Re: [Samba] Re: LDAP unable to add Idmap
What is SCO unix ?? I'm kinda new to Linux and I don't really understand it, what is nmap ?? how do I use it ?? sorry if it's a dumb question, I don't think I have a problem with a firewall, as I never set any firewall - Original Message - From: Jim C. [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 4:01 PM Subject: Re: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match, | one was group and the other was groups, any way my problem now is I can't | login to the domain after succesfully joining the domain from a W2K | workstation, Domain not available, should I user another subject for this | problem, Definately. Check your ports and make sure you have your firewalls down. nmap is a good tool for checking this. You never answered my question about why you are using SCO Unix. I assume it has something to do with vendor lock-in or some such? Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5jjvB4AhF6wVFMERAvghAKDBMj0yzefbjsjrW/8SS7D+sxTCJACfT/VP +zuL5qAjLuV0LbRULENZMTs= =rPHX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP unable to add Idmap
I used the schema from the samba source, and for the rest of it I just followed the samba by example chapter 6, anyway here's my smb.conf : [global] unix charset = LOCALE workgroup = VALHALLA netbios name = VALKYRIE interfaces = eth0, lo passdb backend = ldapsam:ldap://192.168.88.2 username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = lpstat show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon path = domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=test,dc=co,dc=id ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap suffix = dc=test,dc=co,dc=id ldap user suffix = ou=People idmap backend = ldap:ldap://192.168.88.2 idmap uid = 1-2 idmap gid = 1-2 printer admin = Administrator, adi map acl inherit = Yes printing = cups print command = /usr/bin/lp -d '%p' %s; rm %s lpq command = /usr/bin/lpstat -o '%p' lprm command = /usr/bin/cancel '%p-%j' lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = /usr/bin/disable '%p' queueresume command = /usr/bin/enable '%p' and here's the slapd.conf include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/java.schema include /usr/share/openldap/schema/krb5-kdc.schema include /usr/share/openldap/schema/kerberosobject.schema include /usr/share/openldap/schema/misc.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/autofs.schema include /usr/share/openldap/schema/samba.schema include /usr/share/openldap/schema/kolab.schema include /etc/openldap/schema/local.schema pidfile /var/run/ldap/slapd.pid argsfile/var/run/ldap/slapd.args modulepath /usr/lib/openldap TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem TLSCACertificateFile/etc/ssl/openldap/ldap.pem loglevel 256 ### # database definitions ### databasebdb suffix dc=test,dc=co,dc=id #suffix o=My Organization Name,c=US rootdn cn=Manager,dc=test,dc=co,dc=id #rootdn cn=Manager,o=My Organization Name,c=US # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw{crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessable by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Indices to maintain #index objectClass eq #index objectClass,uid,uidNumber,gidNumber eq #index cn,mail,surname,givenname eq,subinitial index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub anything wrong with this ??? and this is the output from smbclient : Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] tree connect failed: NT_STATUS_BAD_NETWORK_NAME - Original Message - From: Jim C. [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, January 12, 2005 1:18 PM Subject: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think either you are getting your objectClasses messed up somehow or you have a messed up schema somewhere. Post the information you are trying to add
Re: [Samba] Re: LDAP unable to add Idmap
I Just noticed that the smbldap-tools didn't fill in the groups accounts in the linux group file, any idea why this is ?? - Original Message - From: Adi Nugraha [EMAIL PROTECTED] To: samba@lists.samba.org; Jim C. [EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 3:06 PM Subject: Re: [Samba] Re: LDAP unable to add Idmap I used the schema from the samba source, and for the rest of it I just followed the samba by example chapter 6, anyway here's my smb.conf : [global] unix charset = LOCALE workgroup = VALHALLA netbios name = VALKYRIE interfaces = eth0, lo passdb backend = ldapsam:ldap://192.168.88.2 username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = lpstat show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon path = domain logons = Yes preferred master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=test,dc=co,dc=id ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap suffix = dc=test,dc=co,dc=id ldap user suffix = ou=People idmap backend = ldap:ldap://192.168.88.2 idmap uid = 1-2 idmap gid = 1-2 printer admin = Administrator, adi map acl inherit = Yes printing = cups print command = /usr/bin/lp -d '%p' %s; rm %s lpq command = /usr/bin/lpstat -o '%p' lprm command = /usr/bin/cancel '%p-%j' lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = /usr/bin/disable '%p' queueresume command = /usr/bin/enable '%p' and here's the slapd.conf include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/java.schema include /usr/share/openldap/schema/krb5-kdc.schema include /usr/share/openldap/schema/kerberosobject.schema include /usr/share/openldap/schema/misc.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/autofs.schema include /usr/share/openldap/schema/samba.schema include /usr/share/openldap/schema/kolab.schema include /etc/openldap/schema/local.schema pidfile /var/run/ldap/slapd.pid argsfile/var/run/ldap/slapd.args modulepath /usr/lib/openldap TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem TLSCACertificateFile/etc/ssl/openldap/ldap.pem loglevel 256 ### # database definitions ### databasebdb suffix dc=test,dc=co,dc=id #suffix o=My Organization Name,c=US rootdn cn=Manager,dc=test,dc=co,dc=id #rootdn cn=Manager,o=My Organization Name,c=US # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw{crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessable by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Indices to maintain #index objectClass eq #index objectClass,uid,uidNumber,gidNumber eq #index cn,mail,surname,givenname eq,subinitial index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub anything wrong with this ??? and this is the output from smbclient : Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9
Re: [Samba] Re: LDAP unable to add Idmap
thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match, one was group and the other was groups, any way my problem now is I can't login to the domain after succesfully joining the domain from a W2K workstation, Domain not available, should I user another subject for this problem, - Original Message - From: Jim C. [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 12:33 AM Subject: Re: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I Just noticed that the smbldap-tools didn't fill in the groups accounts in | the linux group file, any idea why this is ?? You mean the smbldap-populate script? My guess is that either the LDAP acls prevented it or the setting in smbldap_conf.pm for groups was wrong. I had a lot of trouble with this because I kept using ou=oup or ou=oup rather than ou=oups. The setting must be exactly the same everywhere our there will be trouble. Jim C. P.S. Just out of curiosity why are you using SCO Unix if you don't mind my asking? - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC Mlb80tpMBqtBoP5D4wQDtaoÝq2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP unable to add Idmap
the workstation is there, I don't think it's from the user / machine accounts though, when I tried smbclint -L localhost -U% it returns : Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9] tree connect failed: NT_STATUS_BAD_NETWORK_NAME I don't really understand why, before when I setup a PDC with tdbsam backend this never happened to me Everything worked great, now - Original Message - From: Fiordilino, Rudy [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 10:17 AM Subject: RE: [Samba] Re: LDAP unable to add Idmap Adi, I would check to see that there is an entry for the w2k workstation in /etc/password. I had a similar issue during a migration. Cheers, Rudy -Original Message- From: Adi Nugraha [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 12, 2005 9:57 PM To: Jim C. Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Re: LDAP unable to add Idmap thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match, one was group and the other was groups, any way my problem now is I can't login to the domain after succesfully joining the domain from a W2K workstation, Domain not available, should I user another subject for this problem, - Original Message - From: Jim C. [EMAIL PROTECTED] To: Adi Nugraha [EMAIL PROTECTED] Sent: Thursday, January 13, 2005 12:33 AM Subject: Re: [Samba] Re: LDAP unable to add Idmap -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I Just noticed that the smbldap-tools didn't fill in the groups accounts in | the linux group file, any idea why this is ?? You mean the smbldap-populate script? My guess is that either the LDAP acls prevented it or the setting in smbldap_conf.pm for groups was wrong. I had a lot of trouble with this because I kept using ou=oup or ou=oup rather than ou=oups. The setting must be exactly the same everywhere our there will be trouble. Jim C. P.S. Just out of curiosity why are you using SCO Unix if you don't mind my asking? - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC Mlb80tpMBqtBoP5D4wQDtaoÝq2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP unable to add Idmap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think either you are getting your objectClasses messed up somehow or you have a messed up schema somewhere. Post the information you are trying to add. Actually, I don't understand why this must be done at all. For me at least, Samba usually does idmaps automagically if it's settings are correct in smb.conf. |I'm trying to setup a Samba with ldap backend, I followed tha samba by |example chapter 6, followed the instcution in the book, and when it says Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW 6N/chSp7aSA2wGboCyEq4/A= =zeI7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba