Re: [Samba] LDAP+samba dc docs
Hi John,(sorry for the personal reply, mistake on my part) On Friday 07 January 2005 17:45, John H Terpstra wrote: What version of Samba are you using? samba-3.0.9-2.1 standard that came with SUSE-9.2 Pro with all updates applied. LADP is openldap2-2.2.15-5 What version of the Idealx scripts are you using? Where did you obtain it? smbldap-tools-0.8.5 from idealx.org The version of the Idealx scripts must match the version of Samba you are using because there have been a number of schema changes over the 3.x series. How do I know which version I should use for my Samba? The pdf the idealx supplies only mentions samba-3.0.2 Thanks for the perl instructions. I will try that now. Our ADSL is down so I'm on dial-up - takes a bit of time, will report back later. Thanks for all your help! -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
I managed to fix the Perl, it seems, I get the original error again :-) The tools are installed in /var/lib/samba/sbin/ and symlinked to /usr/sbin/ More on the error I get: ncshans:/usr/sbin # smbldap-populate Using builtin directory structure adding new entry: dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 2. adding new entry: ou=Users,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 3. adding new entry: ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 4. adding new entry: ou=Computers,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 5. adding new entry: ou=Idmap,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 6. adding new entry: cn=NextFreeUnixId,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 7. adding new entry: uid=Administrator,ou=Users,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 8. adding new entry: uid=nobody,ou=Users,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 9. adding new entry: cn=Domain Admins,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 10. adding new entry: cn=Domain Users,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 11. adding new entry: cn=Domain Guests,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 19. adding new entry: cn=Print Operators,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate line 388, GEN1 line 20. adding new entry: cn=Backup Operators,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Can't contact LDAP server at /usr/sbin/smbldap-populate line 388, GEN1 line 21. adding new entry: cn=Replicators,ou=Groups,dc=newingtoncs,dc=co,dc=za failed to add entry: Can't contact LDAP server at /usr/sbin/smbldap-populate line 388, GEN1 line 21. Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Hi John, Thanks for your help and congrats on a great book - it's the best samba/ldap info I've seen so far! I have gone through all the relevant stuff, but I'm getting stuck on the LDAP database initialisation. With the smbldap tools I get a error that I thought had something to do with a missing perl module (net::ldap::ldif or something like that) - I downloaded and installed that, and managed to break my perl in the process, so I can't get that particular message again. Nevertheless, I looked at the Alternative LDAP Database Initialization section in Appendix 5, assembled the script (I had trouble with it too but managed to edit it to work). Now, trying out the line: ncshans:/home/hansdp/ldap-setup # slapadd -c -v -l NEWINGTONCS.ldif gives me: slapadd: could not add entry dn=dc=newingtoncs,dc=co,dc=za (line=8): already exists slapadd: could not parse entry (line=70) I'm not sure about the first error, but regarding the second one, line 70 looks like: objectClass: sambaGroupMapping I googled around and this seems to be a problem with whitespaces, mostly, but I checked every line. Any idea why this is causing trouble? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Hans, What version of Samba are you using? What version of the Idealx scripts are you using? Where did you obtain it? To update your Perl you need to be on-line and then run: perl -MCPAN -e shell Follow the initialization process and then when you get a prompt execute: install net::ldap::ldif when that finishes, execute: install Crypt::SmbHash That should then have meet all dependencies for the Idealx scripts. The version of the Idealx scripts must match the version of Samba you are using because there have been a number of schema changes over the 3.x series. - John T. On Friday 07 January 2005 03:39, Hans du Plooy wrote: Hi John, Thanks for your help and congrats on a great book - it's the best samba/ldap info I've seen so far! I have gone through all the relevant stuff, but I'm getting stuck on the LDAP database initialisation. With the smbldap tools I get a error that I thought had something to do with a missing perl module (net::ldap::ldif or something like that) - I downloaded and installed that, and managed to break my perl in the process, so I can't get that particular message again. Nevertheless, I looked at the Alternative LDAP Database Initialization section in Appendix 5, assembled the script (I had trouble with it too but managed to edit it to work). Now, trying out the line: ncshans:/home/hansdp/ldap-setup # slapadd -c -v -l NEWINGTONCS.ldif gives me: slapadd: could not add entry dn=dc=newingtoncs,dc=co,dc=za (line=8): already exists slapadd: could not parse entry (line=70) I'm not sure about the first error, but regarding the second one, line 70 looks like: objectClass: sambaGroupMapping I googled around and this seems to be a problem with whitespaces, mostly, but I checked every line. Any idea why this is causing trouble? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Hans du Plooy wrote: On Thursday 06 January 2005 09:22, Koenraad Lelong wrote: I think there was a recent post of you, which says all authentication, including Linux, should go through LDAP. If this is correct, I think this should be stressed in all documents concerning Samba/LDAP. Hi Koenraad, I did post the LDAP athentication issue, but that was to a different list - post content was slightly different. SUSE offers LDAP authentication but I had trouble getting it setup. Apart from samba I need to have other things work with LDAP too. Thanks for your reply and to John H Terpstra Dankie I didn't mean you, Hans. I was referring to a post of John (Re: [Samba] PDC + LDAP group mappings, of 30 dec) : ... For the record: = If you use LDAP with Samba it is essential that ALL your UNIX (POSIX) accounts (both for users and for groups) are in the LDAP backend. Samba requires the SambaSAM account data also in LDAP. It is NOT possible with Samba to have only the SambaSAM account information in LDAP and not the UNIX accounts in LDAP. ... P.S. If you succeeded in setting up an LDAP-server, did you use a how-to ? I'm trying to do the same, but I need to study a bit/lot more. I find it a shame that SuSE's Yast does not have an option (I know of) to setup an LDAP-server to authenticate. AFAIK you can only set it up to autenticate against one (i.e. a client), at installation time. But then, it would be too easy ;-), and maybe some finer points would be lost. -- Met vriendelijke groeten, Koenraad Lelong RD Manager ACE electronics n.v. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Koenraad Lelong wrote: Hans du Plooy wrote: On Thursday 06 January 2005 09:22, Koenraad Lelong wrote: I think there was a recent post of you, which says all authentication, including Linux, should go through LDAP. If this is correct, I think this should be stressed in all documents concerning Samba/LDAP. Hi , I did post the LDAP athentication issue, but that was to a different list - post content was slightly different. SUSE offers LDAP authentication but I had trouble getting it setup. Apart from samba I need to have other things work with LDAP too. Thanks for your reply and to John H Terpstra Dankie I didn't mean you, Hans. I was referring to a post of John (Re: [Samba] PDC + LDAP group mappings, of 30 dec) : ... For the record: = If you use LDAP with Samba it is essential that ALL your UNIX (POSIX) accounts (both for users and for groups) are in the LDAP backend. Samba requires the SambaSAM account data also in LDAP. It is NOT possible with Samba to have only the SambaSAM account information in LDAP and not the UNIX accounts in LDAP. ... P.S. If you succeeded in setting up an LDAP-server, did you use a how-to ? I'm trying to do the same, but I need to study a bit/lot more. I find it a shame that SuSE's Yast does not have an option (I know of) to setup an LDAP-server to authenticate. AFAIK you can only set it up to autenticate against one (i.e. a client), at installation time. But then, it would be too easy ;-), and maybe some finer points would be lost. Hi Koenraad, what Distribution of SuSe do you use?? in the Enterprise server of suse you can setup a ldap-server as authentification source with yast. p.s. the latest Enterprise Server (SuSE) is available for free download on novell.com/linux ... regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Arno Seidel wrote: Koenraad Lelong wrote: Hi Koenraad, what Distribution of SuSe do you use?? in the Enterprise server of suse you can setup a ldap-server as authentification source with yast. p.s. the latest Enterprise Server (SuSE) is available for free download on novell.com/linux ... regards This is becoming OT, but the last I used was 9.1Pro. And I think that the authentification source means what server to use. I didn't fully explore this option, but as far as I remember, this didn't lead to setting up a server, to use as a source for authentification. Maybe SLES is different. -- Met vriendelijke groeten, Koenraad Lelong RD Manager ACE electronics n.v. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP+samba dc docs
Hi, Could someone please point me towards good documentation for setting up samba3 as a DC and using ldap for authentication. The part I'm having trouble with is setting up ldap in the right way, and the ldap docs are a bit confusing. I'm also looking for good docs on upgrading a DC from samba2.x to samba3, while upgrading the whole OS (SuSE 8.0 to SUSE 9.2). I have extracted the SID from the old box and figured out how to put it in the new one, but I'm not sure what else I have to look out for. Any help or links would be appreciated Thank you -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
On Wednesday 05 January 2005 12:07, Hans du Plooy wrote: Hi, Could someone please point me towards good documentation for setting up samba3 as a DC and using ldap for authentication. The part I'm having trouble with is setting up ldap in the right way, and the ldap docs are a bit confusing. I'm also looking for good docs on upgrading a DC from samba2.x to samba3, while upgrading the whole OS (SuSE 8.0 to SUSE 9.2). I have extracted the SID from the old box and figured out how to put it in the new one, but I'm not sure what else I have to look out for. Any help or links would be appreciated Hans, Please check chapter 6 of the book Samba-3 by Example. If anything is not clear or does not work please contact me, I'll help you to get this working. You can purchase this book from Amazon.Com or download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf You will need to use the latest version of the Idealx smbldap-tools from www.idealx.org. If you wish, give me a call on (801) 936-1368 and I can provide more info on how you can easily and rapidly set up Samba on SUSE 9.2. Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
John H Terpstra wrote: On Wednesday 05 January 2005 12:07, Hans du Plooy wrote: Hi, Could someone please point me towards good documentation for setting up samba3 as a DC and using ldap for authentication. The part I'm having trouble with is setting up ldap in the right way, and the ldap docs are a bit confusing. I'm also looking for good docs on upgrading a DC from samba2.x to samba3, while upgrading the whole OS (SuSE 8.0 to SUSE 9.2). I have extracted the SID from the old box and figured out how to put it in the new one, but I'm not sure what else I have to look out for. Any help or links would be appreciated Hans, Please check chapter 6 of the book Samba-3 by Example. If anything is not clear or does not work please contact me, I'll help you to get this working. You can purchase this book from Amazon.Com or download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf You will need to use the latest version of the Idealx smbldap-tools from www.idealx.org. If you wish, give me a call on (801) 936-1368 and I can provide more info on how you can easily and rapidly set up Samba on SUSE 9.2. Cheers, John T. I think there was a recent post of you, which says all authentication, including Linux, should go through LDAP. If this is correct, I think this should be stressed in all documents concerning Samba/LDAP. -- Met vriendelijke groeten, Koenraad Lelong RD Manager ACE electronics n.v. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
On Thursday 06 January 2005 09:22, Koenraad Lelong wrote: I think there was a recent post of you, which says all authentication, including Linux, should go through LDAP. If this is correct, I think this should be stressed in all documents concerning Samba/LDAP. Hi Koenraad, I did post the LDAP athentication issue, but that was to a different list - post content was slightly different. SUSE offers LDAP authentication but I had trouble getting it setup. Apart from samba I need to have other things work with LDAP too. Thanks for your reply and to John H Terpstra Dankie -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba