On Tue, 11 Jan 2005, [ISO-8859-1] Harry Rüter wrote: > Hi ;o) > > here are more informations : > > Because just testing and not public you get to know all my secrets ;o) > > PW is : secret > > slapd.conf (partly ..): > > ---snipp--- > database bdb > suffix "dc=hrnet,dc=de" > rootdn "cn=ldapmanager,dc=hrnet,dc=de" > rootpw secret > directory /usr/local/openldap-2.2/var/openldap-data > index objectClass eq > index sambaSID eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > index uid,uidNumber,gidNumber,memberUid eq > index cn,mail,surname,givenname eq,subinitial > access to * > by * write > ---snipp--- > > smb.conf (partly, what's of interest) : > > ---snipp--- > > # now without passdb backend > # passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/ > > ldap server = 486dx66.hrnet.de > ldap suffix = "dc=hrnet,dc=de" > ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))" > ldap port = 1389 > ldap admin dn = "cn=ldapmanager,dc=hrnet,dc=de" > ldap ssl = off > > ldap user suffix = ou=users > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ---snipp--- > > > William Jojo schrieb: > > > > I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's > > compiled ok, which I believe it is since you are getting errors about not > > finding the rootdn password. > > > > Hmmm, well, here's a couple of things: > > > > 1) How tight do you have the restrictions on slapd.conf with respect to > > accessing certain containers? > > See above, no restrictions now .. > > > 2) be certain the rootdn in slapd.conf exactly matches "ldap admin dn". > > See above ... > > > 3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes are > > in place. (i've done that myself :-) > > Okay, i did this again after having finished smb.conf ... > > > 4) tdbdump the secrets.tdb to verify that the entry in the database shows > > the correct rootdn and password selected. > > Seems to be okay .... > > ---snipp--- > > [PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb { > key = "SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de" > data = "secret\00" > } > { > key = "SECRETS/SID/HRDOMAIN" > data = > "\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00" > } > { > key = "SECRETS/SID/486DX66" > data = > "\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00" > } > ---snipp--- > > Here's the output i have now .. > > ---snipp--- > > [PTS2] [EMAIL PROTECTED]:/usr/local/samba3 # bin/smbpasswd -D 10 -c > etc/smb.conf tina > Netbios name list:- > my_netbios_names[0]="486DX66" > Trying to load: ldapsam_compat > Attempting to register passdb backend ldapsam > Successfully added passdb backend 'ldapsam' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend 'ldapsam_compat' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend 'smbpasswd' > Attempting to register passdb backend tdbsam > Successfully added passdb backend 'tdbsam' > Attempting to register passdb backend guest > Successfully added passdb backend 'guest' > Attempting to find an passdb backend to match ldapsam_compat > (ldapsam_compat) > Found pdb backend ldapsam_compat > pdb backend ldapsam_compat has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > New SMB password: > New SMB password: > Retype new SMB password: > smbldap_search: base => [dc=hrnet,dc=de], filter => > [(&(&(uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))], > scope => [2] this is going to be a problem if the account is not created with both object classes, but I can't say for sure as I've never even tried it. I'd pick the newer --with-ldap option and go from there. > smbldap_open_connection: ldap://486dx66.hrnet.de:1389 > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389 > as "cn=ldapmanager,dc=hrnet,dc=de" > failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error: > Can't contact LDAP server > (unknown) > Connection to LDAP server failed for the 1 try! check for firewall/DNS issues here. everything else looks good. > smbldap_open_connection: ldap://486dx66.hrnet.de:1389 > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389 > as "cn=ldapmanager,dc=hrnet,dc=de" > [ -- cut here -- ] > ---snipp--- > > > So what's wrong ? > Is it that i compiled in --with-ldap AND --with-ldapsam = > there's really no need to use --with-ldapsam unless you need to comply with 2.x samba.schema Bill > > greets Harry > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba