Samba doesn’t like special characters in ldap password

Ok, So I’m trying to set Linux Samba up as a filserver for Windows clients with Fedora Directory Server (FDS) ldap as the backend for user information. In the process you have to add a directive like this to your smb.conf.

security = user
passdb backend = ldapsam:ldap://ldapserver.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=ldapserver,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap password sync = yes

That tells samba to look in ldap for sambaSamAccounts. Only problem is you have to give samba the password for the administrator ldap account of “cn=Directory Manager”. You do that by running the command

smbpasswd -w my_password_in_clear_text

Only problem is some of us make complex passwords with special characters(!@#$%^&*()) in them. Since this accepts passwords on command line some of those special characters are parsed by the shell. So when I ran

net getlocalsid

I got errors like:

failed to bind to server ldap://ldapserver.com with dn="cn=Directory Manager" Error: Invalid credentials

Like I said, I bet you could fix this by escaping your special characters (ie replace $ with \$). But I needed to change my ldap directory manager password to not be the root linux password so I just removed all special characters and created a long plain-text password. I re-ran smbpasswd -w, and net getlocalsid and poof, it works!

Tags: , , ,

Authentication

I finally got the hardware working for the linux file server. Yay! The next step is to start configuring software for moving all of the users files to the server.

To do this I decided to setup a new LDAP directory server using Fedora Directory Server. The initial steps weren’t too hard. Of course the Install Guide and PAM Configuration how-to helped. Within a couple hours I had the server running and a user able to login. The harder steps were customizing it for our systems and getting it to work with samba so that users could mount their home directories from Windows.

PCI, PCI-X, 3.3V, 5V. HUH?

In “What no Hardware RAID?” I got the external enclosure working on my home Linux computer. In this post I describe the problems I had getting it to work in a Dell PowerEdge 6650 server.

Drop the card in

I went down to the data center one afternoon thinking I had a 20 minute job to put a PCI card in a server, connect the enclosure and reboot the server. Well it turned out life is not that easy. No matter what I did, Linux would load the driver for the RAID controller card and it would attempt to find the disks connected to it, but everytime it would fail to find the disks.

Troubleshooting

My first thought was that I screwed up the kernel build. So I rebuild my vanilla kernel (2.6.25) from scratch. Still no success. My next thought was that maybe the server motherboard did not like the version of the firmware on my RAID controller card. That seemed likely since my home computer would not boot with one version of the firmware. So for the next day I tried a myriad of kernel versions and RAID controller firmware revisions and combination of those!

So with several of those combinations exhausted the department sys admin recommended that I try changing the PCI card to PCI slot 1 on the server. That slot was only PCI, while the remaining 7 slots were PCI + PCI-X. I had originally placed the card in slot 8 because it was closest to the location of the external enclosure and 1 meter cable wouldn’t reach if I used slot 1. So for the purposes of the test I set the external enclosure on the floor. I then tested, and the system still did not work so I moved the card back to slot 8 and the enclosure to its shelf. And so went another day of troubleshooting.

Getting more frustrated I begin to accept that maybe this RAID controller is fighting with my PERC SCSI RAID controller in the server. Unfortunately, the test was to remove my RAID card, thus corrupting my internal disks with OS. I eventually got the guts up to do that… still no luck.

Then I read in detail, every user review of these 2 products (the raid controller card and the external enclosure) on newegg.com. In a couple reviews I see people complaining that newegg specified the card as PCI-X when it is actually PCI. I didn’t see that as a problem because I was using PCI + PCI-X slots. Then I reach a review that says the card will only work at 5V despite fitting into a 3.3V PCI slot. Huh?

In comes wikipedia. Now I see, PCI-X operates the 3.3V. Past revisions of PCI operate at 5V, a new revision operates at 3.3V. The standard uses different physical ‘notches’ in the bottom of a PCI card to restrict you from inserting it into an incompatible slot. As you see in the figure below the bottom two slots are longer and have differently placed vertical ‘bars’. Those bars indicate what voltage is on that slot. A bar near the left (closer to the edge of the motherboard) indicates 3.3V. A bar near the right (as in the top slot) indicates 5V. The bottom two slots in this picture are PCI-X slots which are what I was using.

Top: PCI 5V slot, Bottom 2: PCI-X 3.3V slots

Now take a look at the PCI RAID controller again.

Syba SD-SATA2-2E2I

You can clearly see there are two ‘notches’ cut into the interface. These notches indicate that it can be inserted into a 3.3V slot or a 5V slot and the card will handle the difference. You can see that the card will also fit into either slot type in the picture above.

Back to the newegg user review. Is it true that the card can only work with 5V even though the card was made to fit into 3.3V slots? A quick email to the manufacturer reveals that the user is correct. The Syba SD-SATA2-2E2I, Silicon Image/SIL3124 card will only work in 5V PCI slots. What a bust! I wasted 3 days trying to make it work in a 3.3V slot. All because the manufacturer incorrectly made the card.

The fix was easy, I went back and put the card back into PCI slot 1. First boot and my hard drives were detected by Linux (CentOS 5.1 with Vanilla kernel 2.6.25)! Yay! Why didn’t this work a few days ago when I tried? I have no clue.

So now I have my Sil4726 enclosure working with my Sil3124 PCI card on Linux!