You need to give enough rights to your "sambaadmin" to allow him to write
to the ldap repository for adding users, and updating information.
Ie :
This kind of access rule inside your slapd.conf these line need to be
after the database tag in the config file.
This will also allow user to change their password
access to attr=userPassword,sambaLMPassword,sambaNTPassword
by self write
by dn="cn=Manager,dc=tinistuff,dc=com" write
by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
by anonymous auth
by * none
# The admin dn has full write access
access to *
by self write
by dn="cn=Manager,dc=tinistuff,dc=com" write
by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
by * read
Regards,
Yanick Durant
> I will try to explain my situtation a little better so other can
> understand.
>
> I am sticking to the documentation, (samba 3 by example by jht) excellent
> book!;
>
> So here is where I am at;
>
> I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per
> the documentation chapter 6.
>
> I do have a bdc; however there is no relivence to that as I am only
> working
> on the PDC at the time;
>
> I have these commented out in the slapd.conf for the moment.
>
> #replica host=192.168.0.3:389
> # suffix="dc=tinistuff,dc=com"
> # binddn="cn=updateuser,dc=tinistuff,dc=com"
> # bindmethod=simple credentials=123456
>
> #replogfile /var/lib/ldap/replogfile
>
>
> This is my smb.conf as per chapter 6;
> ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
>
> ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
>
> [EMAIL PROTECTED] sbin]# smbpasswd -w 123456
> Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in
> secrets.tdb
>
> Does this look right so far; I am now going to configure smbldaptools as
> per
> the documentation; In chapter 5 (./configure)
>
> Ok, now we take a look at this -
> [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading
> access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
> masterPw="123456"
>
>
> Time to populate the ldap DB.
> [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0
>
> This does not work because it cannot bind as "sambaadmin"
>
> If I change my smbldap_bind to Manager, I can populate the DB.
>
> [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading
> access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=Manager,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=Manager,dc=tinistuff,dc=com"
> masterPw="123456"
>
> Now it populates fine.
>
> Is this a fault on my behalf, or is there something wrong with
> "sambaadmin"
> in the config files?
>
> PS - please forgive any spelling errors.
>
> Kind Regards,
> Adrian Sender.
>
>
>
>
>
>>From: Gordon Messmer <[EMAIL PROTECTED]>
>>To: adrian sender <[EMAIL PROTECTED]>, samba
>> <samba@lists.samba.org>
>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
>>sambaadmin)
>>Date: Wed, 01 Mar 2006 08:13:32 -0800
>>
>>Well... you have to create the containers using slapdadd. After the
>>containers are present, then you can populate them with users, etc, using
>>ldapadd or other tools. If you haven't created the containers, nothing
>> is
>>going to work.
>>
>>
>>
>>adrian sender wrote:
>>>The database has not been populated, and cannot be populated using
>>>"sambaadmin"
>>>
>>>
>>>
>>>>From: Gordon Messmer <[EMAIL PROTECTED]>
>>>>To: adrian sender <[EMAIL PROTECTED]>
>>>>CC: samba@lists.samba.org
>>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
>>>>sambaadmin)
>>>>Date: Tue, 28 Feb 2006 22:01:24 -0800
>>>>
>>>>adrian sender wrote:
>>>>>
>>>>>[EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif
>>>>>added: "cn=updateuser,dc=tinistuff,dc=com" (00000002)
>>>>>added: "cn=sambaadmin,dc=tinistuff,dc=com" (00000003)
>>>>>Error, entries missing!
>>>>> entry 1: dc=tinistuff,dc=com
>>>>
>>>>If you dump the database, does "dc=tinistuff,dc=com" show up in there?
>>>> It
>>>>looks like the entry for the base DN is missing, which might explain
>>>> the
>>>>problems that you're having.
>>>>
>>>
>>>
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
