Re: [Samba] Samba+LDAP problems
Hello... Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: Hello Edmundo (...) So, yes, i have configured this file already: passwd: compat ldap shadow: compat ldap group: compat ldap I have downloaded the libnss-ldap file too but it's the same... Yes, this package must be installed too, nsswitch.conf says where to read and libnss-ldap says how to do it when using LDAP. Normally answering debconf properly when installing the package is enough to make it work and messing with /etc/libnss-ldap.conf isn't needed. I can't make it to work... If i try to create a posixAccount in phpLDAPadmin it show me the error: Could not add the object to the LDAP server. LDAP said: Object class violation Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION) Description: You tried to perform an operation that would cause an undefined attribute to exist or that would remove a required attribute, given the current list of ObjectClasses. This can also occur if you do not specify a structural objectClass when creating an entry, or if you specify more than one structural objectClass. Doesn't make much sense trying anything else if your NSS doesn't work, make it work isn't optional. If you have populated LDAP successfully with smbldap-populate at least the administrator and nobody accounts (or whatever was inserted in the base) must appear with getent. (you can make sure what was inserted doing a slapcat). Ok with slapcat i see the user testuser created... but i saw it in phpldapadmin before. Here i cut and paste a last section of slapcat out: dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: testuser sn: testuser givenName: testuser uid: testuser uidNumber: 1564 gidNumber: 513 homeDirectory: /home/testuser loginShell: /bin/bash gecos: System User structuralObjectClass: inetOrgPerson entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar createTimestamp: 20071108004614Z userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4= shadowLastChange: 13825 shadowMax: 45 entryCSN: 20071108004653Z#00#00#00 modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar modifyTimestamp: 20071108004653Z And the rare is, when i create the account with smbldap-useradd -m testuser it create the home directory at /home/testuser but i don't know why it doesn't create a uid Ok, -m makes the home directory, but what do you mean by doesn't create a uid? Its only a perl script that inserts something in the base directly, it doesn't fail when lacking NSS. A dump of the base with slapcat doesn't show the user? The command give any error? If the user isn't in the base your smbldap-tools install is broken too. I mean that i don't know why the user linux is not created, why i don't see him with getent passwd. The command work fine without errors. So all of this means smbldap-tools is broken ?? Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Hi John... John H Terpstra wrote: On Wednesday 07 November 2007 19:00, Marcelo Mogrovejo wrote: Hello... Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: Hello Edmundo (...) So, yes, i have configured this file already: passwd: compat ldap shadow: compat ldap group: compat ldap I have downloaded the libnss-ldap file too but it's the same... Yes, this package must be installed too, nsswitch.conf says where to read and libnss-ldap says how to do it when using LDAP. Normally answering debconf properly when installing the package is enough to make it work and messing with /etc/libnss-ldap.conf isn't needed. I can't make it to work... If i try to create a posixAccount in phpLDAPadmin it show me the error: Could not add the object to the LDAP server. LDAP said: Object class violation Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION) Description: You tried to perform an operation that would cause an undefined attribute to exist or that would remove a required attribute, given the current list of ObjectClasses. This can also occur if you do not specify a structural objectClass when creating an entry, or if you specify more than one structural objectClass. Doesn't make much sense trying anything else if your NSS doesn't work, make it work isn't optional. If you have populated LDAP successfully with smbldap-populate at least the administrator and nobody accounts (or whatever was inserted in the base) must appear with getent. (you can make sure what was inserted doing a slapcat). Ok with slapcat i see the user testuser created... but i saw it in phpldapadmin before. Here i cut and paste a last section of slapcat out: dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: testuser sn: testuser givenName: testuser uid: testuser uidNumber: 1564 gidNumber: 513 homeDirectory: /home/testuser loginShell: /bin/bash gecos: System User structuralObjectClass: inetOrgPerson entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar createTimestamp: 20071108004614Z userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4= shadowLastChange: 13825 shadowMax: 45 entryCSN: 20071108004653Z#00#00#00 modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar modifyTimestamp: 20071108004653Z And the rare is, when i create the account with smbldap-useradd -m testuser it create the home directory at /home/testuser but i don't know why it doesn't create a uid Ok, -m makes the home directory, but what do you mean by doesn't create a uid? Its only a perl script that inserts something in the base directly, it doesn't fail when lacking NSS. A dump of the base with slapcat doesn't show the user? The command give any error? If the user isn't in the base your smbldap-tools install is broken too. I mean that i don't know why the user linux is not created, why i don't see him with getent passwd. The command work fine without errors. So all of this means smbldap-tools is broken ?? No, it means your NSS is either not configured correctly, or is broken. How have you configured /etc/nsswitch.conf and /etc/ldap.conf? here i show you my /etc/nsswitch.conf and /etc/ldap/ldap.conf http://pastebin.com/mf74cf2 thanks. regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Hello... Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: Hello Edmundo (...) So, yes, i have configured this file already: passwd: compat ldap shadow: compat ldap group: compat ldap I have downloaded the libnss-ldap file too but it's the same... Yes, this package must be installed too, nsswitch.conf says where to read and libnss-ldap says how to do it when using LDAP. Normally answering debconf properly when installing the package is enough to make it work and messing with /etc/libnss-ldap.conf isn't needed. I can't make it to work... If i try to create a posixAccount in phpLDAPadmin it show me the error: Could not add the object to the LDAP server. LDAP said: Object class violation Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION) Description: You tried to perform an operation that would cause an undefined attribute to exist or that would remove a required attribute, given the current list of ObjectClasses. This can also occur if you do not specify a structural objectClass when creating an entry, or if you specify more than one structural objectClass. Doesn't make much sense trying anything else if your NSS doesn't work, make it work isn't optional. If you have populated LDAP successfully with smbldap-populate at least the administrator and nobody accounts (or whatever was inserted in the base) must appear with getent. (you can make sure what was inserted doing a slapcat). Ok with slapcat i see the user testuser created... but i saw it in phpldapadmin before. Here i cut and paste a last section of slapcat out: dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: testuser sn: testuser givenName: testuser uid: testuser uidNumber: 1564 gidNumber: 513 homeDirectory: /home/testuser loginShell: /bin/bash gecos: System User structuralObjectClass: inetOrgPerson entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar createTimestamp: 20071108004614Z userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4= shadowLastChange: 13825 shadowMax: 45 entryCSN: 20071108004653Z#00#00#00 modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar modifyTimestamp: 20071108004653Z And the rare is, when i create the account with smbldap-useradd -m testuser it create the home directory at /home/testuser but i don't know why it doesn't create a uid Ok, -m makes the home directory, but what do you mean by doesn't create a uid? Its only a perl script that inserts something in the base directly, it doesn't fail when lacking NSS. A dump of the base with slapcat doesn't show the user? The command give any error? If the user isn't in the base your smbldap-tools install is broken too. I mean that i don't know why the user linux is not created, why i don't see him with getent passwd. The command work fine without errors. So all of this means smbldap-tools is broken ?? Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Hello Edmundo Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: (...) Have you configured NSS? gentent passwd shows the user? NSS is the same of /etc/nsswitch.conf ?? Yes, its the configuration file of NSS, it says from which base the information are readed, when using LDAP it needs to read from LDAP too. So, yes, i have configured this file already: passwd: compat ldap shadow: compat ldap group: compat ldap I have downloaded the libnss-ldap file too but it's the same... I can't make it to work... If i try to create a posixAccount in phpLDAPadmin it show me the error: Could not add the object to the LDAP server. LDAP said: Object class violation Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION) Description: You tried to perform an operation that would cause an undefined attribute to exist or that would remove a required attribute, given the current list of ObjectClasses. This can also occur if you do not specify a structural objectClass when creating an entry, or if you specify more than one structural objectClass. And the rare is, when i create the account with smbldap-useradd -m testuser it create the home directory at /home/testuser but i don't know why it doesn't create a uid thanks for your help best regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Edmundo Valle Neto wrote: Marcelo Mogrovejo escreveu: Hi (...) I read this documents and i begin again with samba+ldap... This time i have not problems, except when i try to create an user for testing. I create a testuser and i add a password for his but when i try to login with this user, hi doesn't login... for exameple with command su testuser as root it show me Id desconocido: testuser or Unknown Id: testuser. i don't know why happen it... (...) Have you configured NSS? gentent passwd shows the user? NSS is the same of /etc/nsswitch.conf ?? No, getent passwd doesn't show me the users i created... regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Hi (...) I read this documents and i begin again with samba+ldap... This time i have not problems, except when i try to create an user for testing. I create a testuser and i add a password for his but when i try to login with this user, hi doesn't login... for exameple with command su testuser as root it show me Id desconocido: testuser or Unknown Id: testuser. i don't know why happen it... 1. http://download.gna.org/smbldap-tools/docs/ 2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ 3. http://us4.samba.org/samba/docs/man/Samba-Guide/ thanks and best regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP problems
Edmundo Valle Neto wrote: If it was asked to the list answer to the list please, other people can not guess what was already answered. Sending it back ... (...) Trying to add anything else works? with de command line a don't know how add another thing, but with phpldapadmin i can add for example users. The best documentation are from smbldap-tools project [1] and samba [2], [3]. (...) I don't use LAM, but use smbldap-tools and phpldapadmin. In turn to saying that the services aren't properly configured (as nothing worked and you said that there isnt anything like that in google), I think helps begin from the beginning. Are all services running in the same machine? before, services were running now, i don't know what happen but slapd doesn't work when i write /etc/init.d/slapd start as root in command line, the syslog show me this: Oct 29 16:31:56 skull1 slapd[12409]: @(#) $OpenLDAP: slapd 2.3.38 (Sep 17 2007 21:09:04) $ [EMAIL PROTECTED]:/tmp/buildd/openldap2.3-2.3.38/debian/build/servers/slapd Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_open: Database cannot be opened, err 13. Restore from backup! Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): DB_ENV-lock_id_free interface requires an environment configured for the locking subsystem Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): txn_checkpoint interface requires an environment configured for the transaction subsystem Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: txn_checkpoint failed: Invalid argument (22) Oct 29 16:31:57 skull1 slapd[12410]: backend_startup_one: bi_db_open failed! (13) Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: alock_close failed Oct 29 16:31:57 skull1 slapd[12410]: slapd stopped. Oct 29 16:31:57 skull1 slapd[12410]: connections_destroy: nothing to destroy. i don't know why... yesterday it work perfectly. Probably your database is corrupted, you can try to fix it, recover a backup, or if you don't have a backup and nothing works, start it over. If you don't know how to make any of the alternatives, maybe is time to learn a little more about how LDAP works, before trying to use it. You said that you are using Debian right? yes The package 3.0.26a doesn't come with the stable release Etch, which release are you using? i have debian sid (unstable release) I don't recommend it in servers. And don't recommend it in desktops if you don't know how to solve your own problems. How do you configure your apt repositories and install your packages? (if the packages related with the problem didn't came from the stable repository, helps write its versions). i configured my apt repository manualy with nano -w /etc/apt/sources.list and my repositories are: deb http://ftp.uk.debian.org/debian/ sid main non-free contrib deb-src http://ftp.uk.debian.org/debian/ sid main non-free contrib ldap-account-manage 2.0.0-1 ldap-utils 2.3.38-1 slapd 2.3.38-1 smbldap-tools 0.9.4-1 phpldapadmin0.9.8.4-2 i think that all packages are there... Ok. Everything from Sid. How did you populated your LDAP tree? i can't populate my LDAP tree jet ... The package drops a working database practically with only the root and administrator DNs. I mean prepare it be used by samba, creating the needed OUs and domain information. One detail. smbldap-tools doesn't use samba to do its job, it connects to LDAP directly, so, supposing that you have configured smbldap-tools properly, its very unlikely that the problem has anything to do with the samba package, as you have noticed that changing versions doesn't solve the problem. aahh. ok. thanks and best regards 1. http://download.gna.org/smbldap-tools/docs/ 2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ 3. http://us4.samba.org/samba/docs/man/Samba-Guide/ Thanks for this docs, i'm starting to read it and then i'll follow to ask. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba