Re: [Samba] samba 2.2.3a / openLDAP connection problem
On Tue, 16 Mar 2004 12:38:32 + Martin Wood <[EMAIL PROTECTED]> wrote: Hi, > ldapsearch -b "ou=People,dc=ideaworks3d,dc=com" -LLL -D > "cn=manager,dc=ideaworks3d,dc=com" -W -x "(uid=marvldap)" > > gives me the correct output (the LDIF format entry for marvldap) > but still no luck with smbpasswd -a smbuser If you don't happen to have your slapd providing ldaps only (and as your Samba-setup uses non-encrypted LDAP), then your best bet is to check the slapd-log/-debug-output: Does Samba connect to the LDAP-server? What does it (Samba) want? What does the LDAP-server think of it? etc... Sorry, I'm running out of ideas... Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
Markus Amersdorfer wrote: On Mon, 15 Mar 2004 16:47:14 + Martin Wood <[EMAIL PROTECTED]> wrote: Hi, ok, thanks for the replies so far...I dont seem to be having much luck the samba and ldap servers are on the same machine.. [...] ldapsearch -x '(cn=Manager)' gives : [nothing-found] Can you add entries to and search the directory without any Samba software involved? What does "ldapsearch -x" return? Also, try some more verbose ldapsearch-commands. Debian e.g. needs /etc/ldap/ldap.conf to hold BASE and URI information in order for "ldapsearch -x '(pattern)'" to succeed (AFAICT), otherwise your have to set these options explicitly... right, i edited ldap.conf and now my ldapsearch queries are returning responses. e.g. ldapsearch -b "ou=People,dc=ideaworks3d,dc=com" -LLL -D "cn=manager,dc=ideaworks3d,dc=com" -W -x "(uid=marvldap)" gives me the correct output (the LDIF format entry for marvldap) but still no luck with smbpasswd -a smbuser i've checked my smb.conf : # ldap admin dn = cn=manager,dc=ideaworks3d,dc=com ldap server = localhost ldap suffix = ou=People,dc=ideaworks3d,dc=com # Don't include "root" here, as joining clients need the "root" user... invalid users = bin daemon adm sync shutdown halt mail news uucp operator gopher hosts allow = 10.xxx.xxx.xxx/255.xxx.xxx.xxx localhost my slapd.conf has these access controls : access to attribute=userPassword,lmPassword,ntPassword by dn="cn=manager,dc=ideaworks3d,dc=com" write by anonymous auth by * none access to * by dn="cn=manager,dc=ideaworks3d,dc=com" write by dn="cn=nss,dc=ideaworks3d,dc=com" read by * auth # from what i can make out from the slapd output, the query for an existing posix account is being made, but nothing happens after that. from reading http://mawi.org/sambaldap/Samba_and_LDAP_on_Debian.html#usermanadd he first creates the *nix account, then adds user info to ldap from and ldif file and then runs smbpasswd I thought the idea was the smbpasswd would add the ldap info automatically? and anyway, even adding the user.ldif file via ldapadd (which succeeds) doesnt change the behaviour of smbpasswd -a user any other details i should be scrutinising for possible errors ? thanks again for your help, its really appreciated. martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
On Mon, 15 Mar 2004 16:47:14 + Martin Wood <[EMAIL PROTECTED]> wrote: Hi, > ok, thanks for the replies so far...I dont seem to be having much luck > the samba and ldap servers are on the same machine.. > [...] > ldapsearch -x '(cn=Manager)' > gives : > [nothing-found] Can you add entries to and search the directory without any Samba software involved? What does "ldapsearch -x" return? Also, try some more verbose ldapsearch-commands. Debian e.g. needs /etc/ldap/ldap.conf to hold BASE and URI information in order for "ldapsearch -x '(pattern)'" to succeed (AFAICT), otherwise your have to set these options explicitly... Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
ok, thanks for the replies so far...I dont seem to be having much luck the samba and ldap servers are on the same machine.. i've tried the read -s -p "Enter LDAP Root DN Password: " LDAP_BINDPW smbpasswd -w $LDAP_BINDPW multiple times just to make sure i wasnt making any typos. i've added ALL: localhost ALL: 127.0.0.1 ALL: breadfruit to hosts.allow just in case. ldapsearch -x '(cn=Manager)' gives : version: 2 # # filter: (cn=Manager) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 which seems like its wrong to me (the 32 No such object) the output from slapd is very verbose, are there any critical sections i should be concerned with ? (or shall i post the all the slapd output resulting from the smbpasswd -a marvsmb command ?) again, thanks for the help...its good to know im not on my own here.. if there are any other tools / commands that i can use to help debug the situation please let me know.. thanks, martin Diego Julian Remolina wrote: If you have openldap compiled with tcp wrappers you should also have the appropriate entries in the file: /etc/hosts.allow Try to run a simple ldapsearch from the samba machine just to make sure you get some results: ldapsearch -x '(cn=Manager)' HTH, Diego On Sat, 13 Mar 2004, Markus Amersdorfer wrote: On Fri, 12 Mar 2004 14:27:48 + Martin Wood <[EMAIL PROTECTED]> wrote: i've created a normal account for the user, but when i get to do : # smbpasswd -D10 -a marvsmb i get : ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "cn=manager,dc=ideaworks3d,dc=com" Bind failed: Can't contact LDAP server ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "cn=manager,dc=ideaworks3d,dc=com" Bind failed: Can't contact LDAP server Failed to add entry for user marvsmb. Failed to modify password entry for user marvsmb It seems your Samba-process can not (or is not allowed to -- what does slapd-output say?) connect to the slapd-server properly. Did you run "smbpasswd -w $LDAP_BINDPW"? Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
If you have openldap compiled with tcp wrappers you should also have the appropriate entries in the file: /etc/hosts.allow Try to run a simple ldapsearch from the samba machine just to make sure you get some results: ldapsearch -x '(cn=Manager)' HTH, Diego On Sat, 13 Mar 2004, Markus Amersdorfer wrote: > On Fri, 12 Mar 2004 14:27:48 + > Martin Wood <[EMAIL PROTECTED]> wrote: > > > i've created a normal account for the user, but when i get to do : > > > > # smbpasswd -D10 -a marvsmb > > > > i get : > > > > ldap_open_connection: connection opened > > ldap_connect_system: Binding to ldap server as > > "cn=manager,dc=ideaworks3d,dc=com" > > Bind failed: Can't contact LDAP server > > ldap_open_connection: connection opened > > ldap_connect_system: Binding to ldap server as > > "cn=manager,dc=ideaworks3d,dc=com" > > Bind failed: Can't contact LDAP server > > Failed to add entry for user marvsmb. > > Failed to modify password entry for user marvsmb > > It seems your Samba-process can not (or is not allowed to -- what does > slapd-output say?) connect to the slapd-server properly. > Did you run "smbpasswd -w $LDAP_BINDPW"? > > Cheers, > Max > > -- > The first time any man's freedom is trodden on, we're all damaged. > > > http://homex.subnet.at/~max/ > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2.2.3a / openLDAP connection problem
On Fri, 12 Mar 2004 14:27:48 + Martin Wood <[EMAIL PROTECTED]> wrote: > i've created a normal account for the user, but when i get to do : > > # smbpasswd -D10 -a marvsmb > > i get : > > ldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server as > "cn=manager,dc=ideaworks3d,dc=com" > Bind failed: Can't contact LDAP server > ldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server as > "cn=manager,dc=ideaworks3d,dc=com" > Bind failed: Can't contact LDAP server > Failed to add entry for user marvsmb. > Failed to modify password entry for user marvsmb It seems your Samba-process can not (or is not allowed to -- what does slapd-output say?) connect to the slapd-server properly. Did you run "smbpasswd -w $LDAP_BINDPW"? Cheers, Max -- The first time any man's freedom is trodden on, we're all damaged. http://homex.subnet.at/~max/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.2.3a / openLDAP connection problem
This is my first attempt at using samba with ldap but i've hit a problem which im trying to debug. im following the OpenLDAP on Debian Woody guide from http://aqua.subnet.at/~max/ldap/ and im at the stage where im trying to add users to the LDAP database using smbpasswd i've created a normal account for the user, but when i get to do : # smbpasswd -D10 -a marvsmb i get : ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "cn=manager,dc=ideaworks3d,dc=com" Bind failed: Can't contact LDAP server ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "cn=manager,dc=ideaworks3d,dc=com" Bind failed: Can't contact LDAP server Failed to add entry for user marvsmb. Failed to modify password entry for user marvsmb --- now, i know that the ldap server is running (I can telnet to it, i can log-in via ssh w/ ldap authentication) what common problems should i be looking for? what is a good way to debug this situation? (im running slapd in another term window so i can see its debug output) if it helps my smb.conf contains these ldap settings : # ldap settings ldap admin dn = cn=manager,dc=ideaworks3d,dc=com ldap server = localhost ldap suffix = ou=People,dc=ideaworks3d,dc=com and my slapd.conf contains : include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/samba.schema # other stuff here access to attribute=userPassword,lmPassword,ntPassword by dn="cn=manager,dc=ideaworks3d,dc=com" write by anonymous auth by * none access to * by dn="cn=manager,dc=ideaworks3d,dc=com" write by dn="cn=nss,dc=ideaworks3d,dc=com" read by * auth sorry for the long mail but i thought it wise to include as much relevant detail as possible (although my concept of relevant will no doubt change :) thanks, Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba