example.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Could anybody help me to solve that please? Thanks in advance.

Mohammed Noureldin
  • 541
  • 1
  • 11
  • 25

2 Answers2

1

You've got the answer right in your question (it's even in bold)

can NOT run both slapd and samba processes at the same time.

Samba4 is an LDAP server, so of course it and OpenLDAP want to use the same port.

If you intended to have Samba authenticate against OpenLDAP, you can't configure it as a Domain Controller.

Although there are lots of tutorials around the web, the best place to get setup/installation information is the Samba wiki. If you set up a Samba Active Directory Domain Controller, other applications can authenticate against it with LDAP - a Samba DC is also an LDAP server.

Ward - Trying Codidact
  • 12,899
  • 28
  • 46
  • 59
  • Could you suggest a solution for that? So I understand the problem, but how can I go around it? – Mohammed Noureldin Feb 17 '16 at 11:01
  • It depends on what you're trying to do... the only general advice I can give is to look at the Samba.org wiki and look at the other ways you can install Samba4, just don't set it up as a DC. – Ward - Trying Codidact Feb 17 '16 at 11:04
  • I want to authenticate Windows users from a linux server over samba against openldap database, therefore I need Samba as domain controller, anx replied down just to reconfigure openldap or samba address, would you recommend that? I don't know but I feel that is not the optimal solution, what I cannot understand is why is the samba4 a ldap server? so can I use it instead of openldap or what does it mean exactly? – Mohammed Noureldin Feb 17 '16 at 11:07
  • 1
    If you want your windows users to authenticate against a Linux server and you don't already have OpenLDAP in place, you can set up Samba and windows systems can authenticate against it and so can linux systems using LDAP clients. – Ward - Trying Codidact Feb 17 '16 at 11:13
  • Actually I have already openldap directory, and I intend to use it, so can I just easily change Samba-ldap port? or there is something better? – Mohammed Noureldin Feb 17 '16 at 11:22
  • Sorry but I am lost after reading some pages, as I understood, they said that OpenLDAP backend is not supported, how can that be? what to do in my case? so I have email, jabber, openvpn, freeradius, redmine, etc.. services, and they all authenticate over OpenLDAP, I just miss to let Windows users login with the same username and password in my OpenLDAP directory, could you give my some words which could help? – Mohammed Noureldin Feb 17 '16 at 11:44
  • Could you please rate the last comment of anx? can't I really do what I want? or there is anything I can do? I really appreciate any help – Mohammed Noureldin Feb 17 '16 at 18:01
  • 1
    In our case, we migrated from OpenLDAP to Samba... we set up our DCs, migrated all the accounts to it, and pointed all our services that used LDAP to a DC instead of our OpenLDAP server. – Ward - Trying Codidact Feb 17 '16 at 19:52
  • Thank you, may I ask you to recommend any tutorial or resource about setting Samba LDAP up? (I know that it is not recommended to ask for recommendations), but just to be able to keep going further. Thanks again – Mohammed Noureldin Feb 17 '16 at 20:01
1

As your logs say both services want to bind to port 389.
Samba 4, as a DC, includes and runs builtin LDAP server.
If you want to run both samba 4 DC and slapd server on the same host, you need to put them on different ip addresses. Changing ports is not an option because it breaks all the clients.

anx
  • 328
  • 1
  • 6
  • I updated my answer – anx Feb 17 '16 at 11:17
  • You mean I have to use two network adapters? or how can i do that? – Mohammed Noureldin Feb 17 '16 at 11:23
  • Sorry but I am lost after reading some pages, as I understood, they said that OpenLDAP backend is not supported, how can that be? what to do in my case? so I have email, jabber, openvpn, freeradius, redmine, etc.. services, and they all authenticate over OpenLDAP, I just miss to let Windows users login with the same username and password in my OpenLDAP directory, could you give my some words which could help? – Mohammed Noureldin Feb 17 '16 at 11:44
  • As official documentation says, you can build samba 4 with OpenLDAP backend: https://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP – anx Feb 17 '16 at 12:13
  • In other word, I can NOT do what I mentioned in the comment above? They said: "Note that you cannot point Samba4 to your existing OpenLDAP server and expect things to work. The instructions on this page are for configuring a 'captive' OpenLDAP server that is for use by Samba4 only." That means I cannot let users to sign in to Windows using the same username and passord used for the other services? – Mohammed Noureldin Feb 17 '16 at 12:46
  • Nope. You can't. – anx Feb 17 '16 at 14:07
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/35865/discussion-between-mohammed-noureldin-and-anx). – Mohammed Noureldin Feb 17 '16 at 14:59