subject:"\[Samba\] SAMBA\/PDC \+ LDAP HELP please\?"

Re: [Samba] SAMBA/PDC + LDAP HELP please?

2005-10-06 Thread Ryan Braun [ADS]

On October 5, 2005 06:28 pm, Ryan Taylor wrote:

Error 49 from the slapd docs is an invalid credentials error.  So you're 
problem will be in the libnss config file /etc/ldap.conf not 
in /etc/ldap/ldap.conf.  Check to make sure that both binddn and rootdn are 
defined in the file and make sure that you have the proper rootdn password 
in /etc/ldap.secret ie.

binddn cn=nss,ou=Admins,dc=x
bindpw ldap

rootbinddn cn=root,dc=x

You can also run ethereal to see what is getting sent down the wire as long as 
you turn ssl/tls off.  It's pretty handy for figuring out stuff like this 
out.

Ryan




> More information... below is my log after running "getent group | grep
> Domain"
> thank you -ryan
>
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 ACCEPT from IP=
> 127.0.0.1:32894 
> (IP=0.0.0.0:389 )
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 BIND
> dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 RESULT tag=97 err=49
> text=
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=1 UNBIND
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 closed
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 ACCEPT from IP=
> 127.0.0.1:32895 
> (IP=0.0.0.0:389 )
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 BIND
> dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 RESULT tag=97 err=49
> text=
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=1 UNBIND
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 closed
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SAMBA/PDC + LDAP HELP please?

2005-10-05 Thread Guille


Hi,
If you are using Fedora and have selinux enabled for your build, at the
console "setenforce 0", and then try getent. If successful, I would suggest
modifying selinux policy to accommodate the need for access.

Just a thought,
Guille

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ryan Taylor
Sent: Wednesday, October 05, 2005 4:29 PM
To: samba@lists.samba.org
Subject: [Samba] SAMBA/PDC + LDAP HELP please?

More information... below is my log after running "getent group | grep
Domain"
thank you -ryan

Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 ACCEPT from IP=
127.0.0.1:32894 <http://127.0.0.1:32894> (IP=0.0.0.0:389<http://0.0.0.0:389>
)
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 BIND
dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 RESULT tag=97 err=49
text=
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=1 UNBIND
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 closed
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 ACCEPT from IP=
127.0.0.1:32895 <http://127.0.0.1:32895> (IP=0.0.0.0:389<http://0.0.0.0:389>
)
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 BIND
dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 RESULT tag=97 err=49
text=
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=1 UNBIND
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 closed
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA/PDC + LDAP HELP please?

2005-10-05 Thread Craig White

On Wed, 2005-10-05 at 19:28 -0400, Ryan Taylor wrote:
> More information... below is my log after running "getent group | grep
> Domain"
> thank you -ryan
> 
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 ACCEPT from IP=
> 127.0.0.1:32894  (IP=0.0.0.0:389
> )
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 BIND
> dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 RESULT tag=97 err=49
> text=
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=1 UNBIND
> Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 closed
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 ACCEPT from IP=
> 127.0.0.1:32895  (IP=0.0.0.0:389
> )
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 BIND
> dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 RESULT tag=97 err=49
> text=
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=1 UNBIND
> Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 closed

err=49 means bad credentials

smbpasswd -w Password_of_ldap_admin_as_defined_in_smb.conf

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA/PDC + LDAP HELP please?

2005-10-05 Thread Ryan Taylor

More information... below is my log after running "getent group | grep
Domain"
thank you -ryan

Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 ACCEPT from IP=
127.0.0.1:32894  (IP=0.0.0.0:389
)
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 BIND
dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=0 RESULT tag=97 err=49
text=
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 op=1 UNBIND
Oct 5 19:25:04 beefylinux slapd[3320]: conn=0 fd=11 closed
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 ACCEPT from IP=
127.0.0.1:32895  (IP=0.0.0.0:389
)
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 BIND
dn="cn=Manager,ou=DSA,dc=beefylinux,dc=com" method=128
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=0 RESULT tag=97 err=49
text=
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 op=1 UNBIND
Oct 5 19:26:38 beefylinux slapd[3320]: conn=1 fd=11 closed
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA/PDC + LDAP HELP please?

2005-10-05 Thread Ryan Taylor

Thank you to John Terpstra and his book "Samba-3 by Example" I have made
great strides. Seems like I am one step away... which is getting the system
to check ldap, which it seems to be ignoring. Has anyone has this problem? I
ran "authconfig" and told it to you ldap as well as edited the
nsswitch.confto "files ldap" where supposed to be. But every "getent"
command just pulls
system info and nothing from ldap... is this a redhat specific problem
maybe?

Thank you for suggestions,
Ryan Taylor
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA/PDC + LDAP HELP please?

2005-10-04 Thread John H Terpstra

On Tuesday 04 October 2005 15:49, Ryan Taylor wrote:
> Hi, I have been trying to work this out on my own now for about a week
> and feel like I am so close..haha. I have samba setup as a PDC and in
> theory authenticating users through openLDAP with the use of
> smbldap-tools by IDEALX. I have checked the windows registry fix, but
> still no luck. When I try to join the domain as root, I get the error:
> "Username could not be found"
>
> Any help would be greatly, greatly appreciated as I am at the end of my
> time to get this job done. I don't need encryption and don't mind if
> everything is plain text..(security not issue yet)
>
> I have included all configs i believe are important (minus the comments
> to make them shorter) please let me know if I can provide anything
> else!

Ryan,

I spent a lot of time writing a book that documents how to make Samba-3 do 
what users want it to do. The book is called "Samba-3 by Example". It is 
available from Amazon.Com and has ISBN 013188221X. Alternatively, you can 
download the PDF from:

http://www.samba.org/samba/docs/Samba3-ByExample.pdf

Chapter 5 comprehensively documents Samba-3 plus OpenLDAP. If the information 
does not meet your needs please let me know so I can fix it. I dispise 
documentation that is inadequate or ineffective, so any help you can give me 
to make this book more useful and more helpful is most welcome.

Cheers,
John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA/PDC + LDAP HELP please?

2005-10-04 Thread Ryan Taylor

Hi, I have been trying to work this out on my own now for about a week
and feel like I am so close..haha. I have samba setup as a PDC and in
theory authenticating users through openLDAP with the use of
smbldap-tools by IDEALX. I have checked the windows registry fix, but
still no luck. When I try to join the domain as root, I get the error:
"Username could not be found"

Any help would be greatly, greatly appreciated as I am at the end of my
time to get this job done. I don't need encryption and don't mind if
everything is plain text..(security not issue yet)

I have included all configs i believe are important (minus the comments
to make them shorter) please let me know if I can provide anything
else!

Thank you in advance for your time,
Ryan Taylor
[EMAIL PROTECTED]

** ***
/ETC/SAMBA/SMB.CONF
**
#=== Global Settings
=
[global]
workgroup = BEEFY-NT
netbios name = PDC-SRV
#enable privileges = yes
interfaces = 192.168.0.69 
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
ldap passwd sync = Yes
log level = 2
syslog = 2
log file = /var/log/samba/log.%m
max log size = 10
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

logon script = logon.bat
logon drive = H:
logon home =
logon path =

domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.beefylinux.com"; 
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=beefylinux,dc=com
ldap suffix = dc=beefylinux,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
#ldap ssl = start_tls
add user script = /usr/local/sbin/smbldap-useradd =m "%u"
ldap delete dn = Yes
#delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
#delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g"
"%u"

# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = no

[netlogon]
path = /home/netlogon/
browseable = No
read only = yes

[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"


[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j

[print$]
path = /home/printers
printer admin = @"Print Operators"
guest ok = yes
browseable = Yes
read only = Yes
valid users = @"Printer Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775

[public]
comment = Repertoire public
path = /home/public
browseable = Yes
guest ok = Yes
read only = No
directory mask = 0775
create mask = 0664

*
/etc/LDAP.CONF
*
# @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $
#
# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#
# PADL Software
# http://www.padl.com
#
host 127.0.0.1 
base dc=beefylinux,dc=com

rootbinddn cn=manager,ou=DSA,dc=beefylinux,dc=co

Re: [Samba] SAMBA/PDC + LDAP HELP please?

RE: [Samba] SAMBA/PDC + LDAP HELP please?

Re: [Samba] SAMBA/PDC + LDAP HELP please?

[Samba] SAMBA/PDC + LDAP HELP please?

[Samba] SAMBA/PDC + LDAP HELP please?

Re: [Samba] SAMBA/PDC + LDAP HELP please?

[Samba] SAMBA/PDC + LDAP HELP please?

7 matches

Site Navigation

Mail list logo

Footer information