Re: [Samba] samba3+openldap:Problem during the LDAP search
Perhaps you can try to set the PDC ip address as the wins server in the network Advanced configuration (if you'd configured samba as wins server either). Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3+openldap:Problem during the LDAP search
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edmund Lin wrote, On 19-09-2007 00:04: > Hi, > I'm sorry that I'm new to LDAP. We used to use tdbsam as the passdb backend. > I wish I had time to learn more about LDAP but I need to finish this in > these few days. I just followed the steps from Samba guide chapter 5 and got > stucked at the point of joining domain. I also use ldapsearch -x uid=root > and see the root account's information. If this is not the right way, would > you tell me how to check it and correct it? I swear I will study LDAP in > depth after I get through this. You don't need to swear to us, I think Adam is more concerned with you when he say that it needs "glue", otherwise you probably will face some troubles finding where exactly is the problem. ldapsearch is fine, but you should invest a couple of hours to read the LDAP Administrator's Guide and a few bits of the whole LDAP+Samba dance, it can save you hours of hitting the head against the wall. :-) > And I can use the root account/password to access the share > folders of the server without joining the domain. My guess is that you are missing the "admin" account of the Domain. You should use 'net groupmap' or 'net rpc rights' to give to the LDAP-root user the ability to join machines to the domain. But looking for the error you sent in the previous message: "logon failure:unknown user name or bad password", it seems that there is still a problem with your account/password configs. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8T1kCj65ZxU4gPQRCKv1AJ9bCR62OSp6+0dx6wpZzgUULwAJqACeNyo6 acpG77L7c7Qe2fmBBhbkuhk= =7f1C -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3+openldap:Problem during the LDAP search
Hi, I'm sorry that I'm new to LDAP. We used to use tdbsam as the passdb backend. I wish I had time to learn more about LDAP but I need to finish this in these few days. I just followed the steps from Samba guide chapter 5 and got stucked at the point of joining domain. I also use ldapsearch -x uid=root and see the root account's information. If this is not the right way, would you tell me how to check it and correct it? I swear I will study LDAP in depth after I get through this. And I can use the root account/password to access the share folders of the server without joining the domain. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Tauno Williams Sent: Tuesday, September 18, 2007 7:22 AM To: samba@lists.samba.org Subject: RE: [Samba] samba3+openldap:Problem during the LDAP search > But now another problem happened: when I tried to join a Winxp to the > domain, after I enter the root account and password, a popup said > "logon failure:unknown user name or bad password". > I can see root account using slapcat. Why are you using slapcat to see if there is a root account in the Dit? This seems like an alarm-bell that you need to slow down and learn a little bit more about LDAP and the LDAP tools before proceeding. > I used smbldap-passwd to change the > root's password. > If I change the passdb backend to tdbsam, I can join the domain. > Any idea? Everything with the tdbsam is pretty much automated for you; to work with an LDAP SAM you need more "glue" and to get that to work you need a working understanding of the different layers. Do you have an add user script setup? -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3+openldap:Problem during the LDAP search
> But now another problem happened: when I tried to join a Winxp to the > domain, after I enter the root account and password, a popup said "logon > failure:unknown user name or bad password". > I can see root account using slapcat. Why are you using slapcat to see if there is a root account in the Dit? This seems like an alarm-bell that you need to slow down and learn a little bit more about LDAP and the LDAP tools before proceeding. > I used smbldap-passwd to change the > root's password. > If I change the passdb backend to tdbsam, I can join the domain. > Any idea? Everything with the tdbsam is pretty much automated for you; to work with an LDAP SAM you need more "glue" and to get that to work you need a working understanding of the different layers. Do you have an add user script setup? -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3+openldap:Problem during the LDAP search
Hi, I ran smbldap-populate to solve the problem. thank you all. But now another problem happened: when I tried to join a Winxp to the domain, after I enter the root account and password, a popup said "logon failure:unknown user name or bad password". I can see root account using slapcat. I used smbldap-passwd to change the root's password. If I change the passdb backend to tdbsam, I can join the domain. Any idea? Thanks. Edmund -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Felipe Augusto van de Wiel Sent: Monday, September 17, 2007 8:55 AM To: samba@lists.samba.org Subject: Re: [Samba] samba3+openldap:Problem during the LDAP search -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edmund Lin wrote, On 16-09-2007 23:59: > From: On Behalf Of Adam Tauno Williams > Sent: Thursday, September 13, 2007 4:50 PM > To: samba@lists.samba.org > Subject: Re: [Samba] samba3+openldap:Problem during the LDAP search >>> I'm trying to use samba3+openldap as our PDC. >>> I installed the server using CentOS4.4 single service CD and then >>> use yum install openldap-servers to install openldap server. >>> I already ran "smbpasswd -w secret". >>> When I invoked "smbpasswd -a root" the following error showed up: >>> [EMAIL PROTECTED] samba]# smbpasswd -a root >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) New SMB password: >>> Retype new SMB password: >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) >>> ldapsam_search_one_group: Problem during the LDAP search: LDAP error: >>> (No such object) >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) Failed to add entry for user root. >>> Failed to modify password entry for user root >> >> Is there a user root in your Dit? > > Hi, > I'm sorry I don't understand the word "Dit". DIT == Directory Information Tree > If you mean the account name of linux, yes there is a user "root". > And all I did is under the root account. The question is if you have a user root inside your LDAP directory, not the root in passwd/shadow. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG7nkQCj65ZxU4gPQRCB/hAKCi/2WT082Kdw5ZFJ38ac46bCgAOQCgzW0G rJOos1rPDTsoHQId7uqTmRo= =GeHM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3+openldap:Problem during the LDAP search
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Edmund Lin wrote, On 16-09-2007 23:59: > From: On Behalf Of Adam Tauno Williams > Sent: Thursday, September 13, 2007 4:50 PM > To: samba@lists.samba.org > Subject: Re: [Samba] samba3+openldap:Problem during the LDAP search >>> I'm trying to use samba3+openldap as our PDC. >>> I installed the server using CentOS4.4 single service CD and then use >>> yum install openldap-servers to install openldap server. >>> I already ran "smbpasswd -w secret". >>> When I invoked "smbpasswd -a root" the following error showed up: >>> [EMAIL PROTECTED] samba]# smbpasswd -a root >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) New SMB password: >>> Retype new SMB password: >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) >>> ldapsam_search_one_group: Problem during the LDAP search: LDAP error: >>> (No such object) >>> smbldap_search_suffix: Problem during the LDAP search: (No such >>> object) Failed to add entry for user root. >>> Failed to modify password entry for user root >> >> Is there a user root in your Dit? > > Hi, > I'm sorry I don't understand the word "Dit". DIT == Directory Information Tree > If you mean the account name of linux, yes there is a user "root". > And all I did is under the root account. The question is if you have a user root inside your LDAP directory, not the root in passwd/shadow. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG7nkQCj65ZxU4gPQRCB/hAKCi/2WT082Kdw5ZFJ38ac46bCgAOQCgzW0G rJOos1rPDTsoHQId7uqTmRo= =GeHM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3+openldap:Problem during the LDAP search
Hi, I'm sorry I don't understand the word "Dit". If you mean the account name of linux, yes there is a user "root". And all I did is under the root account. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam Tauno Williams Sent: Thursday, September 13, 2007 4:50 PM To: samba@lists.samba.org Subject: Re: [Samba] samba3+openldap:Problem during the LDAP search > I'm trying to use samba3+openldap as our PDC. > I installed the server using CentOS4.4 single service CD and then use > yum install openldap-servers to install openldap server. > I already ran "smbpasswd -w secret". > When I invoked "smbpasswd -a root" the following error showed up: > [EMAIL PROTECTED] samba]# smbpasswd -a root > smbldap_search_suffix: Problem during the LDAP search: (No such > object) New SMB password: > Retype new SMB password: > smbldap_search_suffix: Problem during the LDAP search: (No such > object) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: > (No such object) > smbldap_search_suffix: Problem during the LDAP search: (No such > object) Failed to add entry for user root. > Failed to modify password entry for user root Is there a user root in your Dit? -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3+openldap:Problem during the LDAP search
> I'm trying to use samba3+openldap as our PDC. > I installed the server using CentOS4.4 single service CD and then use yum > install openldap-servers to install openldap server. > I already ran "smbpasswd -w secret". > When I invoked "smbpasswd -a root" the following error showed up: > [EMAIL PROTECTED] samba]# smbpasswd -a root > smbldap_search_suffix: Problem during the LDAP search: (No such object) > New SMB password: > Retype new SMB password: > smbldap_search_suffix: Problem during the LDAP search: (No such object) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No > such object) > smbldap_search_suffix: Problem during the LDAP search: (No such object) > Failed to add entry for user root. > Failed to modify password entry for user root Is there a user root in your Dit? -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba3+openldap:Problem during the LDAP search
Hi, I'm trying to use samba3+openldap as our PDC. I installed the server using CentOS4.4 single service CD and then use yum install openldap-servers to install openldap server. I already ran "smbpasswd -w secret". When I invoked "smbpasswd -a root" the following error showed up: [EMAIL PROTECTED] samba]# smbpasswd -a root smbldap_search_suffix: Problem during the LDAP search: (No such object) New SMB password: Retype new SMB password: smbldap_search_suffix: Problem during the LDAP search: (No such object) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) smbldap_search_suffix: Problem during the LDAP search: (No such object) Failed to add entry for user root. Failed to modify password entry for user root --samba and openldap versions: [EMAIL PROTECTED] samba]# rpm -qa|grep samba system-config-samba-1.2.21-1 samba-common-3.0.10-1.4E.9 samba-3.0.10-1.4E.12.2 samba-client-3.0.10-1.4E.12.2 [EMAIL PROTECTED] samba]# rpm -qa|grep ldap php-ldap-4.3.9-3.15 openldap-servers-2.2.13-7.4E nss_ldap-226-13 openldap-2.2.13-7.4E [EMAIL PROTECTED] samba]# I've simplified the configuration to: smb.conf - [EMAIL PROTECTED] samba]# cat smb.conf # Global parameters [global] workgroup = PANGEO.COM netbios name = PDC server string = Samba Server passdb backend = ldapsam:ldap://localhost log level = 256 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No ldap suffix = dc=pangeo,dc=com ldap admin dn = cn=Manager,dc=pangeo,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap ssl = no ldap user suffix = ou=Users idmap uid = 15000-2 idmap gid = 15000-2 cups options = raw [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No --slapd.conf - [EMAIL PROTECTED] samba]# cd /etc/openldap [EMAIL PROTECTED] openldap]# cat slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile/var/run/slapd.args databasebdb suffix "dc=pangeo,dc=com" rootdn "cn=Manager,dc=pangeo,dc=com" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShelleq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntryeq,pres,sub loglevel 256 -/etc/openldap.conf- - [EMAIL PROTECTED] openldap]# cd /etc [EMAIL PROTECTED] etc]# cat ldap.conf host 127.0.0.1 base dc=pangeo,dc=com binddn cn=Manager,dc=pangeo,dc=com bindpw secret timelimit 120 bind_timelimit 120 idle_timelimit 3600 ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 [EMAIL PROTECTED] etc]# ---openldap.log- -- [EMAIL PROTECTED] etc]# cat /var/log/openldap.log Sep 12 16:47:29 localhost slapd[31733]: conn=0 fd=10 closed Sep 12 16:47:29 localhost slapd[31733]: conn=1 fd=11 closed Sep 12 16:47:29 localhost slapd[31733]: slapd shutdown: waiting for 0 threads to terminate Sep 12 16:47:29 localhost slapd[31733]: slapd stopped. Sep 12 16:47:29 localhost slapd[31814]: @(#) $OpenLDAP: slapd 2.2.13 (May 3 2007 01:57:31) $ [EMAIL PROTECTED]:/builddir/build/BUILD/openldap-2.2.13/openldap -2.2.13/build-servers/servers/slapd Sep 12 16:47:29 localhost slapd[31814]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 12 16:47:29 localhost slapd[31814]: bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Sep 12 16:47:29 localhost slapd[31814]: bdb_db_init: Initializing BDB database Sep 12 16:47:29 localhost slapd[31815]: slapd starting Sep 12 16:47:33 localhost slapd[31815]: conn=
