Re: [Samba] Samba+Ldap problems

[Tim Bates]

dogbert wrote:

Ok, a little update on this issue.
I've changed the various common-* within /etc/pam.d and I've obtained 
the following.
Now I can connect with ssh or su with a user defined in ldap as long 
as this user is present also in /etc/passwd.
It seems that the system check for the user account in /etc/passwd and 
then it check for password under ldap.
Now if a user try to change his password (with the passwd command) it 
works through ldap.
While using "getent passwd" I still obtain only the users contained in 
/etc/passwd.

I'd suggest having a good read of this page:
https://help.ubuntu.com/community/LDAPClientAuthentication

If you're still having no LDAP results show up with getent, then there's 
issues with nsswitch still. The nsswitch.conf you sent me looks right, 
so I'd put my money on a problem in your ldap client settings. Check 
/etc/ldap.conf and /etc/ldap/ldap.conf and make sure anything set there 
is correct. Also check that a basedn is set in one of them and the host 
is set correctly.


You may also want to check you can access the LDAP data from an LDAP 
viewer... I use phpldapadmin to check actual content, and LAM to manage 
accounts. But any LDAP client that shows the tree will help.


TB

**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba+Ldap problems

[dogbert]

Ok, a little update on this issue.
I've changed the various common-* within /etc/pam.d and I've obtained the 
following.
Now I can connect with ssh or su with a user defined in ldap as long as this 
user is present also in /etc/passwd.
It seems that the system check for the user account in /etc/passwd and then it 
check for password under ldap.
Now if a user try to change his password (with the passwd command) it works 
through ldap.

While using "getent passwd" I still obtain only the users contained in 
/etc/passwd.
These are my /etc/pam.d files:

COMMON-AUTH:
authsufficient  pam_ldap.so
authrequiredpam_unix.so nullok_secure use_first_pass
authrequisite   pam_deny.so
authrequiredpam_permit.so
authoptionalpam_smbpass.so migrate

COMMON-ACCOUNT:
account sufficient  pam_ldap.so
account requiredpam_unix.so
account requisite   pam_deny.so
account requiredpam_permit.so

COMMON-PASSWORD:
passwordsufficient  pam_ldap.so
passwordrequiredpam_unix.so nullok obscure min=4 max=8 md5
passwordrequisite   pam_deny.so
passwordrequiredpam_permit.so
passwordoptionalpam_smbpass.so nullok 
use_authtok use_first_pass


COMMON-SESSION:
session [default=1] pam_permit.so
session requisite   pam_deny.so
session requiredpam_permit.so
session requiredpam_unix.so
session optionalpam_ldap.so
session optionalpam_ck_connector.so nox11

SSHD:
auth   required pam_env.so # [1]
auth   required pam_env.so envfile=/etc/default/locale
@include common-auth
accountrequired pam_nologin.so
@include common-account
@include common-session
sessionoptional pam_motd.so # [1]
sessionoptional pam_mail.so standard noenv # [1]
sessionrequired pam_limits.so
@include common-password

LOGIN:
auth   requisite  pam_securetty.so
auth   requisite  pam_nologin.so
sessionrequired   pam_selinux.so close
session   required   pam_env.so readenv=1
session   required   pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth   optional   pam_group.so
sessionrequired   pam_limits.so
sessionoptional   pam_lastlog.so
sessionoptional   pam_motd.so
sessionoptional   pam_mail.so standard
@include common-account
@include common-session
@include common-password
session required pam_selinux.so open

SU:
auth   sufficient pam_rootok.so
session   required   pam_env.so readenv=1
session   required   pam_env.so readenv=1 envfile=/etc/default/locale
sessionoptional   pam_mail.so nopen
@include common-auth
@include common-account
@include common-session

SAMBA:
@include common-auth
@include common-account
@include common-session


Tim Bates wrote:

dogb...@infinito.it wrote:

Thanks Oliver,
I will check all the files in /etc/pam.d
  

Check /etc/nsswitch.conf first. I think it may be your first problem.

I think that if I can succeed in authenticating via shell or ssh I can 
then

rule-out pam issues and work on samba configuration.
You need that working before you can start the Samba stages. Samba needs 
those accounts working before it can work properly.


TB



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba+Ldap problems

[Tim Bates]

dogb...@infinito.it wrote:

Thanks Oliver,
I will check all the files in /etc/pam.d
  

Check /etc/nsswitch.conf first. I think it may be your first problem.


I think that if I can succeed in authenticating via shell or ssh I can then
rule-out pam issues and work on samba configuration.
You need that working before you can start the Samba stages. Samba needs 
those accounts working before it can work properly.


TB
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba+Ldap problems

[dogbert]

Thanks Oliver,
I will check all the files in /etc/pam.d

My problems are with samba, but after a little troubleshooting I think that
some of them are originated at PAM/Ldap level, so I'm checking this first.
I've followed the guide taken from Ubuntu site:
https://help.ubuntu.com/8.10/serverguide/C/network-authentication.html

I think that if I can succeed in authenticating via shell or ssh I can then
rule-out pam issues and work on samba configuration.

Thanks,
Riccardo

- Original Message 
Da: Olivier Nicole 
To: 
Cc: samba@lists.samba.org
Oggetto: Re: [Samba] Samba+Ldap problems
Data: 03/06/09 12:42

> 
> 
> Hi,
> 
> > I'm trying to use it to
> > login via ssh. This user cannot authenticate.
> > Here is the result from auth.log and some configurations files
> 
> This is not a samba problem but a SSH/Ubuntu/Ldap problem :)
> 
> You need both packages pam_ldap AND nss_ldap.
> 
> You need to configure both (configuration is very similar, but there
> may be some differences).
> 
> To give a brief explanation:
> 
> pam_ldap is used by ssh (you need to configure /etc/pam.d/ssh !) to
> accept the username and password
> 
> nss_ldap is used by thing slike getent, or to show your correct
> username and group when you do a "ls -l"
> 
> Now it much depends how your LDAP tree is organized, so I cannot give
> much more advise; what is the objectClass you use for your users? I am
> surprised to see that user and password belongs to different place in
> the LDAP tree. I am also surprised that the /etc/pam.d example you
> give do not contain a single reference to ldap...
> 
> There are good how-to floating on Google, that work you step by step.
> 
> 
> Best regards,
> 
> Olivier
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba+Ldap problems

[Olivier Nicole]

Hi,

> I'm trying to use it to
> login via ssh. This user cannot authenticate.
> Here is the result from auth.log and some configurations files

This is not a samba problem but a SSH/Ubuntu/Ldap problem :)

You need both packages pam_ldap AND nss_ldap.

You need to configure both (configuration is very similar, but there
may be some differences).

To give a brief explanation:

pam_ldap is used by ssh (you need to configure /etc/pam.d/ssh !) to
accept the username and password

nss_ldap is used by thing slike getent, or to show your correct
username and group when you do a "ls -l"

Now it much depends how your LDAP tree is organized, so I cannot give
much more advise; what is the objectClass you use for your users? I am
surprised to see that user and password belongs to different place in
the LDAP tree. I am also surprised that the /etc/pam.d example you
give do not contain a single reference to ldap...

There are good how-to floating on Google, that work you step by step.


Best regards,

Olivier
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba+Ldap problems

[dogbert]

I'm trying to trobuleshoot my previuos problem from the basics.

I've a box setup with Ubuntu, samba and ldap. I have a lot of problems with
user authentications.
I'm checking if LDAP and PAM ar working together. I've added an user to ldap
with smbldap-useradd command (as posix account) and I'm trying to use it to
login via ssh. This user cannot authenticate.
Here is the result from auth.log and some configurations files:

Jun  3 11:02:37 localserver sshd[27372]: Invalid user testmio from
192.168.10.1
Jun  3 11:02:37 localserver sshd[27372]: Failed none for invalid user
testmio from 192.168.10.1 port 44352 ssh2
Jun  3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): check pass;
user unknown
Jun  3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=remoteclient.domain.it
Jun  3 11:02:39 localserver sshd[27372]: pam_ldap: error trying to bind as
user "uid=testmio,ou=Users,dc=domain,dc=it" (Invalid credentials)
Jun  3 11:02:41 localserver sshd[27372]: Failed password for invalid user
testmio from 192.168.10.1 port 44352 ssh2

If I use the command "getent passwd" I obtain only the account present in
/etc/passwd file and none of those included in ldap.

/etc/pam.conf is empty

# /etc/pam.d/samba
@include common-auth
@include common-account
@include common-session


# etc/pam.d/login
auth requisite pam_securetty.so
auth requisite pam_nologin.so
session required pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session required pam_selinux.so open


# /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

ldap.conf contains the following directives:
nss_base_passwdou=Users,dc=domain,dc=it?one
nss_base_passwdou=Computers,dc=domain,dc=it?one
nss_base_shadowou=Users,dc=domain,dc=it?one
nss_base_group ou=Groups,dc=domain,dc=it?one




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Re: Samba/Ldap problems with Versions > 3.0.24

[Markus Kahle]

Hi,

Adam Tauno Williams wrote:


we have similiar problems with samba+ldap after updating to 3.0.27.
But in our case, the following ldap-Attributes won't get updated:
sambaPwdMustChange
sambaPwdCanChange
only sambPwdLastSet gets altered.
in newly created accounts the two Attributes even won't be created !?
I already checked every log-file i can think of, I played with verbose 
logging, but I really can't find a solution up to now.
I also asked about this stuff here in the mailinglist several weeks ago, 
but no answer til now.

So what could we do ?





Is there a policy set to affect these attributes?

littleboy:~ # pdbedit -P "minimum password age"
account policy value for minimum password age is 86400
littleboy:~ # pdbedit -P "maximum password age"
account policy value for maximum password age is 5184000



Sorry for answering so late, got some spare days.

It seems to be two different problems - mine and the one of the thread 
starter. Both concering the LDAP Samba password attributes, but this 
seems to be the only thing in common.


I checked those two values:

[underworld ~]# pdbedit -P "minimum password age"
account policy "minimum password age" description: Minimal password age, 
in seconds (default: 0 => allow immediate password change)

account policy "minimum password age" value is: 0
[underworld ~]# pdbedit -P "maximum password age"
account policy "maximum password age" description: Maximum password age, 
in seconds (default: -1 => never expire passwords)

account policy "maximum password age" value is: 7776000


So those Attribute should be set in LDAP actually , but the don't !

Any suggestions ?


Thanks in advance,


Markus Kahle

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba/Ldap problems with Versions > 3.0.24

[Tomasz Chmielewski]

Mario Gzuk schrieb:

Hi,

Am Montag, den 17.03.2008, 13:41 -0400 schrieb Adam Tauno Williams:

we have similiar problems with samba+ldap after updating to 3.0.27.
But in our case, the following ldap-Attributes won't get updated:
sambaPwdMustChange
sambaPwdCanChange
only sambPwdLastSet gets altered.
in newly created accounts the two Attributes even won't be created !?
I already checked every log-file i can think of, I played with verbose 
logging, but I really can't find a solution up to now.
I also asked about this stuff here in the mailinglist several weeks ago, 
but no answer til now.

So what could we do ?

Is there a policy set to affect these attributes?

littleboy:~ # pdbedit -P "minimum password age"
account policy value for minimum password age is 86400
littleboy:~ # pdbedit -P "maximum password age"
account policy value for maximum password age is 5184000


We have a policy for the maximum password age (value is: 15552000). But
this doesnt matter. The timestamps in the LDAP get updated correctly,
but the pdbedit -Lv user shows the wrong dates and the functionality is
broken as you may read in my previous mail...


A similar problem was reported in "Strange NT_STATUS_PASSWORD errors 
after upgrade to 3.0.26a" if you search the lists (actually, I see you 
mentioned it, too).


I guess this bug is worth reporting on http://bugzilla.samba.org?


--
Tomasz Chmielewski
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba/Ldap problems with Versions > 3.0.24

[Mario Gzuk]

Hi,

Am Montag, den 17.03.2008, 13:41 -0400 schrieb Adam Tauno Williams:
> > we have similiar problems with samba+ldap after updating to 3.0.27.
> > But in our case, the following ldap-Attributes won't get updated:
> > sambaPwdMustChange
> > sambaPwdCanChange
> > only sambPwdLastSet gets altered.
> > in newly created accounts the two Attributes even won't be created !?
> > I already checked every log-file i can think of, I played with verbose 
> > logging, but I really can't find a solution up to now.
> > I also asked about this stuff here in the mailinglist several weeks ago, 
> > but no answer til now.
> > So what could we do ?
> 
> Is there a policy set to affect these attributes?
> 
> littleboy:~ # pdbedit -P "minimum password age"
> account policy value for minimum password age is 86400
> littleboy:~ # pdbedit -P "maximum password age"
> account policy value for maximum password age is 5184000

We have a policy for the maximum password age (value is: 15552000). But
this doesnt matter. The timestamps in the LDAP get updated correctly,
but the pdbedit -Lv user shows the wrong dates and the functionality is
broken as you may read in my previous mail...

greetings mario gzuk

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba/Ldap problems with Versions > 3.0.24

[Adam Tauno Williams]

> we have similiar problems with samba+ldap after updating to 3.0.27.
> But in our case, the following ldap-Attributes won't get updated:
> sambaPwdMustChange
> sambaPwdCanChange
> only sambPwdLastSet gets altered.
> in newly created accounts the two Attributes even won't be created !?
> I already checked every log-file i can think of, I played with verbose 
> logging, but I really can't find a solution up to now.
> I also asked about this stuff here in the mailinglist several weeks ago, 
> but no answer til now.
> So what could we do ?

Is there a policy set to affect these attributes?

littleboy:~ # pdbedit -P "minimum password age"
account policy value for minimum password age is 86400
littleboy:~ # pdbedit -P "maximum password age"
account policy value for maximum password age is 5184000

-- 
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba/Ldap problems with Versions > 3.0.24

[Markus Kahle]

Hi !

we have similiar problems with samba+ldap after updating to 3.0.27.

But in our case, the following ldap-Attributes won't get updated:

sambaPwdMustChange
sambaPwdCanChange

only sambPwdLastSet gets altered.

in newly created accounts the two Attributes even won't be created !?

I already checked every log-file i can think of, I played with verbose 
logging, but I really can't find a solution up to now.


I also asked about this stuff here in the mailinglist several weeks ago, 
but no answer til now.



So what could we do ?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/Ldap problems with Versions > 3.0.24

[Mario Gzuk]

Hi,
we have a samba/ldap domain. After upgrading to versions greater than
3.0.24, there are problems with the timestamps which are correct set in
the LDAP tree.
Here are 2 examples:
---
Example 1: 
Password can change=not empty
LDAP:
sambaPwdLastSet: 1205744729
sambaPwdMustChange: 1307828342
sambaPwdCanChange: 1192276342
sambaKickoffTime: 1228086000

Samba 3.0.24 -> correct:
Logon time:   Tue, 06 Feb 2007 16:07:05 CET
Logoff time:  Tue, 10 Feb 2004 09:18:42 CET
Kickoff time: Mon, 01 Dec 2008 00:00:00 CET
Password last set:Mon, 17 Mar 2008 10:05:29 CET
Password can change:  Sat, 13 Oct 2007 13:52:22 CEST
Password must change: Sat, 11 Jun 2011 23:39:02 CEST


Samba >3.0.24 -> incorrect:
Logon time:   Tue, 06 Feb 2007 16:07:05 CET
Logoff time:  Tue, 10 Feb 2004 09:18:42 CET
Kickoff time: Mon, 01 Dec 2008 00:00:00 CET
Password last set:Mon, 17 Mar 2008 10:05:29 CET
Password can change:  Mon, 17 Mar 2008 10:05:29 CET
Password must change: Mon, 17 Mar 2008 10:06:59 CET
---
Exapmle 2:
Password can change=empty
LDAP:
sambaPwdLastSet: 1205738745
sambaPwdMustChange: 1208781070
sambaKickoffTime: 1230764400
sambaPwdCanChange -> doesnt exist

Samba 3.0.24 -> correct:
Logon time:   Wed, 07 Feb 2007 20:00:12 CET
Logoff time:  Thu, 09 Oct 2003 08:04:28 CEST
Kickoff time: Thu, 01 Jan 2009 00:00:00 CET
Password last set:Mon, 17 Mar 2008 08:25:45 CET
Password can change:  0
Password must change: Mon, 21 Apr 2008 14:31:10 CEST

Samba >3.0.24 -> incorrect:
Logon time:   Wed, 07 Feb 2007 20:00:12 CET
Logoff time:  Thu, 09 Oct 2003 08:04:28 CEST
Kickoff time: Thu, 01 Jan 2009 00:00:00 CET
Password last set:Mon, 17 Mar 2008 08:25:45 CET
Password can change:  Mon, 17 Mar 2008 08:25:45 CET
Password must change: Mon, 17 Mar 2008 08:27:15 CET
---

The time sets for "Password can change:" and "Password must change:" are
incorrect, that leads to that each user has to change his password every
time he want to log in, because the "Password must change" is 1:30
minute later than "Password can change" which is the same value like
"Password last set". So this bug exists since a half year, so I wonder
that no one other than Tomasz Chmielewski has detect this behavior. See
his unanswered messages here:
http://www.nabble.com/Re%
3A-Strange-NT_STATUS_PASSWORD-errors-after-upgrade-to-3.0.26a-td15847364.html


greetings mario

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Marcelo Mogrovejo escreveu:

Hi John...

John H Terpstra wrote:

(...)

I mean that i don't know why the user linux is not created, why i don't
see him with getent passwd.
The command work fine without errors.

So all of this means smbldap-tools is broken ??



No, it means your NSS is either not configured correctly, or is 
broken.  How have you configured /etc/nsswitch.conf and /etc/ldap.conf?
  

here i show you my /etc/nsswitch.conf and /etc/ldap/ldap.conf

http://pastebin.com/mf74cf2


thanks.

regards


About /etc/ldap/ldap.conf, Debian don't use the config from there (it 
reads from different files when using NSS or PAM), include your 
/etc/nss-ldap.conf instead.


The only use of /etc/ldap/ldap.conf that I remeber now is by ldap-utils 
(ldapsearch for example).


Looking at the file that you sent, I saw that you are trying to use TLS, 
and didn't understood yet if openldap is installed in that same machine 
that you are trying to configure NSS (that in my opinion in this case 
could make TLS useless).


If you never configured an LDAP server before, if possible you should 
try something simpler, don't use TLS and don't set the pam and nss filters.



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Hi John...

John H Terpstra wrote:

On Wednesday 07 November 2007 19:00, Marcelo Mogrovejo wrote:
  

Hello...

Edmundo Valle Neto wrote:


Marcelo Mogrovejo escreveu:
  

Hello Edmundo


(...)

  

So, yes, i have configured this file already:
passwd: compat ldap
shadow: compat ldap
group:   compat ldap

I have downloaded the libnss-ldap file too but it's the same...


Yes, this package must be installed too, nsswitch.conf says where to
read and libnss-ldap says how to do it when using LDAP. Normally
answering debconf properly when installing the package is enough to
make it work and messing with /etc/libnss-ldap.conf isn't needed.

  

I can't make it to work...

If i try to create a posixAccount in phpLDAPadmin it show me the error:
"Could not add the object to the LDAP server.

LDAP said: Object class violation
Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
Description: You tried to perform an operation that would cause an
undefined attribute to exist or that would remove a required
attribute, given the current list of ObjectClasses. This can also
occur if you do not specify a structural objectClass when creating an
entry, or if you specify more than one structural objectClass."


Doesn't make much sense trying anything else if your NSS doesn't work,
make it work isn't optional.
If you have populated LDAP successfully with smbldap-populate at least
the administrator and nobody accounts (or whatever was inserted in the
base) must appear with getent. (you can make sure what was inserted
doing a slapcat).
  

Ok with slapcat i see the user "testuser" created... but i saw it in
phpldapadmin before.
Here i cut and paste a last section of slapcat out:

dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
sn: testuser
givenName: testuser
uid: testuser
uidNumber: 1564
gidNumber: 513
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c
creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar
createTimestamp: 20071108004614Z
userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4=
shadowLastChange: 13825
shadowMax: 45
entryCSN: 20071108004653Z#00#00#00
modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar
modifyTimestamp: 20071108004653Z



And the rare is, when i create the account with smbldap-useradd -m
testuser it create the home directory at /home/testuser but i don't
know why it doesn't create a uid


Ok, -m makes the home directory, but what do you mean by "doesn't
create a uid"? Its only a perl script that inserts something in the
base directly, it doesn't fail when lacking NSS. A dump of the base
with slapcat doesn't show the user? The command give any error? If the
user isn't in the base your smbldap-tools install is broken too.
  

I mean that i don't know why the user linux is not created, why i don't
see him with getent passwd.
The command work fine without errors.

So all of this means smbldap-tools is broken ??



No, it means your NSS is either not configured correctly, or is broken.  How 
have you configured /etc/nsswitch.conf and /etc/ldap.conf?
  

here i show you my /etc/nsswitch.conf and /etc/ldap/ldap.conf

http://pastebin.com/mf74cf2


thanks.

regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Hello...

Edmundo Valle Neto wrote:

Marcelo Mogrovejo escreveu:

Hello Edmundo


(...)


So, yes, i have configured this file already:
passwd: compat ldap
shadow: compat ldap
group:   compat ldap

I have downloaded the libnss-ldap file too but it's the same...


Yes, this package must be installed too, nsswitch.conf says where to 
read and libnss-ldap says how to do it when using LDAP. Normally 
answering debconf properly when installing the package is enough to 
make it work and messing with /etc/libnss-ldap.conf isn't needed.



I can't make it to work...

If i try to create a posixAccount in phpLDAPadmin it show me the error:
"Could not add the object to the LDAP server.

LDAP said: Object class violation
Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
Description: You tried to perform an operation that would cause an 
undefined attribute to exist or that would remove a required 
attribute, given the current list of ObjectClasses. This can also 
occur if you do not specify a structural objectClass when creating an 
entry, or if you specify more than one structural objectClass."


Doesn't make much sense trying anything else if your NSS doesn't work, 
make it work isn't optional.
If you have populated LDAP successfully with smbldap-populate at least 
the administrator and nobody accounts (or whatever was inserted in the 
base) must appear with getent. (you can make sure what was inserted 
doing a slapcat).

Ok with slapcat i see the user "testuser" created... but i saw it in
phpldapadmin before.
Here i cut and paste a last section of slapcat out:

dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
sn: testuser
givenName: testuser
uid: testuser
uidNumber: 1564
gidNumber: 513
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c
creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar
createTimestamp: 20071108004614Z
userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4=
shadowLastChange: 13825
shadowMax: 45
entryCSN: 20071108004653Z#00#00#00
modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar
modifyTimestamp: 20071108004653Z



And the rare is, when i create the account with smbldap-useradd -m 
testuser it create the home directory at /home/testuser but i don't 
know why it doesn't create a uid


Ok, -m makes the home directory, but what do you mean by "doesn't 
create a uid"? Its only a perl script that inserts something in the 
base directly, it doesn't fail when lacking NSS. A dump of the base 
with slapcat doesn't show the user? The command give any error? If the 
user isn't in the base your smbldap-tools install is broken too.



I mean that i don't know why the user linux is not created, why i don't
see him with getent passwd.
The command work fine without errors.

So all of this means smbldap-tools is broken ??

Regards.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Hello...

Edmundo Valle Neto wrote:

Marcelo Mogrovejo escreveu:

Hello Edmundo


(...)


So, yes, i have configured this file already:
passwd: compat ldap
shadow: compat ldap
group:   compat ldap

I have downloaded the libnss-ldap file too but it's the same...


Yes, this package must be installed too, nsswitch.conf says where to 
read and libnss-ldap says how to do it when using LDAP. Normally 
answering debconf properly when installing the package is enough to 
make it work and messing with /etc/libnss-ldap.conf isn't needed.



I can't make it to work...

If i try to create a posixAccount in phpLDAPadmin it show me the error:
"Could not add the object to the LDAP server.

LDAP said: Object class violation
Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
Description: You tried to perform an operation that would cause an 
undefined attribute to exist or that would remove a required 
attribute, given the current list of ObjectClasses. This can also 
occur if you do not specify a structural objectClass when creating an 
entry, or if you specify more than one structural objectClass."


Doesn't make much sense trying anything else if your NSS doesn't work, 
make it work isn't optional.
If you have populated LDAP successfully with smbldap-populate at least 
the administrator and nobody accounts (or whatever was inserted in the 
base) must appear with getent. (you can make sure what was inserted 
doing a slapcat).
Ok with slapcat i see the user "testuser" created... but i saw it in 
phpldapadmin before.

Here i cut and paste a last section of slapcat out:

dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
sn: testuser
givenName: testuser
uid: testuser
uidNumber: 1564
gidNumber: 513
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: System User
structuralObjectClass: inetOrgPerson
entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c
creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar
createTimestamp: 20071108004614Z
userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4=
shadowLastChange: 13825
shadowMax: 45
entryCSN: 20071108004653Z#00#00#00
modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar
modifyTimestamp: 20071108004653Z



And the rare is, when i create the account with smbldap-useradd -m 
testuser it create the home directory at /home/testuser but i don't 
know why it doesn't create a uid


Ok, -m makes the home directory, but what do you mean by "doesn't 
create a uid"? Its only a perl script that inserts something in the 
base directly, it doesn't fail when lacking NSS. A dump of the base 
with slapcat doesn't show the user? The command give any error? If the 
user isn't in the base your smbldap-tools install is broken too.


I mean that i don't know why the user linux is not created, why i don't 
see him with getent passwd.

The command work fine without errors.

So all of this means smbldap-tools is broken ??

Regards.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Marcelo Mogrovejo escreveu:

Hello Edmundo


(...)


So, yes, i have configured this file already:
passwd: compat ldap
shadow: compat ldap
group:   compat ldap

I have downloaded the libnss-ldap file too but it's the same...


Yes, this package must be installed too, nsswitch.conf says where to 
read and libnss-ldap says how to do it when using LDAP. Normally 
answering debconf properly when installing the package is enough to make 
it work and messing with /etc/libnss-ldap.conf isn't needed.



I can't make it to work...

If i try to create a posixAccount in phpLDAPadmin it show me the error:
"Could not add the object to the LDAP server.

LDAP said: Object class violation
Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
Description: You tried to perform an operation that would cause an 
undefined attribute to exist or that would remove a required 
attribute, given the current list of ObjectClasses. This can also 
occur if you do not specify a structural objectClass when creating an 
entry, or if you specify more than one structural objectClass."


Doesn't make much sense trying anything else if your NSS doesn't work, 
make it work isn't optional.
If you have populated LDAP successfully with smbldap-populate at least 
the administrator and nobody accounts (or whatever was inserted in the 
base) must appear with getent. (you can make sure what was inserted 
doing a slapcat).


And the rare is, when i create the account with smbldap-useradd -m 
testuser it create the home directory at /home/testuser but i don't 
know why it doesn't create a uid


Ok, -m makes the home directory, but what do you mean by "doesn't create 
a uid"? Its only a perl script that inserts something in the base 
directly, it doesn't fail when lacking NSS. A dump of the base with 
slapcat doesn't show the user? The command give any error? If the user 
isn't in the base your smbldap-tools install is broken too.



thanks for your help

best regards.



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Hello Edmundo

Edmundo Valle Neto wrote:

Marcelo Mogrovejo escreveu:

(...)

Have you configured NSS? "gentent passwd" shows the user?

NSS is the same of /etc/nsswitch.conf ??


Yes, its the configuration file of NSS, it says from which base the 
information are readed, when using LDAP it needs to read from LDAP too.

So, yes, i have configured this file already:
passwd: compat ldap
shadow: compat ldap
group:   compat ldap

I have downloaded the libnss-ldap file too but it's the same...

I can't make it to work...

If i try to create a posixAccount in phpLDAPadmin it show me the error:
"Could not add the object to the LDAP server.

LDAP said: Object class violation
Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION)
Description: You tried to perform an operation that would cause an 
undefined attribute to exist or that would remove a required attribute, 
given the current list of ObjectClasses. This can also occur if you do 
not specify a structural objectClass when creating an entry, or if you 
specify more than one structural objectClass."


And the rare is, when i create the account with smbldap-useradd -m 
testuser it create the home directory at /home/testuser but i don't know 
why it doesn't create a uid


thanks for your help

best regards.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Marcelo Mogrovejo escreveu:

(...)

Have you configured NSS? "gentent passwd" shows the user?

NSS is the same of /etc/nsswitch.conf ??


Yes, its the configuration file of NSS, it says from which base the 
information are readed, when using LDAP it needs to read from LDAP too.



No, getent passwd doesn't show me the users i created...


So, make it shows :). Configure NSS is not optional, and the 
documentation shows how to do it.




regards


Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Edmundo Valle Neto wrote:

Marcelo Mogrovejo escreveu:

Hi

(...)

I read this documents and i begin again with samba+ldap...
This time i have not problems, except when i try to create an user 
for testing.
I create a testuser and i add a password for his but when i try to 
login with this user, hi doesn't login...
for exameple with command "su testuser" as root it show me "Id 
desconocido: testuser" or "Unknown Id: testuser".


i don't know why happen it...


(...)

Have you configured NSS? "gentent passwd" shows the user?

NSS is the same of /etc/nsswitch.conf ??
No, getent passwd doesn't show me the users i created...

regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Have you configured NSS? "gentent passwd" shows the user?


Its "getent".


Edmundo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Marcelo Mogrovejo escreveu:

Hi

(...)

I read this documents and i begin again with samba+ldap...
This time i have not problems, except when i try to create an user for 
testing.
I create a testuser and i add a password for his but when i try to 
login with this user, hi doesn't login...
for exameple with command "su testuser" as root it show me "Id 
desconocido: testuser" or "Unknown Id: testuser".


i don't know why happen it...


(...)

Have you configured NSS? "gentent passwd" shows the user?
If I remember right, smbldap-tools creates users with a null shell by 
default too.



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Hi

(...)

I read this documents and i begin again with samba+ldap...
This time i have not problems, except when i try to create an user for 
testing.
I create a testuser and i add a password for his but when i try to login 
with this user, hi doesn't login...
for exameple with command "su testuser" as root it show me "Id 
desconocido: testuser" or "Unknown Id: testuser".


i don't know why happen it...




1. http://download.gna.org/smbldap-tools/docs/
2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/
3. http://us4.samba.org/samba/docs/man/Samba-Guide/



thanks and best regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Marcelo Mogrovejo]

Edmundo Valle Neto wrote:
If it was asked to the list answer to the list please, other people 
can not guess what was already answered.

Sending it back ...

(...)



Trying to add anything else works?
with de command line a don't know how add another thing, but with 
phpldapadmin i can add for example users.


The best documentation are from smbldap-tools project [1] and samba 
[2], [3].



(...)
I don't use LAM, but use smbldap-tools and phpldapadmin. In turn to 
saying that the services aren't properly configured (as nothing 
worked and you said that there isnt anything like that in google), I 
think helps begin from the beginning.


Are all services running in the same machine?
before, services were running now, i don't know what happen but slapd 
doesn't work when i write /etc/init.d/slapd start as root in command 
line, the syslog show me this:


Oct 29 16:31:56 skull1 slapd[12409]: @(#) $OpenLDAP: slapd 2.3.38 
(Sep 17 2007 21:09:04) $ 
[EMAIL PROTECTED]:/tmp/buildd/openldap2.3-2.3.38/debian/build/servers/slapd
Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_open: Database cannot be 
opened, err 13. Restore from backup!
Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): 
DB_ENV->lock_id_free interface requires an environment configured for 
the locking subsystem
Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): 
txn_checkpoint interface requires an environment configured for the 
transaction subsystem
Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: txn_checkpoint 
failed: Invalid argument (22)
Oct 29 16:31:57 skull1 slapd[12410]: backend_startup_one: bi_db_open 
failed! (13)

Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: alock_close failed
Oct 29 16:31:57 skull1 slapd[12410]: slapd stopped.
Oct 29 16:31:57 skull1 slapd[12410]: connections_destroy: nothing to 
destroy.


i don't know why... yesterday it work perfectly.


Probably your database is corrupted, you can try to fix it, recover a 
backup, or if you don't have a backup and nothing works, start it 
over. If you don't know how to make any of the alternatives, maybe is 
time to learn a little more about how LDAP works, before trying to use 
it.


You said that you are using Debian right? 

yes
The package 3.0.26a doesn't come with the stable release "Etch", 
which release are you using? 

i have debian sid (unstable release)


I don't recommend it in servers. And don't recommend it in desktops if 
you don't know how to solve your own problems.


How do you configure your apt repositories and install your 
packages? (if the packages related with the problem didn't came from 
the stable repository, helps write its versions). 
i configured my apt repository manualy with nano -w 
/etc/apt/sources.list and my repositories are:


deb http://ftp.uk.debian.org/debian/ sid main non-free contrib
deb-src http://ftp.uk.debian.org/debian/ sid main non-free contrib

ldap-account-manage 2.0.0-1
ldap-utils  2.3.38-1
slapd   2.3.38-1
smbldap-tools   0.9.4-1
phpldapadmin0.9.8.4-2

i think that all packages are there...


Ok. Everything from Sid.


How did you populated your LDAP tree?

i can't populate my LDAP tree jet ...


The package drops a working database practically with only the root 
and administrator DNs. I mean prepare it be used by samba, creating 
the needed OUs and domain information.


One detail. smbldap-tools doesn't use samba to do its job, it 
connects to LDAP directly, so, supposing that you have configured 
smbldap-tools properly, its very unlikely that the problem has 
anything to do with the samba package, as you have noticed that 
changing versions doesn't solve the problem.

aahh. ok.

thanks and best regards


1. http://download.gna.org/smbldap-tools/docs/
2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/
3. http://us4.samba.org/samba/docs/man/Samba-Guide/

Thanks for this docs, i'm starting to read it and then i'll follow to ask.

Regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

If it was asked to the list answer to the list please, other people can 
not guess what was already answered.

Sending it back ...

(...)



Trying to add anything else works?
with de command line a don't know how add another thing, but with 
phpldapadmin i can add for example users.


The best documentation are from smbldap-tools project [1] and samba [2], 
[3].


(...) 

I don't use LAM, but use smbldap-tools and phpldapadmin. In turn to 
saying that the services aren't properly configured (as nothing 
worked and you said that there isnt anything like that in google), I 
think helps begin from the beginning.


Are all services running in the same machine?
before, services were running now, i don't know what happen but slapd 
doesn't work when i write /etc/init.d/slapd start as root in command 
line, the syslog show me this:


Oct 29 16:31:56 skull1 slapd[12409]: @(#) $OpenLDAP: slapd 2.3.38 (Sep 
17 2007 21:09:04) $ 
[EMAIL PROTECTED]:/tmp/buildd/openldap2.3-2.3.38/debian/build/servers/slapd
Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_open: Database cannot be 
opened, err 13. Restore from backup!
Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): 
DB_ENV->lock_id_free interface requires an environment configured for 
the locking subsystem
Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): 
txn_checkpoint interface requires an environment configured for the 
transaction subsystem
Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: txn_checkpoint 
failed: Invalid argument (22)
Oct 29 16:31:57 skull1 slapd[12410]: backend_startup_one: bi_db_open 
failed! (13)

Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: alock_close failed
Oct 29 16:31:57 skull1 slapd[12410]: slapd stopped.
Oct 29 16:31:57 skull1 slapd[12410]: connections_destroy: nothing to 
destroy.


i don't know why... yesterday it work perfectly.


Probably your database is corrupted, you can try to fix it, recover a 
backup, or if you don't have a backup and nothing works, start it over. 
If you don't know how to make any of the alternatives, maybe is time to 
learn a little more about how LDAP works, before trying to use it.


You said that you are using Debian right? 

yes
The package 3.0.26a doesn't come with the stable release "Etch", 
which release are you using? 

i have debian sid (unstable release)


I don't recommend it in servers. And don't recommend it in desktops if 
you don't know how to solve your own problems.


How do you configure your apt repositories and install your packages? 
(if the packages related with the problem didn't came from the stable 
repository, helps write its versions). 
i configured my apt repository manualy with nano -w 
/etc/apt/sources.list and my repositories are:


deb http://ftp.uk.debian.org/debian/ sid main non-free contrib
deb-src http://ftp.uk.debian.org/debian/ sid main non-free contrib

ldap-account-manage 2.0.0-1
ldap-utils  2.3.38-1
slapd   2.3.38-1
smbldap-tools   0.9.4-1
phpldapadmin0.9.8.4-2

i think that all packages are there...


Ok. Everything from Sid.


How did you populated your LDAP tree?

i can't populate my LDAP tree jet ...


The package drops a working database practically with only the root and 
administrator DNs. I mean prepare it be used by samba, creating the 
needed OUs and domain information.


One detail. smbldap-tools doesn't use samba to do its job, it 
connects to LDAP directly, so, supposing that you have configured 
smbldap-tools properly, its very unlikely that the problem has 
anything to do with the samba package, as you have noticed that 
changing versions doesn't solve the problem.

aahh. ok.

thanks and best regards


1. http://download.gna.org/smbldap-tools/docs/
2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/
3. http://us4.samba.org/samba/docs/man/Samba-Guide/



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba+LDAP problems

[Edmundo Valle Neto]

Celodrake escreveu:

Hello there...


Hi.


My name is Marcelo, i am new in this list.
I don't know if here is the right place for asking about samba + LDAP, 
if not, sorry...


Yes, it is.

I am finishing to implement a samba server with ldap support but, when 
i want to add some group to the samba domain i obtain the following 
error messages:

- SMBLDAP_TOOLS
# smbldap-groupadd -a -g 1 -s S-1-5-21-blablabla -t 2 domainadmins
erreur LDAP: Can't contact master ldap server for writing
(IO::Socket::INET: connect: Conexion rehusada) at
/usr/share/perl5/smbldap_tools.pm line 277.

This line code refers to master ldap server, this server is in 
/etc/smbldap-tools/smbldap.conf configuration file.


Trying to add anything else works?


- LAM (LDAP ACCOUNT MANAGER)
In section groups i press the New Group button and then i complete the 
form for Unix and Samba 3 sections, but when i press the Create 
Account button it show me the following error message:


(...)

I don't undertand what mean the 1401 line code in  modules.inc file, 
searching in google i don't find information, onle a person who 
advises to use a old samba.schema version, i have the version which 
come with debian packet 3.0.26a and i downloaded the versions 3.0.25, 
3.0.24 and 3.0.23 but i had no luck, the problem continues there.


- PHPLDAPADMIN
In left menu, in ou=group section i press Create New Object button, i 
select Posix Group, i complete form with group name and GID and then 
press Proceed>> button. Then Create Object and i obtain the following 
error:


(...)

Searching in google i don't find any information about this error number.

I would be thankful if someone could help me with this problem.

Best regards


I don't use LAM, but use smbldap-tools and phpldapadmin. In turn to 
saying that the services aren't properly configured (as nothing worked 
and you said that there isnt anything like that in google), I think 
helps begin from the beginning.


Are all services running in the same machine?

You said that you are using Debian right? The package 3.0.26a doesn't 
come with the stable release "Etch", which release are you using? How do 
you configure your apt repositories and install your packages? (if the 
packages related with the problem didn't came from the stable 
repository, helps write its versions). How did you populated your LDAP tree?


One detail. smbldap-tools doesn't use samba to do its job, it connects 
to LDAP directly, so, supposing that you have configured smbldap-tools 
properly, its very unlikely that the problem has anything to do with the 
samba package, as you have noticed that changing versions doesn't solve 
the problem.



Regards.

Edmundo Valle Neto.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba+LDAP problems

[Celodrake]

Hello there...
My name is Marcelo, i am new in this list.
I don't know if here is the right place for asking about samba + LDAP, 
if not, sorry...


I am finishing to implement a samba server with ldap support but, when i 
want to add some group to the samba domain i obtain the following error 
messages:

- SMBLDAP_TOOLS
# smbldap-groupadd -a -g 1 -s S-1-5-21-blablabla -t 2 domainadmins
erreur LDAP: Can't contact master ldap server for writing
(IO::Socket::INET: connect: Conexion rehusada) at
/usr/share/perl5/smbldap_tools.pm line 277.

This line code refers to master ldap server, this server is in 
/etc/smbldap-tools/smbldap.conf configuration file.


- LAM (LDAP ACCOUNT MANAGER)
In section groups i press the New Group button and then i complete the 
form for Unix and Samba 3 sections, but when i press the Create Account 
button it show me the following error message:


*Warning*: ldap_add() [function.ldap-add
]:
Add: Internal (implementation specific) error in
*/usr/share/ldap-account-manager/lib/modules.inc* on line *1401
*


  Can't create the DN:
  cn=domainadmins,ou=group,dc=skull-one,dc=com,dc=ar.

Internal (implementation specific) error

I don't undertand what mean the 1401 line code in  modules.inc file, 
searching in google i don't find information, onle a person who advises 
to use a old samba.schema version, i have the version which come with 
debian packet 3.0.26a and i downloaded the versions 3.0.25, 3.0.24 and 
3.0.23 but i had no luck, the problem continues there.


- PHPLDAPADMIN
In left menu, in ou=group section i press Create New Object button, i 
select Posix Group, i complete form with group name and GID and then 
press Proceed>> button. Then Create Object and i obtain the following 
error:



  Error

Can't add object to LDAP server.

LDAP sais: Internal (implementation specific) error
Error number: 0x50 (LDAP_OTHER)
Descripción: .

Searching in google i don't find any information about this error number.

I would be thankful if someone could help me with this problem.

Best regards
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problems clarified, in relation to MS ADS.

[Greg Folkert]

I am subscribed to another list for the Exim MTA.

I have been experiencing a similar problem to it for quite a long time.
I believe the patch supplied by Alain Williams <[EMAIL PROTECTED]> and
his discussion on the list mail could be quote relevant to Samba.

Here is the start of the thread.

http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20060710/msg00077.html

Any comments?
-- 
greg, [EMAIL PROTECTED]

The technology that is 
Stronger, Better, Faster: Linux

Use Debian GNU/Linux, its a bazaar thing

NOTICE: Due to Presidential Executive Orders, the 
National Security Agency may have read this email 
without warning, warrant, or notice, and certainly 
without probable cause. They may do this without 
any judicial or legislative oversight. You have no 
recourse nor protection.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problems

[Jean-Michel Caricand]

Hi,
I have a problem with LDAP authentication. I get this message : "session 
setup failed: NT_STATUS_LOGON_FAILURE".

When I use pdbedit -vL, I show my user :
---
Unix username:  ludovic
NT username: ludovic
Account Flags:[U  ]
User SID: S-1-5-21-2410119784-3732853825-1293486731-3000
Primary Group SID:S-1-5-21-2410119784-3732853825-1293486731-513
Full Name:   System User
Home Directory:  \\noisette\ludovic
HomeDir Drive:   Z:
Logon Script:  ludovic.cmd
Profile Path:\\noisette\profiles\ludovic
Domain:  AURIGE
Account desc: System User
Workstations:
Munged dial: 
Logon time:0
Logoff time:Tue, 19 Jan 2038 03:14:07 GMT
Kickoff time:   Tue, 19 Jan 2038 03:14:07 GMT
Password last set:  Sat, 26 Mar 2005 05:21:20 GMT
Password can change:  0
Password must change: Sun, 03 Jul 2005 05:21:20 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

Any ideas ?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP problems: samba searches whole database

[werner maes]

Hello
I use samba-3.0.7 & openldap 2.2.13. When I try to join a machine-account 
to the domain, I always get the message "the specified user does not exist".

What happens?
when I try to join, it seems like the whole samba database is being searched.
ldap.log (below)
Oct 15 17:25:30 linsam-15 slapd[3079]: => access_allowed: search access to 
"uid=u00,ou=staff,o=kuleuven,c=be" "sambaSID" requested
Oct 15 17:25:30 linsam-15 slapd[3079]: <= root access granted
Oct 15 17:25:30 linsam-15 slapd[3079]: => access_allowed: search access to 
"uid=u00,ou=staff,o=kuleuven,c=be" "sambaSID" requested
Oct 15 17:25:30 linsam-15 slapd[3079]: <= root access granted
Oct 15 17:25:30 linsam-15 slapd[3079]: => access_allowed: search access to 
"uid=u00,ou=staff,o=kuleuven,c=be" "sambaSID" requested
Oct 15 17:25:30 linsam-15 slapd[3079]: <= root access granted
Oct 15 17:25:30 linsam-15 slapd[3079]: => access_allowed: search access to 
"uid=u00,ou=staff,o=kuleuven,c=be" "sambaSID" requested

in var/log/messages: I receive a time-out message.
Oct 15 17:25:30 linsam-15 smbd[3098]: [2004/10/15 17:25:30, 0] 
lib/smbldap.c:smbldap_search_suffix(1101)
Oct 15 17:25:30 linsam-15 smbd[3098]:   smbldap_search_suffix: Problem 
during the LDAP search: (unknown) (Timed out)

any ideas as what may cause this?
thanks
werner maes 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba