Author Topic: [FIX] FATAL: Could not connect to samba LDAP server: connect: Connection refused  (Read 911 times)

nickpiggott

  • Zen Apprentice
  • *
  • Posts: 23
  • Karma: +8/-0
    • View Profile
I started to see this error in the Web Admin console when trying to access any of the Domain menu options.

The error was reported in /var/log/zental/zental.log as

Code: [Select]
Ldap.pm:219 EBox::Ldap::safeConnect - FATAL: Could not connect to samba LDAP server: connect: Permission denied at FATAL: Could not connect to samba LDAP server: connect: Permission denied at /usr/share/perl5/EBox/Ldap.pm line 219

After a great deal of debugging, I found this solution.

  • Zentyal makes its LDAP connection through a pipe at /var/lib/samba/private/ldapi_priv/ldapi
  • The modules run as user ebox
  • ldapi_priv is group "ebox"
  • ldapi_priv/ldapi is a pipe, so read/writeable by all
  • /var/lib/samba has permissions allowing any user to access
  • in my situation, /var/lib/samba/private was owned root:root and only accessible by root
  • therefore it seemed that user ebox could not access the ldapi pipe (defined in /usr/share/perl5/EBox/Ldap.pm)
I changed the permissions of the private folder
Code: [Select]
sudo chgrp ebox private
sudo chown g=rwx private

That fixed my problem