On Mon, 2004-01-05 at 16:50, Ron Liu wrote: > Hi, There > I am setting up Samba(3.0.1-1)-ldap(openldap-2.1.22-8)-pdc on Fedora 1.0. > I used the RPMs for the installations. After setup, start both smb and ldap > without problem. However when I tried to add users with smbpasswd -a userid, > it gave me the following errors. Can someone point me to right direction, is > there anything I can do to do more test and diagnosis. I've copied the error > message, and the conf file for samba.conf and slapd.conf > > Thank you for your help! > > Ron Liu > Information Technology Consultant > Biology Department > San Jose State University > 408-924-4860 > [EMAIL PROTECTED] > > > [EMAIL PROTECTED] openldap]# smbpasswd -a bliu > New SMB password: > Retype new SMB password: > fetch_ldap_pw: neither ldap secret retrieved! > ldap_connect_system: Failed to retrieve password from secrets.tdb > Connection to LDAP Server failed for the 1 try! > smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid > credentials) > fetch_ldap_pw: neither ldap secret retrieved! > ldap_connect_system: Failed to retrieve password from secrets.tdb > Connection to LDAP Server failed for the 1 try! > smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid > credentials) > fetch_ldap_pw: neither ldap secret retrieved! > ldap_connect_system: Failed to retrieve password from secrets.tdb > Connection to LDAP Server failed for the 1 try! > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: > (unknown) (Invalid credentials) > fetch_ldap_pw: neither ldap secret retrieved! > ldap_connect_system: Failed to retrieve password from secrets.tdb > Connection to LDAP Server failed for the 1 try! > smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid > credentials) > Failed to add entry for user bliu. > Failed to modify password entry for user bliu > > > ******************************** > #======================= Global Settings > ===================================== > [global] > workgroup = mydomain > netbios name = ts010 > encrypt passwords = yes > passdb backend = ldapsam:ldap://localhost/ > ldap suffix = o=mydomain,dc=mydomain,dc=com > ldap machine suffix = ou=Comupters > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = "cn=tsadmin,dc=mydomain,dc=com" > # ldap ssl = start tls > ldap delete dn = no > server string = mydomain Samba Server > hosts allow = 10.101.0. 10.101.1. 127. > printcap name = cups > load printers = yes > printing = cups > log file = /var/log/samba/%m.log > max log size = 50 > security = user > password level = 8 > ; username level = 8 > smb passwd file = /etc/samba/smbpasswd > unix password sync = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd *all*authentication*tokens*updated*successfully* > ; username map = /etc/samba/smbusers > ; include = /etc/samba/smb.conf.%m > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = yes > os level = 33 > domain master = yes > preferred master = yes > domain logons = yes > logon script = scripts\logscript.bat > logon path = \\%L\Profiles\%U > logon drive = H: > logon home = \\%L\%U > ; name resolve order = wins lmhosts bcast > wins support = yes > dns proxy = no > write list = @tsadmin > add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s > /bin/false -M %u > [home] > ........... > ********************************* > my slapd.conf > ******************************** > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 > 23:19:14 kurt Exp $ > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/redhat/autofs.schema > #rliu, 12/31/03 > include /etc/openldap/schema/samba.schema > > # Allow LDAPv2 client connections. This is NOT the default. > allow bind_v2 > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/slapd.pid > #argsfile //var/run/slapd.args > > # Load dynamic backend modules: > # modulepath /usr/sbin/openldap > # moduleload back_bdb.la > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # The next three lines allow use of TLS for connections using a dummy test > # certificate, but you should generate a proper certificate by changing to > # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on > # slapd.pem so that the ldap user or group can read it. > # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt > # TLSCertificateFile /usr/share/ssl/certs/slapd.pem > # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem > > # Sample security restrictions > # Require integrity protection (prevent hijacking) > # Require 112-bit (3DES or better) encryption for updates > # Require 63-bit encryption for simple bind > # security ssf=1 update_ssf=112 simple_bind=64 > > # Sample access control policy: > # Root DSE: allow anyone to read it > # Subschema (sub)entry DSE: allow anyone to read it > # Other DSEs: > # Allow self write access > # Allow authenticated users read access > # Allow anonymous users to authenticate > # Directives needed to implement policy: > # access to dn.base="" by * read > # access to dn.base="cn=Subschema" by * read > # access to * > # by self write > # by users read > # by anonymous auth > # > # if no access controls are present, the default policy is: > # Allow read by all > # > # rootdn can always write! > > ####################################################################### > # ldbm and/or bdb database definitions > ####################################################################### > > database ldbm > suffix "o=mydomain" > suffix "dc=mydomain,dc=com" > rootdn "cn=tsadmin,dc=mydomain,dc=com" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > # rootpw secret > rootpw {SSHA}nzEMEVTSdQYIy3jLsWn4xmQLQI/Cb0Tn > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /var/lib/ldap/ > > # Indices to maintain for this database > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > > # Replicas of this database > #replogfile /var/lib/ldap/openldap-master-replog > #replica host=ldap-1.example.com:389 tls=yes > # bindmethod=sasl saslmech=GSSAPI > # authcId=host/[EMAIL PROTECTED] ---- one more thing...
PDC ## MUST ## have a NETLOGON share Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba