subject:"\[Samba\] Re\: LDAP unable to add Idmap"

Re: [Samba] Re: LDAP unable to add Idmap

2005-01-13 Thread Adi Nugraha

What is SCO unix ?? I'm kinda new to Linux and I don't really understand it,
what is nmap ?? how do I use it ?? sorry if it's a dumb question, I don't
think I have a problem with a firewall, as I never set any firewall

- Original Message -
From: Jim C. [EMAIL PROTECTED]
To: Adi Nugraha [EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 4:01 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 | thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't
 match,
 | one was group and the other was groups, any way my problem now is I
can't
 | login to the domain after succesfully joining the domain from a W2K
 | workstation, Domain not available, should I user another subject for
 this
 | problem,

 Definately.

 Check your ports and make sure you have your firewalls down.
 nmap is a good tool for checking this.

 You never answered my question about why you are using SCO Unix.  I
 assume it has something to do with vendor lock-in or some such?

 Jim C.
 - --
 - -
 | I can be reached on the following Instant Messenger services: |
 |---|
 | MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
 |---|
 | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz |
 - -
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.5 (MingW32)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iD8DBQFB5jjvB4AhF6wVFMERAvghAKDBMj0yzefbjsjrW/8SS7D+sxTCJACfT/VP
 +zuL5qAjLuV0LbRULENZMTs=
 =rPHX
 -END PGP SIGNATURE-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP unable to add Idmap

2005-01-12 Thread Adi Nugraha

I used the schema from the samba source, and for the rest of it I just
followed the samba by example chapter 6, anyway here's my smb.conf :

[global]
unix charset = LOCALE
workgroup = VALHALLA
netbios name = VALKYRIE
interfaces = eth0, lo
passdb backend = ldapsam:ldap://192.168.88.2
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = lpstat
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon path =
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap suffix = dc=test,dc=co,dc=id
ldap user suffix = ou=People
idmap backend = ldap:ldap://192.168.88.2
idmap uid = 1-2
idmap gid = 1-2
printer admin = Administrator, adi
map acl inherit = Yes
printing = cups
print command = /usr/bin/lp -d '%p' %s; rm %s
lpq command = /usr/bin/lpstat -o '%p'
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'


and here's the slapd.conf

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /etc/openldap/schema/local.schema

pidfile /var/run/ldap/slapd.pid
argsfile/var/run/ldap/slapd.args

modulepath  /usr/lib/openldap

TLSCertificateFile  /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
TLSCACertificateFile/etc/ssl/openldap/ldap.pem
loglevel 256

###
# database definitions
###

databasebdb
suffix  dc=test,dc=co,dc=id
#suffix o=My Organization Name,c=US
rootdn  cn=Manager,dc=test,dc=co,dc=id
#rootdn cn=Manager,o=My Organization Name,c=US

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw  secret
# rootpw{crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory   /var/lib/ldap


# Indices to maintain
#index  objectClass eq
#index  objectClass,uid,uidNumber,gidNumber eq
#index  cn,mail,surname,givenname   eq,subinitial
index   objectClass eq
index   cn pres,sub,eq
index   sn pres,sub,eq
index   uid pres,sub,eq
index   displayName pres,sub,eq
index   uidNumber eq
index   gidNumber eq
index   memberUID eq
index   sambaSID eq
index   sambaPrimaryGroupSID eq
index   sambaDomainName eq
index   default sub


anything wrong with this ??? and this is the output from smbclient :

Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME





- Original Message -
From: Jim C. [EMAIL PROTECTED]
To: samba@lists.samba.org
Sent: Wednesday, January 12, 2005 1:18 PM
Subject: [Samba] Re: LDAP unable to add Idmap


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 I think either you are getting your objectClasses messed up somehow or
 you have a messed up schema somewhere. Post the information you are
 trying to add

Re: [Samba] Re: LDAP unable to add Idmap

2005-01-12 Thread Adi Nugraha

I Just noticed that the smbldap-tools didn't fill in the groups accounts in
the linux group file, any idea why this is ??
- Original Message -
From: Adi Nugraha [EMAIL PROTECTED]
To: samba@lists.samba.org; Jim C. [EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 3:06 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


 I used the schema from the samba source, and for the rest of it I just
 followed the samba by example chapter 6, anyway here's my smb.conf :

 [global]
 unix charset = LOCALE
 workgroup = VALHALLA
 netbios name = VALKYRIE
 interfaces = eth0, lo
 passdb backend = ldapsam:ldap://192.168.88.2
 username map = /etc/samba/smbusers
 log level = 1
 syslog = 0
 log file = /var/log/samba/%m
 max log size = 50
 smb ports = 139 445
 name resolve order = wins bcast hosts
 time server = Yes
 printcap name = lpstat
 show add printer wizard = No
 add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m
'%u'
 delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
 add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
 delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
 add user to group script =
 /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
 delete user from group script =
 /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
 set primary group script =
/var/lib/samba/sbin/smbldap-usermod.pl -g
 '%g' '%u'
 add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w
'%u'
 logon path =
 domain logons = Yes
 preferred master = Yes
 wins support = Yes
 ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap machine suffix = ou=People
 ldap suffix = dc=test,dc=co,dc=id
 ldap user suffix = ou=People
 idmap backend = ldap:ldap://192.168.88.2
 idmap uid = 1-2
 idmap gid = 1-2
 printer admin = Administrator, adi
 map acl inherit = Yes
 printing = cups
 print command = /usr/bin/lp -d '%p' %s; rm %s
 lpq command = /usr/bin/lpstat -o '%p'
 lprm command = /usr/bin/cancel '%p-%j'
 lppause command = lp -i '%p-%j' -H hold
 lpresume command = lp -i '%p-%j' -H resume
 queuepause command = /usr/bin/disable '%p'
 queueresume command = /usr/bin/enable '%p'


 and here's the slapd.conf

 include /usr/share/openldap/schema/core.schema
 include /usr/share/openldap/schema/cosine.schema
 include /usr/share/openldap/schema/corba.schema
 include /usr/share/openldap/schema/inetorgperson.schema
 include /usr/share/openldap/schema/java.schema
 include /usr/share/openldap/schema/krb5-kdc.schema
 include /usr/share/openldap/schema/kerberosobject.schema
 include /usr/share/openldap/schema/misc.schema
 include /usr/share/openldap/schema/nis.schema
 include /usr/share/openldap/schema/openldap.schema
 include /usr/share/openldap/schema/autofs.schema
 include /usr/share/openldap/schema/samba.schema
 include /usr/share/openldap/schema/kolab.schema
 include /etc/openldap/schema/local.schema

 pidfile /var/run/ldap/slapd.pid
 argsfile/var/run/ldap/slapd.args

 modulepath  /usr/lib/openldap

 TLSCertificateFile  /etc/ssl/openldap/ldap.pem
 TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
 TLSCACertificateFile/etc/ssl/openldap/ldap.pem
 loglevel 256

 ###
 # database definitions
 ###

 databasebdb
 suffix  dc=test,dc=co,dc=id
 #suffix o=My Organization Name,c=US
 rootdn  cn=Manager,dc=test,dc=co,dc=id
 #rootdn cn=Manager,o=My Organization Name,c=US

 # Cleartext passwords, especially for the rootdn, should
 # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
 # Use of strong authentication encouraged.
 rootpw  secret
 # rootpw{crypt}ijFYNcSNctBYg

 # The database directory MUST exist prior to running slapd AND
 # should only be accessable by the slapd/tools. Mode 700 recommended.
 directory   /var/lib/ldap


 # Indices to maintain
 #index  objectClass eq
 #index  objectClass,uid,uidNumber,gidNumber eq
 #index  cn,mail,surname,givenname   eq,subinitial
 index   objectClass eq
 index   cn pres,sub,eq
 index   sn pres,sub,eq
 index   uid pres,sub,eq
 index   displayName pres,sub,eq
 index   uidNumber eq
 index   gidNumber eq
 index   memberUID eq
 index   sambaSID eq
 index   sambaPrimaryGroupSID eq
 index   sambaDomainName eq
 index   default sub


 anything wrong with this ??? and this is the output from smbclient :

 Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9

Re: [Samba] Re: LDAP unable to add Idmap

2005-01-12 Thread Adi Nugraha

thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match,
one was group and the other was groups, any way my problem now is I can't
login to the domain after succesfully joining the domain from a W2K
workstation, Domain not available, should I user another subject for this
problem,


- Original Message -
From: Jim C. [EMAIL PROTECTED]
To: Adi Nugraha [EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 12:33 AM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

| I Just noticed that the smbldap-tools didn't fill in the groups
accounts in
| the linux group file, any idea why this is ??

You mean the smbldap-populate script?  My guess is that either the LDAP
acls prevented it or the setting in smbldap_conf.pm for groups was
wrong. I had a lot of trouble with this because I kept using ou=oup or
ou=oup rather than ou=oups.  The setting must be exactly the same
everywhere our there will be trouble.

Jim C.

P.S. Just out of curiosity why are you using SCO Unix if you don't mind
my asking?
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz |
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC
Mlb80tpMBqtBoP5D4wQDtaoÝq2
-END PGP SIGNATURE-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP unable to add Idmap

2005-01-12 Thread Adi Nugraha

the workstation is there, I don't think it's from the user / machine
accounts though, when I tried smbclint -L localhost -U% it returns :

Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

I don't really understand why, before when I setup a PDC with tdbsam backend
this never happened to me
Everything worked great, now


- Original Message -
From: Fiordilino, Rudy [EMAIL PROTECTED]
To: Adi Nugraha [EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 10:17 AM
Subject: RE: [Samba] Re: LDAP unable to add Idmap


Adi,

I would check to see that there is an entry for the w2k workstation in
/etc/password. I had a similar issue during a migration.

Cheers,

Rudy

-Original Message-
From: Adi Nugraha [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 9:57 PM
To: Jim C.
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Re: LDAP unable to add Idmap

thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match,
one was group and the other was groups, any way my problem now is I can't
login to the domain after succesfully joining the domain from a W2K
workstation, Domain not available, should I user another subject for this
problem,


- Original Message -
From: Jim C. [EMAIL PROTECTED]
To: Adi Nugraha [EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 12:33 AM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

| I Just noticed that the smbldap-tools didn't fill in the groups
accounts in
| the linux group file, any idea why this is ??

You mean the smbldap-populate script?  My guess is that either the LDAP
acls prevented it or the setting in smbldap_conf.pm for groups was
wrong. I had a lot of trouble with this because I kept using ou=oup or
ou=oup rather than ou=oups.  The setting must be exactly the same
everywhere our there will be trouble.

Jim C.

P.S. Just out of curiosity why are you using SCO Unix if you don't mind
my asking?
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz |
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC
Mlb80tpMBqtBoP5D4wQDtaoÝq2
-END PGP SIGNATURE-


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: LDAP unable to add Idmap

2005-01-11 Thread Jim C.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think either you are getting your objectClasses messed up somehow or
you have a messed up schema somewhere. Post the information you are
trying to add.
Actually, I don't understand why this must be done at all.  For me at
least, Samba usually does idmaps automagically if it's settings are
correct in smb.conf.
|I'm trying to setup a Samba with ldap backend, I followed tha samba by
|example chapter 6, followed the instcution in the book, and when it says
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW
6N/chSp7aSA2wGboCyEq4/A=
=zeI7
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP unable to add Idmap

Re: [Samba] Re: LDAP unable to add Idmap

Re: [Samba] Re: LDAP unable to add Idmap

Re: [Samba] Re: LDAP unable to add Idmap

Re: [Samba] Re: LDAP unable to add Idmap

[Samba] Re: LDAP unable to add Idmap

6 matches

Site Navigation

Mail list logo

Footer information