Re: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
On Thu, 29 Apr 2004, Wisudanto C Suntoyo wrote: > Hi all Need Urgent Help :( Sorry for my late reply, I have been quite busy catching up on package maintenance and on a project on a tight schedule. > > I' m new to this List... I'm trying to setup a new Samba 3 PDC + OpenLDAP > on a Mandrake 10.0 to replace an older server... > Cause I need an LDAP Backend for a BDC planned on a remote site, and Samba 3 > came along. > > So I'm following this Doc > http://au1.samba.org/samba/docs/man/guide/happy.html This document has a number of errors, and does not address a number of issues that have been taken care of for you in the Mandrake packages of openldap and samba. Additionally, it shows a *very* convoluted method of getting network authentication for unix clients working against unix servers (via wnbind??). Although I haven't had time to update the articles at mandrakesecure.net for OpenLDAP-2.1 and samba3, I think they would still be a better startingpoint. http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php > > 1. I fail once I get to this step 18 of initialization and creation > > [EMAIL PROTECTED] root]# net rpc join -U Administrator%My_Pa555 > The username or password was not correct. > This is the ridiculous part, it's not necessary to run winbind on unix clients when you have a unix LDAP server, so you don't need to join unix clients to the domain. The method I suggest is to add an LDAP account for 'root, for example by using the openldap-migration package. Then, you will be able to set this root user's smb password (via smbpasswd -a), and use that account to join machines to the domain. Additionally, if you have users who are members of the adm group with smb passwords, they should also be able to join machines to the domain. > I've Tried changing the pass a few times with the smbldap-passwd tool > nothing changed > > 2. I also cant seem to authenticate my Administrator user (uid=0) to add > Machine > accounts... an unknown username or bad password error comes up > > Any Ideas > > Regards Wisu > > > LDAP log ---> > >From the LDAP log, it seems you are having samba bind as your OpenLDAP rootdn, which is a bad practice. You should instead add an account for the machine (exampes such as those shown in the mandrakesecure.net articles should work), and add that dn to the "cn=Domain Controllers" group (it should not be a posixGroup ... so delete the one the smb-populate makes for you, andmake it a groupofnames: $ ldapsearch -x "(cn=Domain Controllers)" -LLL dn: cn=Domain Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com objectClass: groupOfNames objectClass: top cn: Domain Controllers member: cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com ) (BTW, this only applies if you are using the Mandrake packages, if you've compiled from source, you've lost a lot of good configuration). Regards, Buchan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Resolved --> RE: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
Hi All Resolved the current issues on my MDK 10.0 systems 1. I installed a fresh samba-3.0.3 from source since it was available, and a thread in this list stated printing problems on a Mdk 10.0 w/ smb3 2. I found out from threads of this list that computer accounts cannot be separated from user accounts' container in the LDAP tree A bug is it? so i started over - emptying the LDAP database - made minor changes in the smb.conf stating the computers dn to users dn - enter LDAP bind password w/ smbpasswd -w mypa55 - View new SID in secrects tdb - modify the smbldap-tools confiurtion file to state computers dn in the users dn and New SID - populating the database with smbldap-populate - change Administrator uidNumber to 0 - setting Administrator Password Join smb3 PDC to Domain --> success Join WinXP Pro Ws to Domain --> success Thanks, Wisu -Original Message- From: Chris Snider [mailto:[EMAIL PROTECTED] Sent: Saturday, May 01, 2004 3:11 AM To: 'Wisudanto C Suntoyo'; [EMAIL PROTECTED] Subject: RE: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0 Did you add your root account using smbpasswd -a root? If so check to make sure you have a root=administrator entry in the /etc/samba/smbusers file. Try these steps first and let me know. Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
Did you add your root account using smbpasswd -a root? If so check to make sure you have a root=administrator entry in the /etc/samba/smbusers file. Try these steps first and let me know. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wisudanto C Suntoyo Sent: Thursday, April 29, 2004 8:10 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0 Hi all Need Urgent Help :( I' m new to this List... I'm trying to setup a new Samba 3 PDC + OpenLDAP on a Mandrake 10.0 to replace an older server... Cause I need an LDAP Backend for a BDC planned on a remote site, and Samba 3 came along. So I'm following this Doc http://au1.samba.org/samba/docs/man/guide/happy.html 1. I fail once I get to this step 18 of initialization and creation [EMAIL PROTECTED] root]# net rpc join -U Administrator%My_Pa555 The username or password was not correct. I've Tried changing the pass a few times with the smbldap-passwd tool nothing changed 2. I also cant seem to authenticate my Administrator user (uid=0) to add Machine accounts... an unknown username or bad password error comes up Any Ideas Regards Wisu LDAP log ---> [EMAIL PROTECTED] root]# tail -f /var/log/ldap/ldap.log Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SRCH base="dc=qdc,dc=co,dc=id" scope=2 filter="(&(uid=gdm)(objectClass=sambaSamAccount))" Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SRCH base="ou=Groups,dc=qdc,dc=co,dc=id" scope=2 filter="(&(objectClass=sambaGroupMapping)(|(displayName=gdm)(cn=gdm)))" Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SRCH base="ou=Groups,dc=qdc,dc=co,dc=id" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=77))" Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SRCH attr=gidNumber sambaSID sambaGroupType description displayName cn objectClass Apr 29 04:14:15 qjktsmb slapd[7401]: conn=5 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Apr 29 04:14:18 qjktsmb slapd[7401]: conn=6 fd=10 closed Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 fd=10 ACCEPT from IP=192.168.1.199:33004 (IP=0.0.0.0:389) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 BIND dn="cn=Manager,dc=qdc,dc=co,dc=id" method=128 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 BIND dn="cn=Manager,dc=qdc,dc=co,dc=id" mech=simple ssf=0 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=0 RESULT tag=97 err=0 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SRCH base="dc=qdc,dc=co,dc=id" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=QDC-JKT))" Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 fd=23 ACCEPT from IP=192.168.1.199:33005 (IP=0.0.0.0:389) Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 BIND dn="cn=Manager,dc=qdc,dc=co,dc=id" method=128 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 BIND dn="cn=Manager,dc=qdc,dc=co,dc=id" mech=simple ssf=0 Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=0 RESULT tag=97 err=0 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SRCH base="dc=qdc,dc=co,dc=id" scope=2 filter="(&(objectClass=sambaDomain)(sambaDomainName=QDC-JKT))" Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Apr 29 04:17:30 qjktsmb slapd[7401]: conn=8 fd=23 closed Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=2 SRCH base="dc=qdc,dc=co,dc=id" scope=2 filter="(&(uid=root)(objectClass=sambaSamAccount))" Apr 29 04:17:30 qjktsmb slapd[7401]: conn=7 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Apr 29 0