you are gonna need to add 'self write' to your ACL's for users to login. You probably should follow Yanick's very simple ACL's at first - just to get you started but you aren't going to learn ACL's from samba
Craig On Fri, 2006-03-03 at 11:49 +1100, adrian sender wrote: > I have this in my slap.conf as per the docs; > > > access to attrs=sambaLMPassword,sambaNTPassword > by dn="cn=sambaadmin,dc=tinistuff,dc=com" write > by * none > > Should that work? > > > >From: "Yanick Durant" <[EMAIL PROTECTED]> > >To: "adrian sender" <[EMAIL PROTECTED]> > >CC: samba@lists.samba.org > >Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> > >sambaadmin) > >Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET) > > > >You need to give enough rights to your "sambaadmin" to allow him to write > >to the ldap repository for adding users, and updating information. > > > >Ie : > > > >This kind of access rule inside your slapd.conf these line need to be > >after the database tag in the config file. > >This will also allow user to change their password > > > >access to attr=userPassword,sambaLMPassword,sambaNTPassword > > by self write > > by dn="cn=Manager,dc=tinistuff,dc=com" write > > by dn="cn=sambaadmin,dc=tinistuff,dc=com" write > > by anonymous auth > > by * none > > > ># The admin dn has full write access > >access to * > > by self write > > by dn="cn=Manager,dc=tinistuff,dc=com" write > > by dn="cn=sambaadmin,dc=tinistuff,dc=com" write > > by * read > > > >Regards, > > > >Yanick Durant > > > > > > > I will try to explain my situtation a little better so other can > > > understand. > > > > > > I am sticking to the documentation, (samba 3 by example by jht) > >excellent > > > book!; > > > > > > So here is where I am at; > > > > > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as > >per > > > the documentation chapter 6. > > > > > > I do have a bdc; however there is no relivence to that as I am only > > > working > > > on the PDC at the time; > > > > > > I have these commented out in the slapd.conf for the moment. > > > > > > #replica host=192.168.0.3:389 > > > # suffix="dc=tinistuff,dc=com" > > > # binddn="cn=updateuser,dc=tinistuff,dc=com" > > > # bindmethod=simple credentials=123456 > > > > > > #replogfile /var/lib/ldap/replogfile > > > > > > > > > This is my smb.conf as per chapter 6; > > > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > > > > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > > > > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > > > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > > > secrets.tdb > > > > > > Does this look right so far; I am now going to configure smbldaptools as > > > per > > > the documentation; In chapter 5 (./configure) > > > > > > Ok, now we take a look at this - > > > [EMAIL PROTECTED] sbin]# cat > > > /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > > > > ############################ > > > # Credential Configuration # > > > ############################ > > > # Notes: you can specify two differents configuration if you use a > > > # master ldap for writing access and a slave ldap server for reading > > > access > > > # By default, we will use the same DN (so it will work for standard > >Samba > > > # release) > > > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > > > slavePw="123456" > > > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > > > masterPw="123456" > > > > > > > > > Time to populate the ldap DB. > > > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > > > > > This does not work because it cannot bind as "sambaadmin" > > > > > > If I change my smbldap_bind to Manager, I can populate the DB. > > > > > > [EMAIL PROTECTED] sbin]# cat > > > /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > > > > ############################ > > > # Credential Configuration # > > > ############################ > > > # Notes: you can specify two differents configuration if you use a > > > # master ldap for writing access and a slave ldap server for reading > > > access > > > # By default, we will use the same DN (so it will work for standard > >Samba > > > # release) > > > slaveDN="cn=Manager,dc=tinistuff,dc=com" > > > slavePw="123456" > > > masterDN="cn=Manager,dc=tinistuff,dc=com" > > > masterPw="123456" > > > > > > Now it populates fine. > > > > > > Is this a fault on my behalf, or is there something wrong with > > > "sambaadmin" > > > in the config files? > > > > > > PS - please forgive any spelling errors. > > > > > > Kind Regards, > > > Adrian Sender. > > > > > > > > > > > > > > > > > >>From: Gordon Messmer <[EMAIL PROTECTED]> > > >>To: adrian sender <[EMAIL PROTECTED]>, samba > > >> <samba@lists.samba.org> > > >>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> > > >>sambaadmin) > > >>Date: Wed, 01 Mar 2006 08:13:32 -0800 > > >> > > >>Well... you have to create the containers using slapdadd. After the > > >>containers are present, then you can populate them with users, etc, > >using > > >>ldapadd or other tools. If you haven't created the containers, nothing > > >> is > > >>going to work. > > >> > > >> > > >> > > >>adrian sender wrote: > > >>>The database has not been populated, and cannot be populated using > > >>>"sambaadmin" > > >>> > > >>> > > >>> > > >>>>From: Gordon Messmer <[EMAIL PROTECTED]> > > >>>>To: adrian sender <[EMAIL PROTECTED]> > > >>>>CC: samba@lists.samba.org > > >>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> > > >>>>sambaadmin) > > >>>>Date: Tue, 28 Feb 2006 22:01:24 -0800 > > >>>> > > >>>>adrian sender wrote: > > >>>>> > > >>>>>[EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif > > >>>>>added: "cn=updateuser,dc=tinistuff,dc=com" (00000002) > > >>>>>added: "cn=sambaadmin,dc=tinistuff,dc=com" (00000003) > > >>>>>Error, entries missing! > > >>>>> entry 1: dc=tinistuff,dc=com > > >>>> > > >>>>If you dump the database, does "dc=tinistuff,dc=com" show up in there? > > >>>> It > > >>>>looks like the entry for the base DN is missing, which might explain > > >>>> the > > >>>>problems that you're having. > > >>>> > > >>> > > >>> > > >> > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
