[Samba] ACL's for smbpasswd to work?
Samba experts, Thanks to advice from this list, I am finally able to get smbpasswd to change ldap passwords for the Samba LM/NT passwords. However, I had to give write access to sambaPwdLastSet and sambaPwdCanChange attributes as well. Other Samba attributes don't seem to need write access. I have found plenty of examples with people assigning an ACL for sambaLMPassword and sambaNTPassword, but I haven't found examples that included other attributes such as sambaPwdLastSet and sambaPwdCanChange. Can someone explain why these fields need write access while there is so little documentation suggesting it (if any)? I guess I am not surprised that they need write access as much as I am surprised there is so little documentation suggesting it. Tim Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] changing ldap passwords?
Ok, but I seem to get this error when using smbpasswd # smbpasswd goliath New SMB password: Retype new SMB password: ldapsam_modify_entry: Failed to modify user dn= uid=goliath,ou=People,dc=lincon,dc=beloit,dc=edu with: Insufficient access ldapsam_update_sam_account: failed to modify user with uid = goliath, error: (Success) Failed to modify entry for user goliath. Failed to modify password entry for user goliath I am not sure what I am doing wrong in my setups.Does this acl in ldap's slapd.conf look ok? access to attr=sambaLMPassword,sambaNTPassword by dn.exact="uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu" read by * none What about this as the account for samba password administration (ldif format)? # samba_servers, People, lincon.beloit.edu dn: uid=samba_servers,ou=People,dc=lincon,dc=beloit,dc=edu objectClass: person objectClass: uidObject uid: samba_servers description: Account used by Samba servers to access user passwords cn: samba_servers sn: samba_servers Any idea why I might be getting the error above? Tim At 04:05 PM 1/24/2005, you wrote: Tim, smbpassword should work fine for modifying the LM/NT passwords. Also, if your using Fedora or Redhat Enterprise server you might wish to check out a program we have written: www.Essay-Software.com Sincerely, Scott Alcock Essay Software, LLC www.Essay-Software.com Rockford, Illinois Tim Tyler wrote: Samba experts, I am using Samba 3.0.8 on an AIX 5.1 system with ldap authentication. I have ldap working so that users can authenticate in their samba account via ldap. However, I am trying to figure out the best method for allowing users to change their ldap samba account password. What is the best method to allow end users to change their LM/NT passwords for Samba via LDAP? Should I be using smbpasswd? Or should I be using the smbldap-tools and use smbldap-passwd.pl? Or is there another option? Also, what do I need to set for privileges (ACL's) on the ldap server side to allow users to change their samba password (if any)? Any recommendations and hints about implementing it are much appreciated! thanks! Tim Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] changing ldap passwords?
Samba experts, I am using Samba 3.0.8 on an AIX 5.1 system with ldap authentication. I have ldap working so that users can authenticate in their samba account via ldap. However, I am trying to figure out the best method for allowing users to change their ldap samba account password. What is the best method to allow end users to change their LM/NT passwords for Samba via LDAP? Should I be using smbpasswd? Or should I be using the smbldap-tools and use smbldap-passwd.pl? Or is there another option? Also, what do I need to set for privileges (ACL's) on the ldap server side to allow users to change their samba password (if any)? Any recommendations and hints about implementing it are much appreciated! thanks! Tim Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compiling libldap error??
Samba experts, Ok, we are having so many problems getting ldap to work, we decided to start over with our compile. We are compiling Samba --with-ldap on our AIX 5.1 system which uses gcc. Openldap (for client support) exists in /usr/local/openldap/2.2.17. In order for Samba to find the ldap.h file, we had to configure with CPPFLAGS="-I/usr/local/openldap/2.2.17/include" which worked great! Now it finds ldap.h with no problem. However, now the ./configure gives this error: configure: error: libldap is needed for LDAP support What exactly is it looking for now.? Is libldap supposed to be a binary or library? We can't find libldap anywhere. There is a lib directory in openldap that contains a bunch of files such as: # pwd /usr/local/openldap/2.2.17/lib # dir total 12560 drwx-- 2 root system 512 Dec 15 13:59 . drwx-- 7 root system 512 Dec 15 13:59 .. -rw-r--r-- 1 root system 454117 Dec 15 13:59 liblber.a -rw-r--r-- 1 root system 646 Dec 15 13:59 liblber.la -rw-r--r-- 1 root system 2507942 Dec 15 13:59 libldap.a -rw-r--r-- 1 root system 692 Dec 15 13:59 libldap.la -rw-r--r-- 1 root system 3442991 Dec 15 13:59 libldap_r.a -rw-r--r-- 1 root system 698 Dec 15 13:59 libldap_r.la Is it looking for libldap.a? Note: we tried to configure with LDFLAGS="-L/usr/local/openldap/2.2.17/lib" but that didn't resolve it. Any suggestions for what we may need to do? Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting samba ldap to work?
Samba experts, I am having problems getting samba 3.0.8 working with ldap authentication on an aix 5.1 system. I have successfully gotten ldap to work with telnet, ftp, ssh, finger, etc. But, I seem to be really stuck on getting samba to work for some reason. I am running my ldap server on another host (Debian). I did enter in a samba schema into the slapd.conf file. I have both opendlap and nss_ldap installed on the aix server, though I am not sure if samba even tries to use them or not. Questions: 1. Does samba use openldap or nss_ldap? 2. Should I consider using pam support? If so, do I need to recompile samba for pam support? 3. I notice that some people configure their smb.conf file to use ldap server or passdb backend =. Which should I be using? # passdb backend = ldapsam:"ldap://lincon.beloit.edu"; ldap suffix= "ou=People,dc=lincon,dc=beloit,dc=edu" ldap admin dn = "cn=admin,dc=lincon,dc=beloit,dc=edu" # ldap port = 389 ldap server= 144.89.254.9 ldap ssl = no ldap machine suffix = ou=Machine ldap user suffix = ou=People ldap group suffix = ou=Group NOTE: When I use passdb backend, I never get a prompt to login with my username and password. It simply fails stating their is no backend. [2005/01/18 14:54:05, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2005/01/18 14:54:05, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! [2005/01/18 14:54:05, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2005/01/18 14:54:05, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! When I comment out that and use the ldap server line (with ldap port commented out), I get a prompt, but get these errors in the logs: 2005/01/18 15:20:11, 1] lib/util_sock.c:get_peer_name(959) Gethostbyaddr failed for 144.89.40.114 [2005/01/18 15:20:12, 1] lib/util_sock.c:get_peer_name(959) Gethostbyaddr failed for 144.89.40.114 I feel like its not really getting to the point of inquiring for a username, etc. Any suggestions are much appreciated! -thanks Tim Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: Re: [Samba] samba ldap?
Gemes, others, Ok, I went back and compiled without ldapsam_compat. I am now trying to simply use ldapsam. However, I get this error in the log.smbd when trying to connect with a client: [2004/12/23 12:59:18, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/23 12:59:18, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! [2004/12/23 12:59:21, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/23 12:59:21, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! Here is the Global part of my smb.conf file: [global] encrypt passwords = yes passdb backend = ldapsam:"ldap://lincon.beloit.edu"; dns proxy = no log file = /var/log/samba/%m.log load printers = no printing = server string = backt.beloit.edu socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = its os level = 20 hosts allow = all localhost printcap name = max log size = 50 max disk size = 100 invalid users = root ldap suffix= ou=People,dc=lincon,dc=beloit,dc=edu ldap admin dn = cn=admin,dc=lincon,dc=beloit,dc=edu ldap ssl = no Do I need additional or different ldap options in this file? Note that we do NOT use Windows Domains. I have no desire to do anything with Windows Domains. There are no Windows servers or workstations with accounts for global access. We are very Unix based here. I guess I am not understanding whether this is a problem with the ldap server or the samba server at this point. I see that some people use the ldap machine variable in smb.conf. Since I don't care about Windows Domains, do I still need that variable? Tim Tim Tyler írta: Samba Ldap experts, I am trying to recompile samba to support ldap. After compiling samba with --with-ldapsam, I had no errors with configure or compilation. However, after starting up smbd and nmbd, I get these errors in the log.smbd file when I try to connect to the server: [2004/12/20 13:57:02, 0] lib/debug.c:reopen_logs(590) Unable to open new log file /var/log/samba/smbd.log: No such file or directory [2004/12/20 13:57:02, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/20 13:57:02, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! [2004/12/20 13:57:05, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/20 13:57:05, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! Is this a problem on the samba side or the ldap server side which is on another server? Any hints about resolving it? I am just not sure where to begin to look. Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] If you are trying to compile samba3.0.x, then you don't need to pass any special configure option for ldapsam support. The --with-ldapsam configure option is for enabling the ldapsam_compat passdb backend, whith which you could use your old (samba2) ldap user database, until you convert it for using the newer (samba3) schema. I would recommend against using the ldapsam_compat passdb backend, as it there only for compatibility, and is not well tested. Cheers, Geza Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba ldap?
Samba Ldap experts, I am trying to recompile samba to support ldap. After compiling samba with --with-ldapsam, I had no errors with configure or compilation. However, after starting up smbd and nmbd, I get these errors in the log.smbd file when I try to connect to the server: [2004/12/20 13:57:02, 0] lib/debug.c:reopen_logs(590) Unable to open new log file /var/log/samba/smbd.log: No such file or directory [2004/12/20 13:57:02, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/20 13:57:02, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! [2004/12/20 13:57:05, 0] passdb/pdb_interface.c:make_pdb_methods_name(664) No builtin nor plugin backend for ldapsam found [2004/12/20 13:57:05, 1] passdb/pdb_interface.c:make_pdb_context_list(765) Loading ldapsam:ldap://lincon.beloit.edu failed! Is this a problem on the samba side or the ldap server side which is on another server? Any hints about resolving it? I am just not sure where to begin to look. Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba automatically disabled?
Derek, That was exactly the problem. The changepasswd.cgi program (one of the revisions) has the CT transposed. I simply went into the C code and transposed it back properly and recompiled it. It now works fine. It was the line with: strcpy(smbltc,"LCT-"); Thanks Tim At 08:25 AM 8/6/2004, you wrote: I ran into a similar problem when the last field in the password file was LCT-. Derek On Aug 5, 2004, at 3:56 PM, Tim Tyler wrote: Samba experts, I am running samba 3.0.3-5 of Samba on Fedora core 2 (Red Hat). I am trying to use encrypted passwords. However, when a user tries to connect to their samba account, they end up getting automatically disabled. Their encyrpted password becomes all X's. Can anyone tell me why this might be happening at the moment they attempt to login? Here are my global variables in case that helps? [global] dns proxy = no log file = /var/log/samba/%m.log load printers = yes printing = cups server string = Bagel password server = None socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = its os level = 20 username map = hosts allow = all printcap name = cups max log size = 50 max disk size = 100 smb passwd file = /etc/samba/smbpasswd encrypt passwords = yes Any suggestions? Tim Tim Tyler Network Engineer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Artifical intelligence is no match for natural stupidity Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba automatically disabled?
Samba experts, I am running samba 3.0.3-5 of Samba on Fedora core 2 (Red Hat). I am trying to use encrypted passwords. However, when a user tries to connect to their samba account, they end up getting automatically disabled. Their encyrpted password becomes all X's. Can anyone tell me why this might be happening at the moment they attempt to login? Here are my global variables in case that helps? [global] dns proxy = no log file = /var/log/samba/%m.log load printers = yes printing = cups server string = Bagel password server = None socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = its os level = 20 username map = hosts allow = all printcap name = cups max log size = 50 max disk size = 100 smb passwd file = /etc/samba/smbpasswd encrypt passwords = yes Any suggestions? Tim Tim Tyler Network Engineer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AIX 5.1 compile error for 3.02?
Samba experts, I tried compiling samba 3.02 on an AIX 5.1 system with virtually no options (just keeping the defaults). I got this error on the make (using gcc 3.3.3): Using FLAGS = -O -I./popt -Iinclude -I/usr/local/src/samba-3.0.2/source/include -I/usr/local/src/samba-3.0.2/source/ubiqx -I/usr/local/src/samba-3.0.2/source/smbwrapper -I. -I/usr/local/src/samba-3.0.2/source LIBS = LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok LDFLAGS = Linking bin/smbd /usr/bin/ld: target expall not found collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 Can anyone tell me what I need to do to successfully compile Samba 3.x on an Aix 5.1 platform? Note: I can't seem to compile 3.5 either. Tim Tim Tyler Network Engineer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba