Re: [Samba] Samba + LDAP problem for find user name

2009-10-28 Thread Jamrock 

"Bruno Steven"  wrote in message
news:c6bf33680910270225n6b5423e5te193e27399144...@mail.gmail.com...
I have samba integrated with openldap , all process are up and I am trying
add one machine Windows XP with SP3 in domain Samba , but windows show this
message  Error while the attempt  of entry in domain "amblivre.com"  Is not
possible find user name

I am tired because I don´t found any solution about this problem , I need
some idea ..

Thanks ...

Have you set up nss ldap?

When you type "getent passwd" do you see the users created in ldap as well
as those in the /etc/passwd file?

When you type "getent group" do you see the groups created in ldap as well
as those in the /etc/group file?




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem for find user name

2009-10-27 Thread Bruno Steven 
Hi .. guy or girls ... until now I did´t found any information that resolv
my problem , there is somebody in this list that made Samba more Openldap
together work ?



On Tue, Oct 27, 2009 at 7:25 AM, Bruno Steven  wrote:

> I have samba integrated with openldap , all process are up and I am trying
> add one machine Windows XP with SP3 in domain Samba , but windows show this
> message  Error while the attempt  of entry in domain "amblivre.com"  Is
> not possible find user name
>
> I am tired because I don´t found any solution about this problem , I need
> some idea ..
>
> Thanks ...
>
> --
> Bruno Steven - Administrador de sistemas.
> LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
> https://www.lpi.org/caf/Xamman/certification
>
> MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
> https://mcp.microsoft.com/authenticate/validatemcp.aspx
>
>
> P Antes de imprimir pense em sua responsabilidade e comprometimento com o
> Meio Ambiente. Before printing this message, think about your ecologic
> responsability and environment commitment.
>



-- 
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification

MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx


P Antes de imprimir pense em sua responsabilidade e comprometimento com o
Meio Ambiente. Before printing this message, think about your ecologic
responsability and environment commitment.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba + LDAP problem for find user name

2009-10-27 Thread Bruno Steven 
I have samba integrated with openldap , all process are up and I am trying
add one machine Windows XP with SP3 in domain Samba , but windows show this
message  Error while the attempt  of entry in domain "amblivre.com"  Is not
possible find user name

I am tired because I don´t found any solution about this problem , I need
some idea ..

Thanks ...

-- 
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification

MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx


P Antes de imprimir pense em sua responsabilidade e comprometimento com o
Meio Ambiente. Before printing this message, think about your ecologic
responsability and environment commitment.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba ldap problem

2009-07-20 Thread Mischa Diehm 
Hi,

we had this setup working for quite some time but after upgrading the
samba package things look different:

we now have the following samba/ldap setup:

samba-3.0.34p1-cups-ldap
openldap-server-2.3.43

the samba-ldap configuration is:
doing parameter ldap suffix = dc=foo,dc=ch
doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system
doing parameter ldap user suffix = ou=Users,ou=Samba,ou=system
doing parameter ldap group suffix = ou=Groups,ou=Samba,ou=system
doing parameter ldap admin dn =
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=foo,dc=ch"
doing parameter ldap delete dn = no
doing parameter ldap passwd sync = no
doing parameter ldap replication sleep = 6000
doing parameter ldap timeout = 120
doing parameter ldap ssl = No

when starting the smbd things look ok:
Attempting to find an passdb backend to match ldapsam:ldap://localhost/
(ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))]
smbldap_search_ext: base => [dc=edubs,dc=ch], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost/ as
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=edubs,dc=ch"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = []
pdb backend ldapsam:ldap://localhost/ has a valid init


it seems the first connection works:
root:195# smbclient -L localhost -U foo.bar
Password: 
Anonymous login successful
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]

Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (ICT Fileserver)
read_socket_with_timeout: timeout read. read error = Connection reset by peer.
Receiving SMB: Server stopped responding
session request to LOCALHOST failed (Read error: Connection reset by peer)
Error connecting to 127.0.0.1 (Connection refused)
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
NetBIOS over TCP disabled -- no workgroup available


but any connection afterwards fails with this:
root:199# smbclient -L localhost -U foo.bar
Password: 
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes

in this state we don't see any packets going to the ldap server anymore.
Have you seen this behaviour or do you have any hints how we could debug
this better?

Thanks in advance,
Mischa Diehm
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Johan Hendriks 


 Hi,

 we had this setup working for quite some time but after upgrading  
 the
 samba package things look different:

 we now have the following samba/ldap setup:

 samba-3.0.34p1-cups-ldap
 openldap-server-2.3.43

 the samba-ldap configuration is:
 doing parameter ldap suffix = dc=foo,dc=ch
 doing parameter ldap machine suffix =  
 ou=Computers,ou=Samba,ou=system
 snip
>>
 in this state we don't see any packets going to the ldap server
 anymore.
 Have you seen this behaviour or do you have any hints how we could
 debug
 this better?

>>
>>
>>> Very strange is also teh fact, that the first connection works, but
>>> gets interrupted in the middle somehow and then all subsequent
>>> attempts using smbclient fail:
>>
>>> root:13# pgrep smbd
>>> 4268
>>> 30945
>>> root:14# smbclient -U mbalmer -L tesla
>>> Password:
>>> Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
>>> snip ..
>>
>>> This is on OpenBSD 4.4/i386, btw.
>>
>>> - Marc
>>
>> Did you copy the new samba schema file from the new samba version to

>> the
>> openldap scheme directory?
>> I had some strange problems once after a update and that was the  
>> case in
>> my situation.

>Yes I did that, but of course the additional fields in the SambaDomain

>object are empty.  Do I need to full them with some values?

>- Marc

As far as i know not, in my case the copy of schema file was enough, i
could not imagine why it needs altering.
I mean this file (On FreeBSD).
/usr/local/share/examples/samba/LDAP/samba.schema

And that needs to be copied to the loaction mentioned in your slapd.conf
file:
in my case:
include /usr/local/etc/openldap/schema/samba.schema

regards,
Johan

Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Marc Balmer 


Am 17.07.2009 um 13:55 schrieb Johan Hendriks:


Hi,

we had this setup working for quite some time but after upgrading  
the

samba package things look different:

we now have the following samba/ldap setup:

samba-3.0.34p1-cups-ldap
openldap-server-2.3.43

the samba-ldap configuration is:
doing parameter ldap suffix = dc=foo,dc=ch
doing parameter ldap machine suffix =  
ou=Computers,ou=Samba,ou=system

snip



in this state we don't see any packets going to the ldap server
anymore.
Have you seen this behaviour or do you have any hints how we could
debug
this better?





Very strange is also teh fact, that the first connection works, but
gets interrupted in the middle somehow and then all subsequent
attempts using smbclient fail:



root:13# pgrep smbd
4268
30945
root:14# smbclient -U mbalmer -L tesla
Password:
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
snip ..



This is on OpenBSD 4.4/i386, btw.



- Marc


Did you copy the new samba schema file from the new samba version to  
the

openldap scheme directory?
I had some strange problems once after a update and that was the  
case in

my situation.


Yes I did that, but of course the additional fields in the SambaDomain  
object are empty.  Do I need to full them with some values?


- Marc



Regards,
Johan


Checked by AVG - www.avg.com
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Johan Hendriks 
>> Hi,
>>
>> we had this setup working for quite some time but after upgrading the
>> samba package things look different:
>>
>> we now have the following samba/ldap setup:
>>
>> samba-3.0.34p1-cups-ldap
>> openldap-server-2.3.43
>>
>> the samba-ldap configuration is:
>> doing parameter ldap suffix = dc=foo,dc=ch
>> doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system
>>snip

>> in this state we don't see any packets going to the ldap server  
>> anymore.
>> Have you seen this behaviour or do you have any hints how we could  
>> debug
>> this better?
>>


>Very strange is also teh fact, that the first connection works, but  
>gets interrupted in the middle somehow and then all subsequent  
>attempts using smbclient fail:

>root:13# pgrep smbd
>4268
>30945
>root:14# smbclient -U mbalmer -L tesla
>Password:
>Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
> snip ..

>This is on OpenBSD 4.4/i386, btw.

>- Marc

Did you copy the new samba schema file from the new samba version to the
openldap scheme directory?
I had some strange problems once after a update and that was the case in
my situation.

Regards,
Johan


Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Marc Balmer 


Am 16.07.2009 um 18:01 schrieb Mischa Diehm:


Hi,

we had this setup working for quite some time but after upgrading the
samba package things look different:

we now have the following samba/ldap setup:

samba-3.0.34p1-cups-ldap
openldap-server-2.3.43

the samba-ldap configuration is:
doing parameter ldap suffix = dc=foo,dc=ch
doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system
doing parameter ldap user suffix = ou=Users,ou=Samba,ou=system
doing parameter ldap group suffix = ou=Groups,ou=Samba,ou=system
doing parameter ldap admin dn =
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=foo,dc=ch"
doing parameter ldap delete dn = no
doing parameter ldap passwd sync = no
doing parameter ldap replication sleep = 6000
doing parameter ldap timeout = 120
doing parameter ldap ssl = No

when starting the smbd things look ok:
Attempting to find an passdb backend to match ldapsam:ldap:// 
localhost/

(ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))]
smbldap_search_ext: base => [dc=edubs,dc=ch], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost/ as
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=edubs,dc=ch"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = []
pdb backend ldapsam:ldap://localhost/ has a valid init


it seems the first connection works:
root:195# smbclient -L localhost -U foo.bar
Password:
Anonymous login successful
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]

   Sharename   Type  Comment
   -     ---
   IPC$IPC   IPC Service (ICT Fileserver)
read_socket_with_timeout: timeout read. read error = Connection  
reset by peer.

Receiving SMB: Server stopped responding
session request to LOCALHOST failed (Read error: Connection reset by  
peer)

Error connecting to 127.0.0.1 (Connection refused)
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
NetBIOS over TCP disabled -- no workgroup available


but any connection afterwards fails with this:
root:199# smbclient -L localhost -U foo.bar
Password:
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes

in this state we don't see any packets going to the ldap server  
anymore.
Have you seen this behaviour or do you have any hints how we could  
debug

this better?




Very strange is also teh fact, that the first connection works, but  
gets interrupted in the middle somehow and then all subsequent  
attempts using smbclient fail:


root:13# pgrep smbd
4268
30945
root:14# smbclient -U mbalmer -L tesla
Password:
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]

Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (ICT Fileserver)
mbalmer Disk  Home Directories
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)
NetBIOS over TCP disabled -- no workgroup available
root:15# smbclient -U mbalmer -L tesla
Password:
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)


This is on OpenBSD 4.4/i386, btw.

- Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-05 Thread plug bert 
Ran into the same problem too. what i did was 

1, create a generic barebones smb.conf(i.e. no ldap backend and such), 
2. started up samba
3. shut down samba
4. edited smb.conf to support ldap backend
5. started up samba

it may have something to do with samba not generating an SID when configured to 
support LDAP at the onset.


*or*, just do the setlocalsid thing as Mr. Björn Jacke has suggested



--- On Wed, 2/4/09, Agustin Eguia  wrote:

> From: Agustin Eguia 
> Subject: [Samba] Samba + LDAP problem
> To: samba@lists.samba.org
> Date: Wednesday, February 4, 2009, 5:44 AM
> Hello everyone, I have a question here that has been giving
> me troubles :
> 
> I installed my PDC with samba + LDAP... everything seems to
> work just fine (user creation, population, groups, users and
> machines connecting to the domain)... but one thing keeps
> not working : net getlocalsid... I keep getting this message
> : Can't fetch domain SID for name: MACHINENAME
> 
> 
> I searched the internet like crazy even asked in IRC
> channels but no luck... can anyone enlight me on this one ?
> 
> 
> Thanks,
> 
> 
> A.
> -- To unsubscribe from this list go to the following URL
> and read the
> instructions: 
> https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-04 Thread Björn Jacke 
On 2009-02-03 at 17:44 +0100 Agustin Eguia sent off:
> Hello everyone, I have a question here that has been giving me troubles :
>
> I installed my PDC with samba + LDAP... everything seems to work just fine 
> (user creation, population, groups, users and machines connecting to the 
> domain)... but one thing keeps not working : net getlocalsid... I keep 
> getting this message : Can't fetch domain SID for name: MACHINENAME
>
>
> I searched the internet like crazy even asked in IRC channels but no 
> luck... can anyone enlight me on this one ?

I saw something like that, looks like the localsid initialization logic broken.
Take a look at https://bugzilla.samba.org/show_bug.cgi?id=6033 for description
and workaround.

Cheers
Björn
-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-03 Thread Adam Williams 
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-massive

 Samba-3 generates a Windows Security Identifier (SID) only when smbd  has
been started. For this reason, you start Samba. After a few seconds
delay, execute:

root#  smbclient -L localhost -U%
root#  net getlocalsid

A report such as the following means that the domain SID has not yet been
written to the secrets.tdb or to the LDAP backend:

[2005/03/03 23:19:34, 0] lib/smbldap.c:smbldap_connect_system(852)
  failed to bind to server ldap://massive.abmas.biz
with dn="cn=Manager,dc=abmas,dc=biz" Error: Can't contact LDAP server
(unknown)
[2005/03/03 23:19:48, 0] lib/smbldap.c:smbldap_search_suffix(1169)
  smbldap_search_suffix: Problem during the LDAP search:
(unknown) (Timed out)

The attempt to read the SID will cause and attempted bind to the LDAP
server. Because the LDAP server is not running, this operation will fail
by way of a timeout, as shown previously. This is normal output; do not
worry about this error message. When the domain has been created and
written to the secrets.tdb file, the output should look like this:

SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765

If, after a short delay (a few seconds), the domain SID has still not been
written to the secrets.tdb file, it is necessary to investigate what may
be misconfigured. In this case, carefully check the smb.conf file for
typographical errors (the most common problem). The use of the testparm is
highly recommended to validate the contents of this file.

> Hello everyone, I have a question here that has been giving me troubles :
>
> I installed my PDC with samba + LDAP... everything seems to work just
> fine (user creation, population, groups, users and machines connecting
> to the domain)... but one thing keeps not working : net getlocalsid... I
> keep getting this message : Can't fetch domain SID for name: MACHINENAME
>
>
> I searched the internet like crazy even asked in IRC channels but no
> luck... can anyone enlight me on this one ?
>
>
> Thanks,
>
>
> A.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba + LDAP problem

2009-02-03 Thread Agustin Eguia 

Hello everyone, I have a question here that has been giving me troubles :

I installed my PDC with samba + LDAP... everything seems to work just 
fine (user creation, population, groups, users and machines connecting 
to the domain)... but one thing keeps not working : net getlocalsid... I 
keep getting this message : Can't fetch domain SID for name: MACHINENAME



I searched the internet like crazy even asked in IRC channels but no 
luck... can anyone enlight me on this one ?



Thanks,


A.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba + LDAP problem

2009-02-03 Thread Agustin Eguia 

Hello everyone, I have a question here that has been giving me troubles :

I installed my PDC with samba + LDAP... everything seems to work just 
fine (user creation, population, groups, users and machines connecting 
to the domain)... but one thing keeps not working : net getlocalsid... I 
keep getting this message : Can't fetch domain SID for name: MACHINENAME



I searched the internet like crazy even asked in IRC channels but no 
luck... can anyone enlight me on this one ?



Thanks,


A.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba / ldap problem with cpu load

2009-01-14 Thread Harry Jede 
Am Freitag, 9. Januar 2009 23:57 schrieb franck molle:
> First of all, I am french. My english is not very good and i am sorry
> for this ;).
>
> One month ago, I have upgrade my server in debian Etch (it was in
> debian sarge). So now, samba is in 3.0.24 version. My server use
> samba and ldap.
>
> Since this upgrade, i have some problems with cpu loading when the
> users log on the samba domain (smbd and slapd services).
>
> I have take a look at samba log but i don't see anything. After that,
> i have take a look on the ldap logs in debug level 256.
>
> I can see the problem in the logs but i can't explain it, i hope you
> can help me about it.
> In the log file, i have this entry thousand of time (2 entry)
> base="ou=Groups,ou=clg-hugo-gisors,ou=ac-rouen,ou=education,o=gouv,c=
>fr" scope=2 deref=0
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Reconfigure the package libnss-ldap, so that libnss use an anonymous 
bind.

Or manually disable the rootdn statement in /etc/libnss-ldap.conf and 
restart nscd.

Maybe, you must invalidate the cache with
nscd -i group
nscd -i passwd

> thanks for your help, bye
>
> --
> ~~
>   Franck MOLLE
>   Animateur de Secteur
>   Relais assistance Tice, Louviers-Vernon
> ~~

-- 

Gruss
Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba / ldap problem with cpu load

2009-01-09 Thread franck molle 

First of all, I am french. My english is not very good and i am sorry for this 
;).

One month ago, I have upgrade my server in debian Etch (it was in debian sarge). 
So now, samba is in 3.0.24 version. My server use samba and ldap.


Since this upgrade, i have some problems with cpu loading when the users log on 
 the samba domain (smbd and slapd services).


I have take a look at samba log but i don't see anything. After that, i have 
take a look on the ldap logs in debug level 256.


I can see the problem in the logs but i can't explain it, i hope you can help me 
about it.

In the log file, i have this entry thousand of time (2 entry)
base="ou=Groups,ou=clg-hugo-gisors,ou=ac-rouen,ou=education,o=gouv,c=fr" scope=2
deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"

thanks for your help, bye

--
~~
 Franck MOLLE
 Animateur de Secteur
 Relais assistance Tice, Louviers-Vernon
~~

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-07 Thread Rune Tønnesen 

[EMAIL PROTECTED] skrev:

Selon Rune Tønnesen <[EMAIL PROTECTED]>:


  

I've solved my problem by using the openldap database recovery tools to do a
manual
recover.

http://www.google.co.uk/search?hl=en&q=openldap+recover&meta=





You're right, this works.
I managed to repair my database, thanks to you.
My ldap runs as it was before the 'crash'.

Unfortunately it is still impossible to connect
from a window station.

By the way, my ldap manager is 'Manager';
I noticed that I have no entry for Manager when
I perform a ldapsearch.
Is it normal?



  

The LDAP problem:

There should be a manager account, which is also defined in the 
/etc/openldap/slapd.conf otherwise you need to create one.
The manager account is used to add accounts for users and workstation to 
the ldap database.


The connection problem:
Have you tried to turnoff all the workstations restart samba and see 
whether they still won't connect?
E.g. try add a computer to the domain and see whether this is possible 
or not.
Has the output from the logs changed since ldap got up and running? is 
there any erros when smb and nmb is restartet e.g. like can't bind to ldap.


--
Rune Tønnesen
Bedste Hilsner/Best Regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-07 Thread tanguy . leost 
Selon Rune Tønnesen <[EMAIL PROTECTED]>:


> I've solved my problem by using the openldap database recovery tools to do a
> manual
> recover.
>
> http://www.google.co.uk/search?hl=en&q=openldap+recover&meta=
>


You're right, this works.
I managed to repair my database, thanks to you.
My ldap runs as it was before the 'crash'.

Unfortunately it is still impossible to connect
from a window station.

By the way, my ldap manager is 'Manager';
I noticed that I have no entry for Manager when
I perform a ldapsearch.
Is it normal?



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-07 Thread tanguy . leost 
Selon Rune Tønnesen <[EMAIL PROTECTED]>:

> Hello to you
>
> I've had the same problem on my old suse linux enterprise server 9, shutdown
> due to
> powerissue.
> I got the same errors from workstations (windows XP).
> My problem was that corruption of openldaps databasefiles (Berkeley) had
> occured.
> I've solved my problem by using the openldap database recovery tools to do a
> manual
> recover.
>
> http://www.google.co.uk/search?hl=en&q=openldap+recover&meta=
>
> Secondly some journaled filesystems aren't good at recovering corrupted files
> like
> berkeley databases due powerfailure.
>
> This problem occur if you enable use of diskcache on your harddrive without a
> UPS,
> get one for your one safety and jobsecurity, it just have to be big enough to
> shutdown the server in a prober way.
>
> --
> Rune Tønnesen
> Venlig Hilsen/Best Regards
>
>

Hello,


Can anyone help me? I have trouble even finding out what's wrong.
Here is what I get this morning:

- *some* windows clients manage to connect to the domain (very few of them,
though...).

- If I run:
smbclient -L \\pdc -U tleost
as root on the PDC server, it asks for my password and shows me the samba
shares.
I need to know: is this an evidence that smb+ldap are working fine?

- I still get the same error messages as the ones I described in my previous
posts.

- The network *seems* to work fine (clients can access the database servers, for
instance...)

Thanks in advance for your help

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-07 Thread Rune Tønnesen 
Hello to you

I've had the same problem on my old suse linux enterprise server 9, shutdown 
due to
powerissue.
I got the same errors from workstations (windows XP).
My problem was that corruption of openldaps databasefiles (Berkeley) had 
occured.
I've solved my problem by using the openldap database recovery tools to do a 
manual
recover.

http://www.google.co.uk/search?hl=en&q=openldap+recover&meta=

Secondly some journaled filesystems aren't good at recovering corrupted files 
like
berkeley databases due powerfailure.

This problem occur if you enable use of diskcache on your harddrive without a 
UPS,
get one for your one safety and jobsecurity, it just have to be big enough to
shutdown the server in a prober way.

-- 
Rune Tønnesen
Venlig Hilsen/Best Regards


> Hello,
>
> I have a problem with my PDC server.
> It runs samba + openLDAP. It used to work fine.
> The machine was stopped today because of a power supply failure,
> and since it was restarted i have problems connecting to the domain.
>
> - The ldap data was restored from a ldif file, the ldap seems to work
> fine. when i type
> ldapsearch -x
> I see the contents of the ldap data.
>
> - When I try :
> smbclient -L \\pdc -U tleost
> it asks for my password, and i see the samba shares.
>
> - I tried, as root, on the pdc:
> smbpasswd -w
> which was successful.
>
>
> ... anyway, i cannot connect from my windows clients. I get an error
> message telling me the pdc is not available.
>
>
> Here is a log i get (/var/log/samba/devel2.log)
> <-
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(219)
>check_ntlm_password:  Checking password for unmapped user
> [EMAIL PROTECTED] with the new password interface
> [2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(222)
>check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>init_sam_from_ldap: Entry found for user: Invite
> [2008/01/06 15:17:45, 4] lib/substitute.c:automount_server(323)
>Home server: servpdc
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 1] auth/auth_util.c:make_server_info_sam(822)
>User Invite in passdb, but getpwnam() fails!
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
>ldapsam_getsampwnam: Unable to locate user [] count=0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
>check_sam_security: Couldn't find user '' in passdb file.
> [2008/01/06 15:17:45, 3] auth/auth_winbind.c:check_winbind_security(80)
>check_winbind_security: Not using winbind, requested domain [COMPANY]
> was for this SAM.
> [2008/01/06 15:17:45, 2] auth/auth.c:check_ntlm_password(312)
>check_ntlm_password:  Authentication for user [] -> [] FAILED with
> error NT_STATUS_NO_SUCH_USER
> [2008/01/06 15:17:45, 3] smbd/process.c:timeout_processing(1336)
>timeout_processing: End of file from client (client has disconnected).
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 2] smbd/server.c:exit_server(571)
>Closing connections
> [2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(69)
>Yielding connection to
> [2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(76)
>yield_connection: tdb_delete for name  failed with error Record does
> not exist.
> [2008/01/06 15:17:45, 3] smbd/server.c:exit_server(614)
> >
>
>
> Any help would be much appreciated.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Diego Obetko 
[2008/01/06 15:17:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: Invite
[2008/01/06 15:17:45, 4] lib/substitute.c:automount_server(323)
  Home server: servpdc
[2008/01/06 15:17:45, 1] auth/auth_util.c:make_server_info_sam(822)
  User Invite in passdb, but getpwnam() fails!


check  passdb backend   in your smb.conf and its integrity

On Jan 7, 2008 1:41 AM, Tanguy Léost <[EMAIL PROTECTED]> wrote:

> le 07.01.2008 01:39  Tanguy Léost ecrivait :
>
> >
> > I forgot to mention something weird:
> > sometimes (maybe one time out of 10 or 15...) the PDC grants
> > me access to the domain. I can open a windows session, or have
> > access to a share on the PDC from my windows session.
> > ...Keeps me even more confused.
> >
> >
>
> I noticed that I could have access to the PDC more often
> when i launched smbd with the -i switch (i.e. in foreground).
> I'm really confused, does anyone have an idea about what that
> means?
> When it is run at startup, it is just run as smbd -D
> and then almost all connections fail.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 01:39  Tanguy Léost ecrivait :



I forgot to mention something weird:
sometimes (maybe one time out of 10 or 15...) the PDC grants
me access to the domain. I can open a windows session, or have
access to a share on the PDC from my windows session.
...Keeps me even more confused.




I noticed that I could have access to the PDC more often
when i launched smbd with the -i switch (i.e. in foreground).
I'm really confused, does anyone have an idea about what that
means?
When it is run at startup, it is just run as smbd -D
and then almost all connections fail.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 05:16  Michael Heydon ecrivait :


In your initial post you mentioned a power supply failure. Could this 
have been caused by a surge? Could your networking equipment have been 
damaged also?





Hello,

I didn't have any details about the power failure, but yes, I presume
it might have affected also the networking equipment.

(As a matter of fact I was on holiday, so i have very few information
about what actually happened. My colleague
called me from work and told me many servers had been stopped because
of a power supply. so i guess the network switches have been affected too)





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Michael Heydon 


Tanguy Léost wrote:

le 07.01.2008 00:43  Quinn Fissler ecrivait :

If I were you, I'd run tcpdump/snoop/wireshark and look at the 
dialogue between the client and the pdc.




I launched tcpdump on the PDC.
It's weird, sometimes packets don't even seem to arrive
from my windows client to the  pdc...


In your initial post you mentioned a power supply failure. Could this 
have been caused by a surge? Could your networking equipment have been 
damaged also?



*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 00:43  Quinn Fissler ecrivait :

If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue 
between the client and the pdc.




I launched tcpdump on the PDC.
It's weird, sometimes packets don't even seem to arrive
from my windows client to the  pdc...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 02:11  tom farrel ecrivait :


Hi, 


I had the same problem, as you had, I my Environment,

i had samba PDC (samba 3.0.21c, LDAP openldap-2.2.13, DHCP, dns) 
running, and other file server(acting as Domain member server) as 
happenned to you,  due to power failure ,my pdc went down  and had to 
restart after which none of the windows xp or 2000 clients would connect 
(All saying that computer is not in domain). I had tried a lot of 
options including restoring the ldif file, (Because openldap did not 
recover from power failure causing openldap to break, had remove the 
exising db and restore from ldif file).


when ever there was a power failure or uneven shutdown, this would happen,

So for this i had this solution,

created a BDC  with ldap backend (slave ldap), So all my client would 
request to BDC first then PDC (as BDC wins election over PDC).


So that if i had to take PDC down, I had no issues,

Second to openldap to recover DB from power failure,  Upgraded openldap 
to 2.3 with db recover options like keeping DB_CONFIG file, 
checkpointing etc.  From then, I have not faced any issues.



--
Regards
Tom :)
/*Life is too complicated, Lets make it simple*/




Hi,

Thanks for your suggestions.
I'll consider installing this as soon
as i have fixed my PDC.

regards,
Tanguy



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread tom farrel 
Hi,

I had the same problem, as you had, I my Environment,

i had samba PDC (samba 3.0.21c, LDAP openldap-2.2.13, DHCP, dns) running,
and other file server(acting as Domain member server) as happenned to you,
due to power failure ,my pdc went down  and had to restart after which none
of the windows xp or 2000 clients would connect (All saying that computer is
not in domain). I had tried a lot of options including restoring the ldif
file, (Because openldap did not recover from power failure causing openldap
to break, had remove the exising db and restore from ldif file).

when ever there was a power failure or uneven shutdown, this would happen,

So for this i had this solution,

created a BDC  with ldap backend (slave ldap), So all my client would
request to BDC first then PDC (as BDC wins election over PDC).

So that if i had to take PDC down, I had no issues,

Second to openldap to recover DB from power failure,  Upgraded openldap to
2.3 with db recover options like keeping DB_CONFIG file, checkpointing etc.
>From then, I have not faced any issues.


-- 
Regards
Tom :)
/*Life is too complicated, Lets make it simple*/

On Jan 7, 2008 6:28 AM, Tanguy Léost <[EMAIL PROTECTED]> wrote:

> le 07.01.2008 01:44  Quinn Fissler ecrivait :
> > The account which you use to bind can be defined in the database or the
> > rootdn in the slapd.conf
> >
>
> yes, that's "cn=Manager,dc=company,dc=fr"
>
>
> > There is also the option for anonymous binding - that's why I say use
> > slapcat as it sidesteps the binding issue but has the limitation that it
> > must be done on the ldap server (or its shared data area).
> >
> > You can leave slapd running when you do slapcat for diags (you may wish
> > to stop ldap if you wanted to use slapcat to do a full backup of the
> > directory, but for these diags, its just a quick way of sanity checking
> > the data)
> >
>
> ok. I read that slapd should be stopped before running
> a slap* command, that's why i did that.
>
>
> > I asked why you needed to restore as it's very unusual to lose data in
> > this way.
>
> It was broken, so there was no other choice.
> A colleague tried to put back the files as he found them,
> but slpad wouldn't run, so we had to restore a backup
>
>
> >
> > Was ldap reinstalled?
> >
> > How about samba?
> >
>
> none of them was touched.
>
> > (Has some other thing changed after this power failure - like the
> > smb.conf , smbldap confs, ldap.conf or slapd.conf)
> >
>
> As far as I know these files were not modified.
> We just restored the ldif.
>
> > I take it that you're getting this running for Monday morning.
> >
> > Q
> >
>
> I wish it was true ;)
> it's just within 6 hours :(
>
> Thanks a lot for your help
> Do you have any idea how to have this PDC working again?
> ...I'm starting to consider the possibility of bypassing the ldap
> and use another way of authenticating the clients.
>
> Tanguy
>
> ps: sorry for my mistakes in english.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 01:53  Quinn Fissler ecrivait :

definitely get a look at the network dialogue



Yes i thought about that. Sometimes in the logs I get
errors about the network ("getpeername" errors, and
a french error messages which would probably stand
for "final node is not connected")

But the network does look ok (except this pdc problem)





How do your Windows clients resolve the address of the pdc?




They resolve it correctly.





I forgot to mention something weird:
sometimes (maybe one time out of 10 or 15...) the PDC grants
me access to the domain. I can open a windows session, or have
access to a share on the PDC from my windows session.
...Keeps me even more confused.





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 01:44  Quinn Fissler ecrivait :
The account which you use to bind can be defined in the database or the 
rootdn in the slapd.conf




yes, that's "cn=Manager,dc=company,dc=fr"


There is also the option for anonymous binding - that's why I say use 
slapcat as it sidesteps the binding issue but has the limitation that it 
must be done on the ldap server (or its shared data area).


You can leave slapd running when you do slapcat for diags (you may wish 
to stop ldap if you wanted to use slapcat to do a full backup of the 
directory, but for these diags, its just a quick way of sanity checking 
the data)




ok. I read that slapd should be stopped before running
a slap* command, that's why i did that.


I asked why you needed to restore as it's very unusual to lose data in 
this way.


It was broken, so there was no other choice.
A colleague tried to put back the files as he found them,
but slpad wouldn't run, so we had to restore a backup




Was ldap reinstalled?

How about samba?



none of them was touched.

(Has some other thing changed after this power failure - like the 
smb.conf , smbldap confs, ldap.conf or slapd.conf)




As far as I know these files were not modified.
We just restored the ldif.


I take it that you're getting this running for Monday morning.

Q



I wish it was true ;)
it's just within 6 hours :(

Thanks a lot for your help
Do you have any idea how to have this PDC working again?
...I'm starting to consider the possibility of bypassing the ldap
and use another way of authenticating the clients.

Tanguy

ps: sorry for my mistakes in english.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Quinn Fissler 
definitely get a look at the network dialogue

How do your Windows clients resolve the address of the pdc?



> I forgot to mention something weird:
> sometimes (maybe one time out of 10 or 15...) the PDC grants
> me access to the domain. I can open a windows session, or have
> access to a share on the PDC from my windows session.
> ...Keeps me even more confused.
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Quinn Fissler 
The account which you use to bind can be defined in the database or the
rootdn in the slapd.conf

There is also the option for anonymous binding - that's why I say use
slapcat as it sidesteps the binding issue but has the limitation that it
must be done on the ldap server (or its shared data area).

You can leave slapd running when you do slapcat for diags (you may wish to
stop ldap if you wanted to use slapcat to do a full backup of the directory,
but for these diags, its just a quick way of sanity checking the data)

I asked why you needed to restore as it's very unusual to lose data in this
way.

Was ldap reinstalled?

How about samba?

(Has some other thing changed after this power failure - like the smb.conf,
smbldap confs, ldap.conf or slapd.conf)

I take it that you're getting this running for Monday morning.

Q

On 07/01/2008, Tanguy Léost <[EMAIL PROTECTED]> wrote:
>
> le 07.01.2008 00:43  Quinn Fissler ecrivait :
> > Why did you need to restore from the ldif?
> >
> > Are you sure it was a recent backup? How was it made?
> >
>
> Thanks very much for replying.
>
> I had to restore form a ldif file because the ldap seemed
> to be broken. Since we restored it, slpad is running again.
> I presume the restore was ok. I didn't do it myself.
>
> (By the way, I haven't had a look at the ldap administration,
> so I'm not quite used to the commands)
>
>
> > A quick way to browse the ldap data is:
> >  slapcat | less
> >
>
> I stopped slapd and tried it, it seems ok to me.
> I can see the data from my ldap.
>
>
> > on the ldap server. You can search quickly using the search functions in
> > "less" - just like in vi.
> >
> >
> > The log looks odd - I don't have a samba installation to hand to check
> > but we see a user called "Invite" and also some entries which seem to be
> > due a null user name:
> >
> >  >>[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
> >  >>check_sam_security: Couldn't find user '' in passdb file.
> >
>
> Yes, i'm puzzled too. "Invite" in french means "guest".
> I have no idea why it looks for the guest account.
>
> I looked furher, and something looks strange.
> If I try:
> #ldapsearch -D "cn=Manger,dc=company,dc=fr"
> I get this:
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>  additional info: SASL(-13): user not found: no secret in database
>
> It looks like it can't find the Manager account, doesn't it?
>
>
>
> > If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue
> > between the client and the pdc.
> >
> > Q
> >
> >
>
>
> I'll have a look at this.
>
> Thanks for your help
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 00:43  Quinn Fissler ecrivait :

Why did you need to restore from the ldif?

Are you sure it was a recent backup? How was it made?

A quick way to browse the ldap data is:
 slapcat | less

on the ldap server. You can search quickly using the search functions in 
"less" - just like in vi.



The log looks odd - I don't have a samba installation to hand to check 
but we see a user called "Invite" and also some entries which seem to be 
due a null user name:


 >>[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
 >>check_sam_security: Couldn't find user '' in passdb file.

If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue 
between the client and the pdc.


Q



I forgot to mention something weird:
sometimes (maybe one time out of 10 or 15...) the PDC grants
me access to the domain. I can open a windows session, or have
access to a share on the PDC from my windows session.
...Keeps me even more confused.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

le 07.01.2008 00:43  Quinn Fissler ecrivait :

Why did you need to restore from the ldif?

Are you sure it was a recent backup? How was it made?



Thanks very much for replying.

I had to restore form a ldif file because the ldap seemed
to be broken. Since we restored it, slpad is running again.
I presume the restore was ok. I didn't do it myself.

(By the way, I haven't had a look at the ldap administration,
so I'm not quite used to the commands)



A quick way to browse the ldap data is:
 slapcat | less



I stopped slapd and tried it, it seems ok to me.
I can see the data from my ldap.


on the ldap server. You can search quickly using the search functions in 
"less" - just like in vi.



The log looks odd - I don't have a samba installation to hand to check 
but we see a user called "Invite" and also some entries which seem to be 
due a null user name:


 >>[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
 >>check_sam_security: Couldn't find user '' in passdb file.



Yes, i'm puzzled too. "Invite" in french means "guest".
I have no idea why it looks for the guest account.

I looked furher, and something looks strange.
If I try:
#ldapsearch -D "cn=Manger,dc=company,dc=fr"
I get this:
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
additional info: SASL(-13): user not found: no secret in database

It looks like it can't find the Manager account, doesn't it?



If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue 
between the client and the pdc.


Q





I'll have a look at this.

Thanks for your help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP problem

2008-01-06 Thread Quinn Fissler 
Why did you need to restore from the ldif?

Are you sure it was a recent backup? How was it made?

A quick way to browse the ldap data is:
 slapcat | less

on the ldap server. You can search quickly using the search functions in
"less" - just like in vi.


The log looks odd - I don't have a samba installation to hand to check but
we see a user called "Invite" and also some entries which seem to be due a
null user name:

>>[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
>>check_sam_security: Couldn't find user '' in passdb file.

If I were you, I'd run tcpdump/snoop/wireshark and look at the dialogue
between the client and the pdc.

Q

On 06/01/2008, Tanguy Léost <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I have a problem with my PDC server.
> It runs samba + openLDAP. It used to work fine.
> The machine was stopped today because of a power supply failure,
> and since it was restarted i have problems connecting to the domain.
>
> - The ldap data was restored from a ldif file, the ldap seems to work
> fine. when i type
> ldapsearch -x
> I see the contents of the ldap data.
>
> - When I try :
> smbclient -L \\pdc -U tleost
> it asks for my password, and i see the samba shares.
>
> - I tried, as root, on the pdc:
> smbpasswd -w
> which was successful.
>
>
> ... anyway, i cannot connect from my windows clients. I get an error
> message telling me the pdc is not available.
>
>
> Here is a log i get (/var/log/samba/devel2.log)
> <-
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(219)
>check_ntlm_password:  Checking password for unmapped user
> [EMAIL PROTECTED] with the new password interface
> [2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(222)
>check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>init_sam_from_ldap: Entry found for user: Invite
> [2008/01/06 15:17:45, 4] lib/substitute.c:automount_server(323)
>Home server: servpdc
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 1] auth/auth_util.c:make_server_info_sam(822)
>User Invite in passdb, but getpwnam() fails!
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
>push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2008/01/06 15:17:45, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
>ldapsam_getsampwnam: Unable to locate user [] count=0
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
>check_sam_security: Couldn't find user '' in passdb file.
> [2008/01/06 15:17:45, 3] auth/auth_winbind.c:check_winbind_security(80)
>check_winbind_security: Not using winbind, requested domain [COMPANY]
> was for this SAM.
> [2008/01/06 15:17:45, 2] auth/auth.c:check_ntlm_password(312)
>check_ntlm_password:  Authentication for user [] -> [] FAILED with
> error NT_STATUS_NO_SUCH_USER
> [2008/01/06 15:17:45, 3] smbd/process.c:timeout_processing(1336)
>timeout_processing: End of file from client (client has disconnected).
> [2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/01/06 15:17:45, 2] smbd/server.c:exit_server(571)
>Closing connections
> [2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(69)
>Yielding connection to
> [2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(76)
>yield_connection: tdb_delete for name  failed with error Record does
> not exist.
> [2008/01/06 15:17:45, 3] smbd/server.c:exit_server(614)
> >
>
>
> Any help would be much appreciated.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problem

2008-01-06 Thread Tanguy Léost 

Hello,

I have a problem with my PDC server.
It runs samba + openLDAP. It used to work fine.
The machine was stopped today because of a power supply failure,
and since it was restarted i have problems connecting to the domain.

- The ldap data was restored from a ldif file, the ldap seems to work
fine. when i type
ldapsearch -x
I see the contents of the ldap data.

- When I try :
smbclient -L \\pdc -U tleost
it asks for my password, and i see the samba shares.

- I tried, as root, on the pdc:
smbpasswd -w
which was successful.


... anyway, i cannot connect from my windows clients. I get an error 
message telling me the pdc is not available.



Here is a log i get (/var/log/samba/devel2.log)
<-
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED] with the new password interface

[2008/01/06 15:17:45, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/06 15:17:45, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: Invite
[2008/01/06 15:17:45, 4] lib/substitute.c:automount_server(323)
  Home server: servpdc
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 1] auth/auth_util.c:make_server_info_sam(822)
  User Invite in passdb, but getpwnam() fails!
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2008/01/06 15:17:45, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/01/06 15:17:45, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1300)
  ldapsam_getsampwnam: Unable to locate user [] count=0
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 3] auth/auth_sam.c:check_sam_security(244)
  check_sam_security: Couldn't find user '' in passdb file.
[2008/01/06 15:17:45, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [COMPANY] 
was for this SAM.

[2008/01/06 15:17:45, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [] -> [] FAILED with 
error NT_STATUS_NO_SUCH_USER

[2008/01/06 15:17:45, 3] smbd/process.c:timeout_processing(1336)
  timeout_processing: End of file from client (client has disconnected).
[2008/01/06 15:17:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/01/06 15:17:45, 2] smbd/server.c:exit_server(571)
  Closing connections
[2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2008/01/06 15:17:45, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does 
not exist.

[2008/01/06 15:17:45, 3] smbd/server.c:exit_server(614)
>


Any help would be much appreciated.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba ldap problem

2007-10-29 Thread Roylan Suarez Reyes 
Hello friends

  I am trying to configure Samba + ldap for my domain, the server is FreeBSD 
... When I try to run the following command

smbldap-populate 

It gives me the following error:

adding new entry: cn=Backup Operators,ou=Group,dc=vn,dc=pri,dc=jovenclub,dc=cu
failed to add entry: Can't contact LDAP server at 
/usr/local/sbin/smbldap-populate line 471,  line 20.
adding new entry: cn=Replicators,ou=Group,dc=vn,dc=pri,dc=jovenclub,dc=cu
failed to add entry: Can't contact LDAP server at 
/usr/local/sbin/smbldap-populate line 471,  line 21.
adding new entry: sambaDomainName=jcv,dc=vn,dc=pri,dc=jovenclub,dc=cu
failed to add entry: Can't contact LDAP server at 
/usr/local/sbin/smbldap-populate line 471,  line 21.

Please provide a password for the domain Administrato:
Can't contact LDAP server at 
/usr/local/lib/perl5/site_perl/5.8.8/smbldap_tools.pm line 341.

-- 
--
Roylan Suarez Reyes
Admin. Redes JC. Vinales
[EMAIL PROTECTED]
Telef: 793210

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] samba ldap problem

2005-06-10 Thread Laradji nacer 

[EMAIL PROTECTED] wrote:

What is your guest user in smb.conf ?

check if is not nobody, the guest acoutn is used by samba for first
connection.


Yes it s nobody user .

I have modify this with guest user in ldap directory .

--
Laradji nacer 
   ovea http://www.ovea.com
Tél : +33 4 6767    Gsm : +33 6 1059 6883
1024D/DFCF1726 : 33A5 7162 4370 9C30 E22C 0721 DBA7 CBEE DFCF 1726

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] samba ldap problem

2005-06-10 Thread spu 

What is your guest user in smb.conf ?

check if is not nobody, the guest acoutn is used by samba for first
connection.

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur
10/06/2005 16:20:56 :

> I have tried to create a samba domain with a ldap backend.
>
> This is how my ldap structure looks like.
>
> # example.com
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> o: example
> dc: example
>
> # groups, example.com
> dn: ou=groups,dc=example,dc=com
> objectClass: organizationalUnit
> ou: groups
>
> # Domain Admins, groups, example.com
> dn: cn=Domain Admins,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 512
> cn: Domain Admins
> memberUid: root
> description: Netbios Domain Administrators
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512
> sambaGroupType: 2
> displayName: Domain Admins
>
> # Domain Users, groups, example.com
> dn: cn=Domain Users,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 513
> cn: Domain Users
> description: Netbios Domain Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513
> sambaGroupType: 2
> displayName: Domain Users
>
> # Domain Guests, groups, example.com
> dn: cn=Domain Guests,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 514
> cn: Domain Guests
> description: Netbios Domain Guests Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514
> sambaGroupType: 2
> displayName: Domain Guests
>
> # computers, example.com
> dn: ou=computers,dc=example,dc=com
> objectClass: organizationalUnit
> ou: computers
>
> # PDC, example.com
> dn: sambaDomainName=PDC,dc=example,dc=com
> objectClass: sambaDomain
> sambaDomainName: PDC
> sambaNextGroupRid: 9
> sambaNextUserRid: 9
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987
> sambaNextRid: 9
>
> # people, example.com
> dn: ou=people,dc=example,dc=com
> objectClass: organizationalUnit
> ou: people
>
> # root, people, example.com
> dn: uid=root,ou=people,dc=example,dc=com
> uid: root
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512
> displayName: root
> sambaAcctFlags: [U  ]
> objectClass: account
> objectClass: sambaSamAccount
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 63D2114DE42F744B30A84C4AFE5A
> sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B
> sambaPasswordHistory:

>  
> sambaPwdCanChange: 1118395221
> sambaPwdLastSet: 1118395221
>
> # win2k$, Computers, example.com
> dn: uid=win2k$,ou=Computers,dc=example,dc=com
> uid: win2k$
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201
> objectClass: sambaSamAccount
> objectClass: account
> displayName: win2k$
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W  ]
> sambaPwdCanChange: 1118395893
> sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED
> sambaPwdLastSet: 1118395893
>
> # Martin Hallgren, people, example.com
> dn: cn=Martin Hallgren,ou=people,dc=example,dc=com
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: top
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> objectClass: sambaSamAccount
> krb5PrincipalName: [EMAIL PROTECTED]
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: Martin Hallgren
> givenName: Martin
> mail: [EMAIL PROTECTED]
> sn: Hallgren
> uid: martin
> uidNumber: 1050
> gidNumber: 100
> homeDirectory: /home/martin
> loginShell: /bin/bash
> sambaAcctFlags: [U  ]
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250
> sambaPwdCanChange: 1118395383
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
> sambaNTPassword: 0CB6948805F797BF2A82807973B89537
> sambaPasswordHistory:

>  
> sambaPwdLastSet: 1118395383
>
> # nobody, people, example.com
> dn: uid=nobody,ou=people,dc=example,dc=com
> objectClass: account
> objectClass: sambaSamAccount
> objectClass: posixAccount
> uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA=
> sambaPwdLastSet: 0
> sambaLogonTime: 2147483647
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 2147483647
> sambaPwdMustChange: 2147483648
> displayName: Nobody
> cn: Nobody
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514
> gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA==
> homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA==
> loginShell:: L2Rldi9udWxsICAgICA=
> uidNumber: 65534
> gidNumber: 65534
> samba

[Samba] samba ldap problem

2005-06-10 Thread Morgan Hallgren 
I have tried to create a samba domain with a ldap backend.

This is how my ldap structure looks like.

# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: example
dc: example

# groups, example.com
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

# Domain Admins, groups, example.com
dn: cn=Domain Admins,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512
sambaGroupType: 2
displayName: Domain Admins

# Domain Users, groups, example.com
dn: cn=Domain Users,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513
sambaGroupType: 2
displayName: Domain Users

# Domain Guests, groups, example.com
dn: cn=Domain Guests,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514
sambaGroupType: 2
displayName: Domain Guests

# computers, example.com
dn: ou=computers,dc=example,dc=com
objectClass: organizationalUnit
ou: computers

# PDC, example.com
dn: sambaDomainName=PDC,dc=example,dc=com
objectClass: sambaDomain
sambaDomainName: PDC
sambaNextGroupRid: 9
sambaNextUserRid: 9
sambaSID: S-1-5-21-3527759599-3696857034-3584459987
sambaNextRid: 9

# people, example.com
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

# root, people, example.com
dn: uid=root,ou=people,dc=example,dc=com
uid: root
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512
displayName: root
sambaAcctFlags: [U  ]
objectClass: account
objectClass: sambaSamAccount
sambaPwdMustChange: 2147483647
sambaLMPassword: 63D2114DE42F744B30A84C4AFE5A
sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B
sambaPasswordHistory: 
 
sambaPwdCanChange: 1118395221
sambaPwdLastSet: 1118395221

# win2k$, Computers, example.com
dn: uid=win2k$,ou=Computers,dc=example,dc=com
uid: win2k$
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201
objectClass: sambaSamAccount
objectClass: account
displayName: win2k$
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W  ]
sambaPwdCanChange: 1118395893
sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED
sambaPwdLastSet: 1118395893

# Martin Hallgren, people, example.com
dn: cn=Martin Hallgren,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: sambaSamAccount
krb5PrincipalName: [EMAIL PROTECTED]
krb5KeyVersionNumber: 1
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: Martin Hallgren
givenName: Martin
mail: [EMAIL PROTECTED]
sn: Hallgren
uid: martin
uidNumber: 1050
gidNumber: 100
homeDirectory: /home/martin
loginShell: /bin/bash
sambaAcctFlags: [U  ]
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250
sambaPwdCanChange: 1118395383
sambaPwdMustChange: 2147483647
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
sambaPasswordHistory: 
 
sambaPwdLastSet: 1118395383

# nobody, people, example.com
dn: uid=nobody,ou=people,dc=example,dc=com
objectClass: account
objectClass: sambaSamAccount
objectClass: posixAccount
uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA=
sambaPwdLastSet: 0
sambaLogonTime: 2147483647
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 2147483647
sambaPwdMustChange: 2147483648
displayName: Nobody
cn: Nobody
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514
gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA==
homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA==
loginShell:: L2Rldi9udWxsICAgICA=
uidNumber: 65534
gidNumber: 65534
sambaAcctFlags: [UX ]

# Morgan Hallgren, people, example.com
dn: cn=Morgan Hallgren,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: sambaSamAccount
krb5PrincipalName: [EMAIL PROTECTED]
krb5KeyVersionNumber: 1
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: Morgan Hallgren
givenName: Morgan
mail: [EMAIL PROTECTED]
sn: Hallgren
uid: moja
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/morgan
loginShell: /bin/bash
sambaAcctFlags: [U  ]
samba

Re: [Samba] LDAP problem, with samba and groups

2004-12-24 Thread Adam Tauno Williams 
> [2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545)
>   ldap_initialize: Time limit exceeded
> [2004/12/24 10:59:46, 1] lib/smbldap.c:another_ldap_try(936)
>   Connection to LDAP server failed for the 1 try!
> [2004/12/24 10:59:47, 0] lib/smbldap.c:smbldap_open_connection(545)
>   ldap_initialize: Time limit exceeded
> [2004/12/24 10:59:47, 1] lib/smbldap.c:another_ldap_try(936)
>   Connection to LDAP server failed for the 2 try!
> I think there is a problem that it takes to long for samba before they it get
> an answer back. 
> Any idea how to solve this? 
> Is there also an option to configure that ldap works faster? It seems that if
> users are member of 15 groups, ldap checks this groups and then give a OK
> sign to samba? 

Why not test your LDAP server with "ldapsearch"? (You didn't say what LDAP
server you are using).  If performance is bad, address that, which has nothing
to do with Samba.

Also test "id", make sure NSS is really working, and try using name service
caching if you aren't using the DSA via a domain socket.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problem, with samba and groups

2004-12-24 Thread Bart Hendrix 
Hi All

We have the following problem: 
We configured samba with LDAP and this works fine. As soon as they try to login 
wit a user who is member of 15 groups, it takes very long to login with Windows 
and then an mostly an errormessage appears. 

On win 2000 is the error: There has been made a change to the server. Contact 
you sysadmin

When a user logins (member of 15 groups) ldap shows the following logging: 

Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: => test_filter 
Dec 24 10:43:45 localhost slapd[3322]: EQUALITY 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: search access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter_and 6 
Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "entry" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested 
Dec 24 10:43:45 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 
Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to 
"cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested 
Dec 24 10:43:46 localhost slapd[3322]: <= root access granted 

And then really realy much, very long. With continuesly an other cn = groupname

Now I see that the logging winbindd in /etc/samba/ shows:

[2004/12/24 10:58:36, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 11 try!
[2004/12/24 10:58:37, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:37, 1] lib/smbldap.c:another_ldap_try(936)
  Connection to LDAP server failed for the 12 try!
[2004/12/24 10:58:38, 0] lib/smbldap.c:smbldap_open_connection(545)
  ldap_initialize: Time limit exceeded
[2004/12/24 10:58:38, 1] lib/smbldap.c:another_ldap_try(9

RE: [Samba] Samba LDAP Problem

2004-07-15 Thread Mohammad Reza 
Dear List
thank for attention

#smbpasswd -a administrator
with same result, still cant join domain.
#tail -f /var/log/samba/172.16.0.22
2004/07/16 08:59:33, 3] smbd/oplock.c:init_oplocks(1226)
  open_oplock_ipc: opening loopback UDP socket.
[2004/07/16 08:59:33, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
  Linux kernel oplocks enabled
[2004/07/16 08:59:33, 3] smbd/oplock.c:init_oplocks(1257)
  open_oplock ipc: pid = 14532, global_oplock_port = 32923
[2004/07/16 08:59:33, 4] lib/time.c:get_serverzone(122)
  Serverzone is -25200
[2004/07/16 08:59:33, 3] smbd/process.c:process_smb(890)
  Transaction 0 of length 72
[2004/07/16 08:59:33, 2] smbd/reply.c:reply_special(199)
  netbios connect: name1=SMB3name2=BACKUP
[2004/07/16 08:59:33, 2] smbd/reply.c:reply_special(206)
  netbios connect: local=smb3 remote=backup, name type = 0



-Original Message-
From:   Federico Renzetti [mailto:[EMAIL PROTECTED]
Sent:   Thu 7/15/2004 9:18 PM
To: Mohammad Reza
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject:Re: [Samba] Samba LDAP Problem
Did you set samba ldap-passwd with smbpasswd?
What machine-logs you try to add say?

Il gio, 2004-07-15 alle 14:23, Mohammad Reza ha scritto:
> Dear Lists, 
> 
> I try to configure Samba as PDC  LDAP backend with Linux-Suse-9.1 and smbldap-tools 
> form www.idealx.org,
> I follow guide from SMB-3 by Example book.
> Step by step installation and configuration came with no error.
> except i couldnt join w2k workstation to the new domain with administrator account.
> 
> # /var/lib/samba/sbin/smbldap-usershow administrator
> dn: uid=Administrator,ou=People,dc=mragroup,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 0
> homeDirectory: /home/
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaHomeDrive: H:
> sambaPrimaryGroupSID: S-1-5-21-1557978329-216335016-4217907674-512
> sambaSID: S-1-5-21-1557978329-216335016-4217907674-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> sambaPwdCanChange: 1089891115
> sambaLMPassword: BBBDA461DC390736B8FCC6137C839435
> sambaAcctFlags: [U]
> sambaNTPassword: 490F588B2F94E97F07A4F952DAACBF7F
> sambaPwdLastSet: 1089891324
> sambaPwdMustChange: 1094643324
> userPassword: {SSHA}23S45Jt6Fx3ET1nhXONtAadA43dKZn4n
> # /var/lib/samba/sbin/smbldap-passwd administrator
> Changing password for administrator
> New password :
> Retype new password :
>  # net join rpc -U administrator%password
> Could not connect to server SMB3
> The username or password was not correct.
> 
> When i try to join my w2k ws to new samba domain, with administrator account and  
> password , "Logon failure : unknown username and password" .
> No error log in samba log (level 5).
> Did i missed something ? please help me..
> 
> regards
> reza
> om beast dan pak wis tolongin dong..
-- 
Renzetti Federico

System/Network Administrator
RedHat Certified Engineer

Fabaris S.r.l.
Tel. +39 0765 22181 -  Fax +39 0765 410100
Via G. Mameli, 90 02047 Poggio Mirteto (RI)
Filiale: Viale dell'Università, 25  00185 Roma (RM)

www.fabaris.it





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Rif: [Samba] Samba LDAP Problem

2004-07-15 Thread f . renzetti 
Did you set samba ldap-passwd in secret.tdb with smbpasswd?
What machine-logs you try to add say?Renzetti Federico

System/Network Administrator
RedHat Certified Engineer

Fabaris srl
via Goffredo Mameli, 90
02047 Poggio Mirteto (RI)
Tel. 076522181
Fax 0765410100

www.fabaris.it
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP Problem

2004-07-15 Thread Federico Renzetti 
Did you set samba ldap-passwd with smbpasswd?
What machine-logs you try to add say?

Il gio, 2004-07-15 alle 14:23, Mohammad Reza ha scritto:
> Dear Lists, 
> 
> I try to configure Samba as PDC  LDAP backend with Linux-Suse-9.1 and smbldap-tools 
> form www.idealx.org,
> I follow guide from SMB-3 by Example book.
> Step by step installation and configuration came with no error.
> except i couldnt join w2k workstation to the new domain with administrator account.
> 
> # /var/lib/samba/sbin/smbldap-usershow administrator
> dn: uid=Administrator,ou=People,dc=mragroup,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 0
> homeDirectory: /home/
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaHomeDrive: H:
> sambaPrimaryGroupSID: S-1-5-21-1557978329-216335016-4217907674-512
> sambaSID: S-1-5-21-1557978329-216335016-4217907674-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> sambaPwdCanChange: 1089891115
> sambaLMPassword: BBBDA461DC390736B8FCC6137C839435
> sambaAcctFlags: [U]
> sambaNTPassword: 490F588B2F94E97F07A4F952DAACBF7F
> sambaPwdLastSet: 1089891324
> sambaPwdMustChange: 1094643324
> userPassword: {SSHA}23S45Jt6Fx3ET1nhXONtAadA43dKZn4n
> # /var/lib/samba/sbin/smbldap-passwd administrator
> Changing password for administrator
> New password :
> Retype new password :
>  # net join rpc -U administrator%password
> Could not connect to server SMB3
> The username or password was not correct.
> 
> When i try to join my w2k ws to new samba domain, with administrator account and  
> password , "Logon failure : unknown username and password" .
> No error log in samba log (level 5).
> Did i missed something ? please help me..
> 
> regards
> reza
> om beast dan pak wis tolongin dong..
-- 
Renzetti Federico

System/Network Administrator
RedHat Certified Engineer

Fabaris S.r.l.
Tel. +39 0765 22181 -  Fax +39 0765 410100
Via G. Mameli, 90 02047 Poggio Mirteto (RI)
Filiale: Viale dell'UniversitÃ, 25  00185 Roma (RM)

www.fabaris.it


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba LDAP Problem

2004-07-15 Thread Mohammad Reza 
Dear Lists, 

I try to configure Samba as PDC  LDAP backend with Linux-Suse-9.1 and smbldap-tools 
form www.idealx.org,
I follow guide from SMB-3 by Example book.
Step by step installation and configuration came with no error.
except i couldnt join w2k workstation to the new domain with administrator account.

# /var/lib/samba/sbin/smbldap-usershow administrator
dn: uid=Administrator,ou=People,dc=mragroup,dc=net
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount
gidNumber: 512
uid: Administrator
uidNumber: 0
homeDirectory: /home/
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomeDrive: H:
sambaPrimaryGroupSID: S-1-5-21-1557978329-216335016-4217907674-512
sambaSID: S-1-5-21-1557978329-216335016-4217907674-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaPwdCanChange: 1089891115
sambaLMPassword: BBBDA461DC390736B8FCC6137C839435
sambaAcctFlags: [U]
sambaNTPassword: 490F588B2F94E97F07A4F952DAACBF7F
sambaPwdLastSet: 1089891324
sambaPwdMustChange: 1094643324
userPassword: {SSHA}23S45Jt6Fx3ET1nhXONtAadA43dKZn4n
# /var/lib/samba/sbin/smbldap-passwd administrator
Changing password for administrator
New password :
Retype new password :
 # net join rpc -U administrator%password
Could not connect to server SMB3
The username or password was not correct.

When i try to join my w2k ws to new samba domain, with administrator account and  
password , "Logon failure : unknown username and password" .
No error log in samba log (level 5).
Did i missed something ? please help me..

regards
reza
om beast dan pak wis tolongin dong..
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ldap problem

2003-07-02 Thread Ruud Baart 
We use samba 2.2.8a, openldap 2.1.12

When adding a workstation to the PDC normally a machine account is added with a 
script (e.g. /usr/local/bin/smbaddmachine). The script runs with the userid root. 
That is neccesary because smbpasswd requires root-id for running:
smbpasswd -m -a machinename

We have written a shellscript that works fine: an account is added to the LDAP tree 
and sambaaccount is added with smbpasswd. It works only from the commandline 
and it must be run as root because of smbpasswd.

When using this script from an unattend install from a W2K client it won't work 
because root is in /etc/passwd and not in de LDAP tree. But we can't add root as a 
samba account because root is not in de LDAP tree.  So we can't use root as 
account to run the script.

Using another userid is not possible because smbpasswd requires root. Sudo 
smbpasswd won't because all samba userid are not in /etc/passwd but in de LDAP 
tree and therefore they can't run sudo.

Any idea how to solve this problem?

Met vriendelijke groet/Regards,
Prompt
R.J. Baart

Marktveldpassage 35c
5261 ED Vught
Netherlands
Mailto:[EMAIL PROTECTED]
Http://WWW.Prompt.NL
Tel.: +31 73 6567041  
Fax.: +31 73 6573513

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + LDAP problem...SOLVED

2003-06-13 Thread Collins, Kevin 
Bruno,

As it turns out, all I had to do was enter this as my username when asked
for it during the join-domain process:

"nesbitt.local\administrator"

Up until now, I had just been using "administrator".   GEEESH, How
simplistic can it be?  Something that small caused me days, no a WEEK of
grief!

Thanks again for your help.  Everything you offered was great advice, and it
helped me make certain I had things right.

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP problem...

2003-06-13 Thread Bruno Gimenes Pereti 

> I did have these set, as I used 'authconfig' to generate the PAM/LDAP
> integration.
>
> What I didn't have (but do now) is some settings in /etc/ldap.conf.  Those
> that look like nns_base_passwd, nss_base_shadow, and nss_base_group or
very
> similar.  I have those set now, and the error message that I'm getting is
> different.
>
> On the Windows 2000 machine when I join the domain, I get:
>
> "The account used is a computer account.  Use your global user account, or
> local user account to access this server."
>
> It almost sounds like the "administrator" account is misconfigured and is
> appearing to Windows as a computer account instead of a user account.
Have
> you heard of this happening before?
>
> I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
> "administrator" account after I had LDAP up and running.

Don´t know if this occurs when using LDAP but I used to get this error when
trying to join a machine to the domain with a user different then root or
when my "add user script" was misconfigured and samba couldn´t create the
machine account.
Verify if you can run "/usr/local/sbin/smbldap-useradd.pl -w "
from a directory different than /usr/local/bin, if not you need to configure
perl to locate your smbldap_tools.pm.
If the machine account was created try to change the uid and gid from the
administrator to 0 or run "smbpasswd -a root" and use the user root to join
the machine to the domain.

Hope this helps.

Bruno Pereti.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + LDAP problem...

2003-06-13 Thread Collins, Kevin 
On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote:
> Hi Kevin,

Hi Bruno, and thanks for responding...

 
> 
> > Below are some files that I think are pertinent.  The
> > /etc/openldap/ldap.conf, /etc/openldap/slapd.conf 
> /etc/samba/smb.conf, the
> > base.ldif that is from the IDEALX.org HOWTO.
> >
> > I'm hoping that someone with much more experience than me 
> will be able to
> > help me.
> 
> I´m not so experience but I think you forgot one thing. Do 
> you have this:
> 
> passwd: files ldap
> shadow: files ldap
> group:  files ldap
> 
> in your /etc/nsswitch.conf and this:
> 
> authrequired  /lib/security/pam_env.so
> authsufficient/lib/security/pam_unix.so likeauth nullok
> authsufficient use_first_pass
> authrequired  /lib/security/pam_deny.so
> account sufficient /lib/security/pam_ldap.so
> account required  /lib/security/pam_unix.so
> passwordrequired  /lib/security/pam_cracklib.so retry=3
> passwordsufficient/lib/security/pam_unix.so nullok 
> use_authtok md5
> shadow
> passwordsufficient /lib/security/pam_ldap.so
> passwordrequired  /lib/security/pam_deny.so
> session required  /lib/security/pam_limits.so
> session sufficient  /lib/security/pam_ldap.so
> session required  /lib/security/pam_unix.so
> 
> in /etc/pam.d/system-auth?
> 
> In redhat you can do this with authconfig.
> 

I did have these set, as I used 'authconfig' to generate the PAM/LDAP
integration.

What I didn't have (but do now) is some settings in /etc/ldap.conf.  Those
that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very
similar.  I have those set now, and the error message that I'm getting is
different.

On the Windows 2000 machine when I join the domain, I get:

"The account used is a computer account.  Use your global user account, or
local user account to access this server."

It almost sounds like the "administrator" account is misconfigured and is
appearing to Windows as a computer account instead of a user account.  Have
you heard of this happening before?

I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
"administrator" account after I had LDAP up and running.

Thanks again for your input.

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP problem...

2003-06-13 Thread Bruno Gimenes Pereti 
Hi Kevin,


> Below are some files that I think are pertinent.  The
> /etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the
> base.ldif that is from the IDEALX.org HOWTO.
>
> I'm hoping that someone with much more experience than me will be able to
> help me.

I´m not so experience but I think you forgot one thing. Do you have this:

passwd: files ldap
shadow: files ldap
group:  files ldap

in your /etc/nsswitch.conf and this:

authrequired  /lib/security/pam_env.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authsufficient use_first_pass
authrequired  /lib/security/pam_deny.so
account sufficient /lib/security/pam_ldap.so
account required  /lib/security/pam_unix.so
passwordrequired  /lib/security/pam_cracklib.so retry=3
passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5
shadow
passwordsufficient /lib/security/pam_ldap.so
passwordrequired  /lib/security/pam_deny.so
session required  /lib/security/pam_limits.so
session sufficient  /lib/security/pam_ldap.so
session required  /lib/security/pam_unix.so

in /etc/pam.d/system-auth?

In redhat you can do this with authconfig.

hope this helps.

Bruno Pereti.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + LDAP problem...

2003-06-13 Thread Collins, Kevin 
Ok, after three more days of pulling my hair out, I'm still stuck.  I've got
what I think is the problem, but I'm sure how to fix it.

I'm building a Samba PDC using the IDEALX.org HOWTO.  I'm using samba 2.2.7
and openldap 2.0.27 that I compiled from the Red Hat Network.  This is being
built on Red Hat Enterprise Linux ES 2.1.

Ok, So I get to the part of the HOWTO that instructs me to add the
administrator account.  So I use 'smbldap-useradd.pl -a -m -g 200
administrator', but I get an error stating
'/usr/local/sbin/smbldap-useradd.pl: unknown group 200'.

This is odd because I can do a 'smbldap-groupshow.pl "domain admins"' and
*see* the 'Domain Admins' group.  And that group has a gidNumber of 200!

How can I see the group, have it set with the proper information and yet get
an error that says it's not there?

Below are some files that I think are pertinent.  The
/etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the
base.ldif that is from the IDEALX.org HOWTO.

I'm hoping that someone with much more experience than me will be able to
help me.

Thanks in advance


***begin ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
17:54:38 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URIldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT  12
#TIMELIMIT  15
#DEREF  never
HOST 127.0.0.1
BASE dc=nesbitt,dc=local
***end ldap.conf

***begin sldap.conf*
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema

###
# ldbm database definitions
###

databaseldbm
suffix  "dc=nesbitt,dc=local"
rootdn  "cn=manager,dc=nesbitt,dc=local"
rootpw  

# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory   /var/lib/ldap

# Indices to maintain
index   objectClass,rid,uid,uidNumber,gidNumber,memberUid   eq
index   cn,mail,surname,givenname
eq,subinitial
***end sldap.conf***

***begin smb.conf***
#

*
# --   Nesbitt Engineering, Inc. Stargazer Samba Configuration
--
#

*
# This is the main Samba configuration file for Stargazer - NEI's Promary
# Domain Controller and Lexington office File Server.
#
# This configuration file is only to be used for an LDAP enabled server that
# will be acting as a PDC.  Modifications will be required for member
servers
# and machine that will act as "BDCs".
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this file we have used a #
# for commentry and a ; for parts of the config file that are
# either not enabled yet, or temporarly disabled
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#

-
# "Fear the Penguin!"
#   -- Kevin L. Collins
#  Systems Manager
#  Nesbitt Engineering, Inc.
#

*
# Changelog:
# Date - Version - Change
#* Info about change
#

-
# 06/04/03 - 1.0 - Original Creation
#

*

#= Global Settings

[global]
# Server Name and description
   workgroup = nesbitt.local
   netbios name = stargazer
   server string = Stargazer - Lexington File Server

# Samba log information
   log file = /var/log/samba/%m.log
   max log size = 0

# Security information
   security = user
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   passwd program = /usr/local/sbin/smbldap-pass

Re: [Samba] LDAP problem

2003-06-12 Thread Bartkowski, Hubertus 
Hi Fabricio,
check first if you have installed the LDAP headers and libraries
(openldap2-devel). Look also in the source/config.log if ldap is used.

Hubertus


-Ursprüngliche Nachricht-
Von: Fabricio Adorno [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 12. Juni 2003 20:30
An: [EMAIL PROTECTED]
Betreff: [Samba] LDAP problem


Hi all,

I have compiled samba3.0.0beta1 with the options:

./configure --enable-static=yes --with-smbmount  --with-ldapsam

I'm using "passdb backend = ldapsam:ldap://localhost"; and when I try to add
a 
user using smbpasswd I got the message:

Error loading module '/usr/local/samba/lib/pdb/ldapsam.so': 
/usr/local/samba/lib/pdb/ldapsam.so: cannot open shared object file: No such

file or directory
No builtin nor plugin backend for ldapsam found
Loading ldapsam:ldap://localhost failed



What else do I have to do?


Please, sombebody help me.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problem

2003-06-12 Thread Fabricio Adorno 
Hi all,

I have compiled samba3.0.0beta1 with the options:

./configure --enable-static=yes --with-smbmount  --with-ldapsam

I'm using "passdb backend = ldapsam:ldap://localhost"; and when I try to add a 
user using smbpasswd I got the message:

Error loading module '/usr/local/samba/lib/pdb/ldapsam.so': 
/usr/local/samba/lib/pdb/ldapsam.so: cannot open shared object file: No such 
file or directory
No builtin nor plugin backend for ldapsam found
Loading ldapsam:ldap://localhost failed



What else do I have to do?


Please, sombebody help me.

Thanks
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + LDAP problem

2003-05-29 Thread Gabriel Maffia 
Hi:

I'm trying to integrate Samba and LDAP (Samba working as a PDC). While
trying to add a computer to the domain, this is what I get (This is not a
production server, so there is no problem with password revealing):

[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(435)
  get_single_attribute: [userWorkstations] = []
[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [rid] = [3000]
[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [primaryGroupID] = [3001]
[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [lmPassword] = [E52CAC67419A9A220CEC7D55CCC350DD]
[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [ntPassword] = [489DC27E7F41B2F1482B8B72B9F593D7]
[2003/05/28 18:59:00, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [acctFlags] = [[UX ]]
[2003/05/28 18:59:00, 4] smbd/password.c:smb_password_ok(475)
  smb_password_ok: Checking SMB password for user test
[2003/05/28 18:59:00, 5] smbd/password.c:smb_password_ok(489)
  smb_password_ok: challenge received
[2003/05/28 18:59:00, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2003/05/28 18:59:00, 4] smbd/password.c:smb_password_ok(504)
  smb_password_ok: NT MD4 password check failed
[2003/05/28 18:59:00, 4] smbd/password.c:smb_password_ok(518)
  smb_password_ok: Checking LM password
[2003/05/28 18:59:00, 4] smbd/password.c:smb_password_ok(523)
  smb_password_ok: LM password check failed
[2003/05/28 18:59:00, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [test]
[2003/05/28 18:59:00, 1] smbd/reply.c:reply_sesssetup_and_X(1023)
  Rejecting user 'test': authentication failed
[2003/05/28 18:59:00, 3] smbd/error.c:error_packet(109)
  error packet at smbd/reply.c(1025) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2003/05/28 18:59:00, 5] lib/util.c:show_msg(268)

I guess the attributes are OK. The passwords where generated with mkntpwd
(mkntpwd -L password -N password)


Thanks a lot!

Gabriel.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba