Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Natxo Asenjo wrote: On 3/4/06, John H Terpstra <[EMAIL PROTECTED]> wrote: I'd be delighted if someone steps forward with an offer to take over responsibility for maintenance and improvement of the documentation. Its about time for a more capable and more enthusiastic person to have a go. Please allow me rush to step aside. :-) for what it's worth: THANKS!!! for all your efforts with this documentation. I bought the book, I know of lots of people who have working samba domains thanks to your work. Will you write such a piece for the new samba version? I truly hope so, although if you do not I will certainly understand and respect your decision. And again: thanks a lot for your work. Agreed, I can't say thanks enough. I've purchased both editions of the How-To and By-Example to support your efforts. Both books match up with Samba for quality, and I'll continue to point people at both volumes for any Samba questions that come up. Eric -- Eric Feldhusen System Administrator http://www.remc1.org [EMAIL PROTECTED] PO Box 270 (906) 482-4520 x239 809 Hecla St(906) 482-5031 fax Hancock, MI 49930 (906) 370 6202 mobile -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On 3/4/06, John H Terpstra <[EMAIL PROTECTED]> wrote: > > > I'd be delighted if someone steps forward with an offer to take over > responsibility for maintenance and improvement of the documentation. Its > about time for a more capable and more enthusiastic person to have a go. > Please allow me rush to step aside. :-) > for what it's worth: THANKS!!! for all your efforts with this documentation. I bought the book, I know of lots of people who have working samba domains thanks to your work. Will you write such a piece for the new samba version? I truly hope so, although if you do not I will certainly understand and respect your decision. And again: thanks a lot for your work. -- Groeten, J.Asenjo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Thursday 02 March 2006 23:15, Craig White wrote: > On Thu, 2006-03-02 at 22:38 -0600, John H Terpstra wrote: > > > I think you should follow Craig's advice, get your hands on a copy of > > > "LDAP System Administration", and go through it carefully. LDAP is a > > > wonderful enabling technology, but if you don't understand how it > > > works, you'll get terrible performance, and risk exposing private data. > > > > I have no argument with this advice - but please be careful that you do > > not needlessly scare people off from using LDAP. > > > I was wondering if you dropped off the face of this planet since I knew > you wouldn't take his commentary well. I started employment with AMD in January based in Austin, Texas. I've been very much swamped since December. I'll get back to the documentation when I come up for oxygen. > My biggest concern isn't necessarily for performance or exposing data as > much as having a user who relies upon a technology that provides > essential user/group authentication services as well as configuration > information and can neither comprehend nor maintain it and when you know > what hits the fan, that user is ill equipped to solve the problem. > > No one should be scared away from using LDAP and the samba documentation > clearly gives enough information to permit someone to integrate samba in > an LDAP environment but the samba documentation doesn't suggest that you > can use LDAP on your domain without getting a reasonably rounded > education on using LDAP itself. Some people have that erroneous > expectation. I have received a number of emails from people who used the Samba documentation - some of it is rude and some is most appreciative. I can handle criticism if it is valid. The documentation is in open SVN. Anyone can contribute patches - and those who contribute get recognition for their work. When I released the documentation to public CVS, and then to SVN, I made a conscious decision to disown my own work. I want to encourage people to contribute improvements to the documentation. There have been a few contributions - but most people just like to poke holes even where they do not exist. Samba3 by Example is not a book on LDAP. It has a well defined purpose and meets its goals. If anyone wishes to contribute systematic changes that converts the whole book to a new set of goals and objectives I will not object one bit. As far as I am concerned, the source is open and our users are far more experienced and much smarter than I am. Please, please make the problem go away if you feel inclined to do so. I'd be delighted if someone steps forward with an offer to take over responsibility for maintenance and improvement of the documentation. Its about time for a more capable and more enthusiastic person to have a go. Please allow me rush to step aside. :-) Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin)
On Sat, 2006-03-04 at 00:25 +1100, adrian sender wrote: > Well I am glad that there has been alot of input on this topic, alot of > people are having different opinions but that is because we are not focusing > with the problem at hand. > > The documentation provides full details on how to get samba + ldap working > from scratch; but there seems to be a gap between chapter 5 & 6; > > Once again I will say I love this book; by far the best technical reference > manaual available for samba and highly recommend it. > > Chapter 6, is it assumeing we are starting fresh here, because the ldap > database is placed in a different directory to what was in chapter 5 > slapd.conf? > > Questions; > > 1. If it is assumeing that we are starting from scratch; all configuration > files are to that of the documentation - why will the database not populate > with the smbldap-tools using sambaadmin? > > 2. If I change sambaadmin to Manager all works fine; is there anything wrong > with doing this. > > 3. I am not interested in learning ldap and its complexities, otherwise I > would not have bothered using ldap, samba 3 by example provides simple steps > - however this step I am stuck with. > > 4. A solution ? > > For over a year now I have worked around this by using Manager in place of > sambaadmin - but it is time for me to get to the bottom of this so I can > start with another problem and move on to testing samba4. > > All your help and time is greatly appreciated. the reason you can't get past it is inherent in your 'question 3' which of course isn't a question at all. If you aren't interested in learning LDAP - don't use it. Perhaps with Samba 4, you can use LDAP without knowing a thing about it much as you can in a Windows AD but definitely not Samba 3 and OpenLDAP - there is no close my eyes and hope it works scenario that is going to work because the worst thing you can ever do is get lucky and make it work and then depend upon it to work because it will break and you won't be able to fix it. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin)
Well I am glad that there has been alot of input on this topic, alot of people are having different opinions but that is because we are not focusing with the problem at hand. The documentation provides full details on how to get samba + ldap working from scratch; but there seems to be a gap between chapter 5 & 6; Once again I will say I love this book; by far the best technical reference manaual available for samba and highly recommend it. Chapter 6, is it assumeing we are starting fresh here, because the ldap database is placed in a different directory to what was in chapter 5 slapd.conf? Questions; 1. If it is assumeing that we are starting from scratch; all configuration files are to that of the documentation - why will the database not populate with the smbldap-tools using sambaadmin? 2. If I change sambaadmin to Manager all works fine; is there anything wrong with doing this. 3. I am not interested in learning ldap and its complexities, otherwise I would not have bothered using ldap, samba 3 by example provides simple steps - however this step I am stuck with. 4. A solution ? For over a year now I have worked around this by using Manager in place of sambaadmin - but it is time for me to get to the bottom of this so I can start with another problem and move on to testing samba4. All your help and time is greatly appreciated. Thanks. Adrian. From: "adrian sender" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin) Date: Fri, 03 Mar 2006 11:49:25 +1100 I have this in my slap.conf as per the docs; access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by * none Should that work? From: "Yanick Durant" <[EMAIL PROTECTED]> To: "adrian sender" <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET) You need to give enough rights to your "sambaadmin" to allow him to write to the ldap repository for adding users, and updating information. Ie : This kind of access rule inside your slapd.conf these line need to be after the database tag in the config file. This will also allow user to change their password access to attr=userPassword,sambaLMPassword,sambaNTPassword by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by anonymous auth by * none # The admin dn has full write access access to * by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by * read Regards, Yanick Durant > I will try to explain my situtation a little better so other can > understand. > > I am sticking to the documentation, (samba 3 by example by jht) excellent > book!; > > So here is where I am at; > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per > the documentation chapter 6. > > I do have a bdc; however there is no relivence to that as I am only > working > on the PDC at the time; > > I have these commented out in the slapd.conf for the moment. > > #replica host=192.168.0.3:389 > #suffix="dc=tinistuff,dc=com" > #binddn="cn=updateuser,dc=tinistuff,dc=com" > #bindmethod=simple credentials=123456 > > #replogfile /var/lib/ldap/replogfile > > > This is my smb.conf as per chapter 6; > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > secrets.tdb > > Does this look right so far; I am now going to configure smbldaptools as > per > the documentation; In chapter 5 (./configure) > > Ok, now we take a look at this - > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading > access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > masterPw="123456" > > > Time to populate the ldap DB. > [EMAIL PRO
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
John H Terpstra wrote: Where were you when I asked for feedback and review? Beats me, man. Working on something else. :) When will you provide updates to the documentation that improve its real value? Huh... I hadn't considered that it'd be accepted. Specifically, because of this note: Why did you not cover secure practices? Isn't it rather irresponsible to instruct network administrators to implement insecure solutions? ... I made the decision, right or wrong, to keep this material as simple as possible. The intent of this book is to demonstrate a working solution and not to discuss too many peripheral issues. It really bothers me to see any reference material treat security as an exercise for the reader. It bothered me more because as far as I've been able to determine, there's no reference material available which discusses which of the samba attributes need to be hidden from public view, and which need to be protected from writing by "self". Now, maybe my impression of the security practices you had in mind wasn't accurate. If you're open to what I think would be improvements, I could send patches to the documentation. I presume it's in CVS somewhere? Let me know where to check it out. I hope you are willing to contribute corrections and improvements and not just criticism. All contributions are most appreciated. Awww... but criticism is what I've got the most of. ;) Are you sure that chapter 5 does not provide clean-slate installation instructions that create a fully working LDAP directory that has been correctly populated? Um, no. You busted me. I misread some of the docs, and then made an erroneous claim. My mistake was reinforced by the expectation that Adrian had followed the documentation, which probably isn't the case. If it were, then the top level entries of his directory probably wouldn't be missing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Thu, 2006-03-02 at 22:38 -0600, John H Terpstra wrote: > > > > I think you should follow Craig's advice, get your hands on a copy of > > "LDAP System Administration", and go through it carefully. LDAP is a > > wonderful enabling technology, but if you don't understand how it works, > > you'll get terrible performance, and risk exposing private data. > > I have no argument with this advice - but please be careful that you do not > needlessly scare people off from using LDAP. > I was wondering if you dropped off the face of this planet since I knew you wouldn't take his commentary well. My biggest concern isn't necessarily for performance or exposing data as much as having a user who relies upon a technology that provides essential user/group authentication services as well as configuration information and can neither comprehend nor maintain it and when you know what hits the fan, that user is ill equipped to solve the problem. No one should be scared away from using LDAP and the samba documentation clearly gives enough information to permit someone to integrate samba in an LDAP environment but the samba documentation doesn't suggest that you can use LDAP on your domain without getting a reasonably rounded education on using LDAP itself. Some people have that erroneous expectation. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Thursday 02 March 2006 01:38, Gordon Messmer wrote: > adrian sender wrote: > > I am sticking to the documentation, (samba 3 by example by jht) > > excellent book!; > > Yes, it's an excellent book. I have a copy, myself. However, you won't > get anywhere "sticking to" its LDAP documentation. > > The LDAP documentation in "Samba-3 by Example" is BAD. Very bad. It > completely abrogates any discussion of security as a matter that the > user should be expert enough to handle, and gives example configuration > files that are completely open to attack. It would have been better to > ignore the LDAP server's configuration entirely and explicitly state > that admins are expected to be able to do it on their own. Where were you when I asked for feedback and review? When will you provide updates to the documentation that improve its real value? I hope you are willing to contribute corrections and improvements and not just criticism. All contributions are most appreciated. > Further, "Samba-3 by Example" assumes that you have a working directory, > to begin with. Using OpenLDAP, you must create the containers (using Please explain this claim? Where does chapter 5 of "Samba-3 by Example" make that assumption? Are you sure that chapter 5 does not provide clean-slate installation instructions that create a fully working LDAP directory that has been correctly populated? > slapadd, or ldapadd and the "rootdn") before you can bind and populate > the directory with other tools. This is covered in the quickstart guide: > http://www.openldap.org/doc/admin23/quickstart.html > > I think you should follow Craig's advice, get your hands on a copy of > "LDAP System Administration", and go through it carefully. LDAP is a > wonderful enabling technology, but if you don't understand how it works, > you'll get terrible performance, and risk exposing private data. I have no argument with this advice - but please be careful that you do not needlessly scare people off from using LDAP. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
you are gonna need to add 'self write' to your ACL's for users to login. You probably should follow Yanick's very simple ACL's at first - just to get you started but you aren't going to learn ACL's from samba Craig On Fri, 2006-03-03 at 11:49 +1100, adrian sender wrote: > I have this in my slap.conf as per the docs; > > > access to attrs=sambaLMPassword,sambaNTPassword >by dn="cn=sambaadmin,dc=tinistuff,dc=com" write >by * none > > Should that work? > > > >From: "Yanick Durant" <[EMAIL PROTECTED]> > >To: "adrian sender" <[EMAIL PROTECTED]> > >CC: samba@lists.samba.org > >Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> > >sambaadmin) > >Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET) > > > >You need to give enough rights to your "sambaadmin" to allow him to write > >to the ldap repository for adding users, and updating information. > > > >Ie : > > > >This kind of access rule inside your slapd.conf these line need to be > >after the database tag in the config file. > >This will also allow user to change their password > > > >access to attr=userPassword,sambaLMPassword,sambaNTPassword > > by self write > > by dn="cn=Manager,dc=tinistuff,dc=com" write > > by dn="cn=sambaadmin,dc=tinistuff,dc=com" write > > by anonymous auth > > by * none > > > ># The admin dn has full write access > >access to * > > by self write > > by dn="cn=Manager,dc=tinistuff,dc=com" write > > by dn="cn=sambaadmin,dc=tinistuff,dc=com" write > > by * read > > > >Regards, > > > >Yanick Durant > > > > > > > I will try to explain my situtation a little better so other can > > > understand. > > > > > > I am sticking to the documentation, (samba 3 by example by jht) > >excellent > > > book!; > > > > > > So here is where I am at; > > > > > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as > >per > > > the documentation chapter 6. > > > > > > I do have a bdc; however there is no relivence to that as I am only > > > working > > > on the PDC at the time; > > > > > > I have these commented out in the slapd.conf for the moment. > > > > > > #replica host=192.168.0.3:389 > > > #suffix="dc=tinistuff,dc=com" > > > #binddn="cn=updateuser,dc=tinistuff,dc=com" > > > #bindmethod=simple credentials=123456 > > > > > > #replogfile /var/lib/ldap/replogfile > > > > > > > > > This is my smb.conf as per chapter 6; > > > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > > > > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > > > > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > > > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > > > secrets.tdb > > > > > > Does this look right so far; I am now going to configure smbldaptools as > > > per > > > the documentation; In chapter 5 (./configure) > > > > > > Ok, now we take a look at this - > > > [EMAIL PROTECTED] sbin]# cat > > > /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > > > > > > > # Credential Configuration # > > > > > > # Notes: you can specify two differents configuration if you use a > > > # master ldap for writing access and a slave ldap server for reading > > > access > > > # By default, we will use the same DN (so it will work for standard > >Samba > > > # release) > > > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > > > slavePw="123456" > > > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > > > masterPw="123456" > > > > > > > > > Time to populate the ldap DB. > > > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > > > > > This does not work because it cannot bind as "sambaadmin" > > > > > > If I change my smbldap_bind to Manager, I can populate the DB. > > > > > > [EMAIL PROTECTED] sbin]# cat > > > /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > > &g
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
I have this in my slap.conf as per the docs; access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by * none Should that work? From: "Yanick Durant" <[EMAIL PROTECTED]> To: "adrian sender" <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET) You need to give enough rights to your "sambaadmin" to allow him to write to the ldap repository for adding users, and updating information. Ie : This kind of access rule inside your slapd.conf these line need to be after the database tag in the config file. This will also allow user to change their password access to attr=userPassword,sambaLMPassword,sambaNTPassword by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by anonymous auth by * none # The admin dn has full write access access to * by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by * read Regards, Yanick Durant > I will try to explain my situtation a little better so other can > understand. > > I am sticking to the documentation, (samba 3 by example by jht) excellent > book!; > > So here is where I am at; > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per > the documentation chapter 6. > > I do have a bdc; however there is no relivence to that as I am only > working > on the PDC at the time; > > I have these commented out in the slapd.conf for the moment. > > #replica host=192.168.0.3:389 > #suffix="dc=tinistuff,dc=com" > #binddn="cn=updateuser,dc=tinistuff,dc=com" > #bindmethod=simple credentials=123456 > > #replogfile /var/lib/ldap/replogfile > > > This is my smb.conf as per chapter 6; > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > secrets.tdb > > Does this look right so far; I am now going to configure smbldaptools as > per > the documentation; In chapter 5 (./configure) > > Ok, now we take a look at this - > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading > access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > masterPw="123456" > > > Time to populate the ldap DB. > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > This does not work because it cannot bind as "sambaadmin" > > If I change my smbldap_bind to Manager, I can populate the DB. > > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading > access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=Manager,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=Manager,dc=tinistuff,dc=com" > masterPw="123456" > > Now it populates fine. > > Is this a fault on my behalf, or is there something wrong with > "sambaadmin" > in the config files? > > PS - please forgive any spelling errors. > > Kind Regards, > Adrian Sender. > > > > > >>From: Gordon Messmer <[EMAIL PROTECTED]> >>To: adrian sender <[EMAIL PROTECTED]>, samba >> >>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> >>sambaadmin) >>Date: Wed, 01 Mar 2006 08:13:32 -0800 >> >>Well... you have to create the containers using slapdadd. After the >>containers are present, then you can populate them with users, etc, using >>ldapadd or other tools. If you haven't created the containers, nothi
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
You need to give enough rights to your "sambaadmin" to allow him to write to the ldap repository for adding users, and updating information. Ie : This kind of access rule inside your slapd.conf these line need to be after the database tag in the config file. This will also allow user to change their password access to attr=userPassword,sambaLMPassword,sambaNTPassword by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by anonymous auth by * none # The admin dn has full write access access to * by self write by dn="cn=Manager,dc=tinistuff,dc=com" write by dn="cn=sambaadmin,dc=tinistuff,dc=com" write by * read Regards, Yanick Durant > I will try to explain my situtation a little better so other can > understand. > > I am sticking to the documentation, (samba 3 by example by jht) excellent > book!; > > So here is where I am at; > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per > the documentation chapter 6. > > I do have a bdc; however there is no relivence to that as I am only > working > on the PDC at the time; > > I have these commented out in the slapd.conf for the moment. > > #replica host=192.168.0.3:389 > #suffix="dc=tinistuff,dc=com" > #binddn="cn=updateuser,dc=tinistuff,dc=com" > #bindmethod=simple credentials=123456 > > #replogfile /var/lib/ldap/replogfile > > > This is my smb.conf as per chapter 6; > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > secrets.tdb > > Does this look right so far; I am now going to configure smbldaptools as > per > the documentation; In chapter 5 (./configure) > > Ok, now we take a look at this - > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading > access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > masterPw="123456" > > > Time to populate the ldap DB. > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > This does not work because it cannot bind as "sambaadmin" > > If I change my smbldap_bind to Manager, I can populate the DB. > > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading > access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=Manager,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=Manager,dc=tinistuff,dc=com" > masterPw="123456" > > Now it populates fine. > > Is this a fault on my behalf, or is there something wrong with > "sambaadmin" > in the config files? > > PS - please forgive any spelling errors. > > Kind Regards, > Adrian Sender. > > > > > >>From: Gordon Messmer <[EMAIL PROTECTED]> >>To: adrian sender <[EMAIL PROTECTED]>, samba >> >>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> >>sambaadmin) >>Date: Wed, 01 Mar 2006 08:13:32 -0800 >> >>Well... you have to create the containers using slapdadd. After the >>containers are present, then you can populate them with users, etc, using >>ldapadd or other tools. If you haven't created the containers, nothing >> is >>going to work. >> >> >> >>adrian sender wrote: >>>The database has not been populated, and cannot be populated using >>>"sambaadmin" >>> >>> >>> >>>>From: Gordon Messmer <[EMAIL PROTECTED]> >>>>To: adrian sender <[EMAIL PROTECTED]> >>>>CC: samba@lists.samba.org >>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -&
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: I am sticking to the documentation, (samba 3 by example by jht) excellent book!; Yes, it's an excellent book. I have a copy, myself. However, you won't get anywhere "sticking to" its LDAP documentation. The LDAP documentation in "Samba-3 by Example" is BAD. Very bad. It completely abrogates any discussion of security as a matter that the user should be expert enough to handle, and gives example configuration files that are completely open to attack. It would have been better to ignore the LDAP server's configuration entirely and explicitly state that admins are expected to be able to do it on their own. Further, "Samba-3 by Example" assumes that you have a working directory, to begin with. Using OpenLDAP, you must create the containers (using slapadd, or ldapadd and the "rootdn") before you can bind and populate the directory with other tools. This is covered in the quickstart guide: http://www.openldap.org/doc/admin23/quickstart.html I think you should follow Craig's advice, get your hands on a copy of "LDAP System Administration", and go through it carefully. LDAP is a wonderful enabling technology, but if you don't understand how it works, you'll get terrible performance, and risk exposing private data. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Thu, 2006-03-02 at 14:47 +1100, adrian sender wrote: > I will try to explain my situtation a little better so other can understand. > > I am sticking to the documentation, (samba 3 by example by jht) excellent > book!; > > So here is where I am at; > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per > the documentation chapter 6. > > I do have a bdc; however there is no relivence to that as I am only working > on the PDC at the time; > > I have these commented out in the slapd.conf for the moment. > > #replica host=192.168.0.3:389 > #suffix="dc=tinistuff,dc=com" > #binddn="cn=updateuser,dc=tinistuff,dc=com" > #bindmethod=simple credentials=123456 > > #replogfile /var/lib/ldap/replogfile > > > This is my smb.conf as per chapter 6; > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com > > [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in > secrets.tdb > > Does this look right so far; I am now going to configure smbldaptools as per > the documentation; In chapter 5 (./configure) > > Ok, now we take a look at this - > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=sambaadmin,dc=tinistuff,dc=com" > masterPw="123456" > > > Time to populate the ldap DB. > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > > This does not work because it cannot bind as "sambaadmin" > > If I change my smbldap_bind to Manager, I can populate the DB. > > [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf > > > # Credential Configuration # > > # Notes: you can specify two differents configuration if you use a > # master ldap for writing access and a slave ldap server for reading access > # By default, we will use the same DN (so it will work for standard Samba > # release) > slaveDN="cn=Manager,dc=tinistuff,dc=com" > slavePw="123456" > masterDN="cn=Manager,dc=tinistuff,dc=com" > masterPw="123456" > > Now it populates fine. > > Is this a fault on my behalf, or is there something wrong with "sambaadmin" > in the config files? > > PS - please forgive any spelling errors. > the problem with this of course is that this really has nothing to do with Samba at all - this is strictly a user grappling with LDAP. What do you get from command line ? ldapsearch -x -h localhost -D 'cn=Manager,dc=tinistuff,dc=com' -W \ '(cn=sambaadmin)' If there is a dn: there it should show several attributes including a userPassword attribute. My guess is that is why it's not working...either there isn't a dn: cn=sambaadmin,dc=tinistuff,dc=com or there isn't a userPassword attribute set. My recommendation to you is to forget all about samba for a while and learn how to set up and manage LDAP. Then integrating samba will be a piece of cake. Here's my best suggestion, buy LDAP System Administration book by Gerald Carter (yes, our Jerry)...it's a bit outdated but it makes understanding LDAP easy. Using samba to learn LDAP is like trying to use salad tongs to do neuro surgery. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
I will try to explain my situtation a little better so other can understand. I am sticking to the documentation, (samba 3 by example by jht) excellent book!; So here is where I am at; I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per the documentation chapter 6. I do have a bdc; however there is no relivence to that as I am only working on the PDC at the time; I have these commented out in the slapd.conf for the moment. #replica host=192.168.0.3:389 #suffix="dc=tinistuff,dc=com" #binddn="cn=updateuser,dc=tinistuff,dc=com" #bindmethod=simple credentials=123456 #replogfile /var/lib/ldap/replogfile This is my smb.conf as per chapter 6; ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5*** ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com [EMAIL PROTECTED] sbin]# smbpasswd -w 123456 Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in secrets.tdb Does this look right so far; I am now going to configure smbldaptools as per the documentation; In chapter 5 (./configure) Ok, now we take a look at this - [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf # Credential Configuration # # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=sambaadmin,dc=tinistuff,dc=com" slavePw="123456" masterDN="cn=sambaadmin,dc=tinistuff,dc=com" masterPw="123456" Time to populate the ldap DB. [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 This does not work because it cannot bind as "sambaadmin" If I change my smbldap_bind to Manager, I can populate the DB. [EMAIL PROTECTED] sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf # Credential Configuration # # Notes: you can specify two differents configuration if you use a # master ldap for writing access and a slave ldap server for reading access # By default, we will use the same DN (so it will work for standard Samba # release) slaveDN="cn=Manager,dc=tinistuff,dc=com" slavePw="123456" masterDN="cn=Manager,dc=tinistuff,dc=com" masterPw="123456" Now it populates fine. Is this a fault on my behalf, or is there something wrong with "sambaadmin" in the config files? PS - please forgive any spelling errors. Kind Regards, Adrian Sender. From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]>, samba Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Wed, 01 Mar 2006 08:13:32 -0800 Well... you have to create the containers using slapdadd. After the containers are present, then you can populate them with users, etc, using ldapadd or other tools. If you haven't created the containers, nothing is going to work. adrian sender wrote: The database has not been populated, and cannot be populated using "sambaadmin" From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Tue, 28 Feb 2006 22:01:24 -0800 adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does "dc=tinistuff,dc=com" show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Well... you have to create the containers using slapdadd. After the containers are present, then you can populate them with users, etc, using ldapadd or other tools. If you haven't created the containers, nothing is going to work. adrian sender wrote: The database has not been populated, and cannot be populated using "sambaadmin" From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Tue, 28 Feb 2006 22:01:24 -0800 adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does "dc=tinistuff,dc=com" show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
On Wed, 2006-03-01 at 15:45 +1100, adrian sender wrote: > Hi Gordon, > > This is my admin-accts.ldif; > --- > dn: cn=updateuser,dc=tinistuff,dc=com > objectClass: person > cn: updateuser > sn: updateuser > userPassword: {crypt}ABiELdbxGY2fY > > dn: cn=sambaadmin,dc=tinistuff,dc=com > objectClass: person > cn: sambaadmin > sn: sambaadmin > userPassword: {crypt}ABiELdbxGY2fY > > > > So the ldap server is stopped, I add these entries; and restart ldap. > > [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif > added: "cn=updateuser,dc=tinistuff,dc=com" (0002) > added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) > Error, entries missing! > entry 1: dc=tinistuff,dc=com > > > [EMAIL PROTECTED] programs]# ldapsearch -x -D > "cn=sambaadmin,dc=tinistuff,dc=com" > -W uid=sambaadmin > Enter LDAP Password: > ldap_bind: Invalid credentials (49) > > It will not let me populate the database either; however I can populate fine > when using "Manager" instead of "sambaadmin" > > [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 > Populating LDAP directory for domain TINISTUFF > (S-1-5-21-1850218137-420253120-3974286998) > (using builtin directory structure) > > adding new entry: dc=tinistuff,dc=com > failed to add entry: modifications require authentication at > ./smbldap-populate line 471, line 2. no - this seems to have failed too. can you authenticate with your rootdn? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com If you dump the database, does "dc=tinistuff,dc=com" show up in there? It looks like the entry for the base DN is missing, which might explain the problems that you're having. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Hi Gordon, This is my admin-accts.ldif; --- dn: cn=updateuser,dc=tinistuff,dc=com objectClass: person cn: updateuser sn: updateuser userPassword: {crypt}ABiELdbxGY2fY dn: cn=sambaadmin,dc=tinistuff,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: {crypt}ABiELdbxGY2fY So the ldap server is stopped, I add these entries; and restart ldap. [EMAIL PROTECTED] scripts]# slapadd -v -l admin-accts.ldif added: "cn=updateuser,dc=tinistuff,dc=com" (0002) added: "cn=sambaadmin,dc=tinistuff,dc=com" (0003) Error, entries missing! entry 1: dc=tinistuff,dc=com [EMAIL PROTECTED] programs]# ldapsearch -x -D "cn=sambaadmin,dc=tinistuff,dc=com" -W uid=sambaadmin Enter LDAP Password: ldap_bind: Invalid credentials (49) It will not let me populate the database either; however I can populate fine when using "Manager" instead of "sambaadmin" [EMAIL PROTECTED] sbin]# ./smbldap-populate -a root -k 0 -m 0 Populating LDAP directory for domain TINISTUFF (S-1-5-21-1850218137-420253120-3974286998) (using builtin directory structure) adding new entry: dc=tinistuff,dc=com failed to add entry: modifications require authentication at ./smbldap-populate line 471, line 2. etc.. Hm :( Adrian. From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Sun, 26 Feb 2006 23:08:29 -0800 adrian sender wrote: Hey Guys, Gordon, I do not think that is the issue; I have tried what you said but still get the same error. Remember I have a SDC or BDC that uses updateuser; the ldif I add for that uses plain text passwords and works perfectly. I see... Your original message indicated that you had an "updateuser" in the database, but didn't indicate that you were actually using it for anything. I'm still guessing that this is an LDAP issue, and not a samba one. Are you able to perform a search with the sambaadmin user, or the updateuser user, using the ldapsearch command line? Try both of these, and make sure that sambaadmin is not the rootdn specified in your slapd.conf: ldapsearch -x -D "cn=sambaadmin,dc=ddesign,dc=com" -W uid=sambaadmin ldapsearch -x -D "cn=updateuser,dc=ddesign,dc=com" -W uid=sambaadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: Hey Guys, Gordon, I do not think that is the issue; I have tried what you said but still get the same error. Remember I have a SDC or BDC that uses updateuser; the ldif I add for that uses plain text passwords and works perfectly. I see... Your original message indicated that you had an "updateuser" in the database, but didn't indicate that you were actually using it for anything. I'm still guessing that this is an LDAP issue, and not a samba one. Are you able to perform a search with the sambaadmin user, or the updateuser user, using the ldapsearch command line? Try both of these, and make sure that sambaadmin is not the rootdn specified in your slapd.conf: ldapsearch -x -D "cn=sambaadmin,dc=ddesign,dc=com" -W uid=sambaadmin ldapsearch -x -D "cn=updateuser,dc=ddesign,dc=com" -W uid=sambaadmin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Hey Guys, Gordon, I do not think that is the issue; I have tried what you said but still get the same error. Remember I have a SDC or BDC that uses updateuser; the ldif I add for that uses plain text passwords and works perfectly. H. Adrian. From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Mon, 20 Feb 2006 10:20:58 -0800 adrian sender wrote: Hi gordon, I don't think that is the issue here because I am able to use "Manager" ldif with plain text passwords. Yeah... I don't think you are. According to your account, you're only able to use Manager or sambaadmin when it's the rootdn in the openldap configuration file. In that case, the plain text password from the configuration file, and not the password in the directory, is used. Try crypt()ing the password, and see if that allows you to bind as the sambaadmin user, without specifying that account as the rootdn. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: Hi gordon, I don't think that is the issue here because I am able to use "Manager" ldif with plain text passwords. Yeah... I don't think you are. According to your account, you're only able to use Manager or sambaadmin when it's the rootdn in the openldap configuration file. In that case, the plain text password from the configuration file, and not the password in the directory, is used. Try crypt()ing the password, and see if that allows you to bind as the sambaadmin user, without specifying that account as the rootdn. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Hi gordon, I don't think that is the issue here because I am able to use "Manager" ldif with plain text passwords. Cheers. Adrian Sender. From: Gordon Messmer <[EMAIL PROTECTED]> To: adrian sender <[EMAIL PROTECTED]> CC: samba@lists.samba.org Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin) Date: Sun, 19 Feb 2006 10:44:14 -0800 adrian sender wrote: dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: 123456 When using sambaadmin instead of manager samba hangs unable to connect to the ldap database, however if i change this entry in the slapd.conf all works find also. rootdn "cn=Manager,dc=ddesign,dc=com" TO>>> rootdn "cn=sambaadmin,dc=ddesign,dc=com" Given that, I'd guess that your directory server doesn't support plain text userPassword fields. Try crypt()ing them. # perl -e 'print crypt("123456", "AB") . "\n"' ABiELdbxGY2fY So, then, your LDIF should have: dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: {crypt}ABiELdbxGY2fY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
adrian sender wrote: dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: 123456 When using sambaadmin instead of manager samba hangs unable to connect to the ldap database, however if i change this entry in the slapd.conf all works find also. rootdn "cn=Manager,dc=ddesign,dc=com" TO>>> rootdn "cn=sambaadmin,dc=ddesign,dc=com" Given that, I'd guess that your directory server doesn't support plain text userPassword fields. Try crypt()ing them. # perl -e 'print crypt("123456", "AB") . "\n"' ABiELdbxGY2fY So, then, your LDIF should have: dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: {crypt}ABiELdbxGY2fY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)
Dear Samba & Users. I have spent some time going over the documentation, however I still no not fully understand what the cause is. I am focusing on Samba 3 by Example chapter 5 & 6 specifically Chapter 5 smbpasswd -w 123456 [EMAIL PROTECTED] data]# smbpasswd -w 123456 Setting stored password for "cn=Manager,dc=ddesign,dc=com" in secrets.tdb Chapter 6 indicates in the smb.conf to use sambaadmin instead of manager. If i change this to manager in the smb.conf & also this entry in the slapd.conf access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=sambaadmin,dc=ddesign,dc=com" write by * none to access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=Manager,dc=ddesign,dc=com" write by * none Alll works fine. Chapter 6 smbpasswd -w 123456 [EMAIL PROTECTED] ~]# smbpasswd -w 123456 Setting stored password for "cn=sambadmin,dc=ddesign,dc=com" in secrets.tdb [EMAIL PROTECTED] samba]# cat smbd [2006/01/30 15:23:15, 0] lib/smbldap.c:smbldap_connect_system(890) failed to bind to server ldap://127.0.0.1 with dn="cn=sambadmin,dc=ddesign,dc=com" Error: Invalid credentials [2006/01/30 15:23:15, 1] lib/smbldap.c:another_ldap_try(1051) Â Connection to LDAP server failed for the 1 try! I have added this ldif entry from chapter 6 ; dn: cn=updateuser,dc=ddesign,dc=com objectClass: person cn: updateuser sn: updateuser userPassword: 123456 dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: 123456 When using sambaadmin instead of manager samba hangs unable to connect to the ldap database, however if i change this entry in the slapd.conf all works find also. rootdn "cn=Manager,dc=ddesign,dc=com" TO>>> rootdn "cn=sambaadmin,dc=ddesign,dc=com" I have been through this configuration several times and keep getting the same issue. Is it possible that I am missing a crutial step between chapter 5 and the single master ldap chapter 6 master/slave configuration. This is only for testing purposes so I can blow away the database without any worries. I am thinking that the problem may be an entry in ldap is not there, although it shows the sambaadmin user. For the moment I am using Manager in replace of sambaadmin. Thanks. Adrian Sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba