RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi, have compiled with --with-ldap or --with-ldapsam ? If --with-ldap, you must delete these lines : ldap server = 486dx66.hrnet.de ldap port = 1389 --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 11/01/2005 16:33:31 : Hi everybody, i'm having serious problems with the configuration of samba 3.0.10. First my setup : samba-3.0.10 built from source openldap-2.2.20 built from source OS : Suse Linux 7.1 (but updated - Kernel 2.4.27) My problem : I'm trying to use smbpasswd like the following : ---snipp--- [PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina Netbios name list:- my_netbios_names[0]=486DX66 Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ---snipp--- Everything seems to be okay, but the following lines are the important ones ... ---snipp--- ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam) Found pdb backend ldapsam Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))] smbldap_search: base = [dc=hrnet,dc=de], filter = [((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2] smbldap_open_connection: ldap://486dx66.hrnet.de:1389/ smbldap_open_connection: connection opened fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP server failed for the 1 try! ---snipp--- And so on. So, it is said, there's a connection opened to ldap://486dx66.hrnet.de:1389/ but it isn't as the logs auf openldap show (there's no entry which shows any connection from smbpasswd to LDAP-Server, believe me, i can't show you anything,although loglevel is set to -1, which means that everything would/will be logged) So one could think, there's simple a problem with OpenLDAP, so let's try a similar search : ---snipp--- [PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub '((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))' # extended LDIF # # LDAPv3 # base dc=hrnet,dc=de with scope sub # filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN)) # requesting: ALL # # HRDOMAIN, hrnet.de dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de sambaNextUserRid: 41000 sambaSID: S-1-5-21-2344209003-2394295749-876522236 objectClass: sambaDomain sambaAlgorithmicRidBase: 1000 sambaDomainName: HRDOMAIN # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [PTS2] [EMAIL PROTECTED]:/usr/local/samba3 # ---snipp--- So OpenLDAP works , i can see it in the logs too (too much to show, so you must believe me ;o) Now my question : Does anybody see, where the problem comes from, is there a mistake in my smb.conf or does anyone have hints/solutions ? I tried with ssl=on,ssl=off,ssl = start tls, but this didn't change anything. It must be a samba problem as all tools i tried are working well with Openldap (did mostly try a search to test ..) Here is my smb.conf (only the globals) : ---snipp--- [global] netbios name = 486DX66 workgroup = HRDOMAIN domain logons = Yes domain master = Yes security = User server string = Samba-PDC %v on %h passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/ ldap server = 486dx66.hrnet.de ldap suffix = dc=hrnet,dc=de ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap port = 1389 ldap admin dn = cn=ldapadmin,dc=hrnet,dc=de ldap ssl = off ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=machines encrypt passwords = yes time server = Yes kernel oplocks = no short preserve case = yes wins support = no case sensitive = no max log size = 1000 lock dir = /var/lock/samba log file = /var/log/samba-%m.log load printers = yes logon drive = v: os level = 255 create mask = 0661 logon home = \\%N\%u\.profiles printing = cups printcap = cups ---snipp--- So, i would be very thankfull if someone could give me a hint ... If mor informations/logs/traces are needed tell me, i will
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
It must be a samba problem as all tools i tried are working
well with Openldap (did mostly try a search to test ..)
Here is my smb.conf (only the globals) :
---snipp---
[global]
netbios name = 486DX66
workgroup = HRDOMAIN
domain logons = Yes
domain master = Yes
security = User
server string = Samba-PDC %v on %h
passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = dc=hrnet,dc=de
ldap filter =
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
You cannot compile with --with-ldap and --with-ldapsam both.
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:52:21 :
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which
shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
It must be a samba problem as
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi again,
you say, i cannot compile with --with-ldap and --with-ldapsam.
Can you tell me why ?
Which one should i use, my intention is to
store all the secrets and attributs samba needs
in an openldap-Server ... ?
Greets Harry
[EMAIL PROTECTED] schrieb:
You cannot compile with --with-ldap and --with-ldapsam both.
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:52:21 :
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope = [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which
shows
any connection from smbpasswd to LDAP-Server, believe me, i can't show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x -H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter: ((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
# requesting: ALL
#
# HRDOMAIN, hrnet.de
dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
sambaNextUserRid: 41000
sambaSID: S-1-5-21-2344209003-2394295749-876522236
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: HRDOMAIN
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 #
---snipp---
So OpenLDAP works , i can see it in the logs too
(too much to show, so you must believe me ;o)
Now my question :
Does anybody see, where the problem comes from,
is there a mistake in my smb.conf or does anyone
have hints/solutions ?
I tried with ssl=on,ssl=off,ssl = start tls,
but this didn't change anything.
Re: RE [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 17:06:16 :
Hi again,
you say, i cannot compile with --with-ldap and --with-ldapsam.
Can you tell me why ?
--with-ldap is used for samba-3 schema
--with-ldapsam is used for old samba 2.2 schema.
You can also read this :
http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2531776
Which one should i use, my intention is to
store all the secrets and attributs samba needs
in an openldap-Server ... ?
Ok, I have a samba server with this configuration
Samb with LDAP+ACL
Greets Harry
[EMAIL PROTECTED] schrieb:
You cannot compile with --with-ldap and --with-ldapsam both.
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:52:21 :
Hi,
i compiled with the following little script :
---snipp--
#!/bin/sh
#
# configure make template-script
#
# generated 2005.01.07 13:09,33 by make-mk
#
# (c) H. Rueter 01/2005
#
CPPFLAGS=-I /usr/local/bdb-4.3/include
LDFLAGS=-L /usr/local/bdb-4.3/lib
PATH=/usr/local/heimdal/bin:$PATH
LD_LIBRARY_PATH=/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH
export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
make clean
./configure \
--prefix=/usr/local/samba-3.0.10 \
--mandir=/usr/man \
--enable-static=yes \
--enable-shared=yes \
--enable-cups \
--with-smbwrapper \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/heimdal \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-ldapsam \
--with-syslog \
--with-profiling-data \
--with-quotas \
--with-sys-quotas \
--with-utmp \
--with-manpages-langs={en} \
--with-libsmbclient \
--with-acl-support \
--with-sendfile-support \
--with-winbind \
--with-included-popt \
make make install
---snipp--
So compiled in both options , is this a mistake ?
greets Harry
[EMAIL PROTECTED] schrieb:
Hi,
have compiled with --with-ldap or --with-ldapsam ?
If --with-ldap, you must delete these lines :
ldap server = 486dx66.hrnet.de
ldap port = 1389
---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32
087/342467
[EMAIL PROTECTED] a écrit sur
11/01/2005 16:33:31 :
Hi everybody,
i'm having serious problems with the configuration
of samba 3.0.10.
First my setup :
samba-3.0.10 built from source
openldap-2.2.20 built from source
OS : Suse Linux 7.1 (but updated - Kernel 2.4.27)
My problem :
I'm trying to use smbpasswd like the following :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
---snipp---
Everything seems to be okay,
but the following lines are the important ones ...
---snipp---
ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
Found pdb backend ldapsam
Searching
for:[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
smbldap_search: base = [dc=hrnet,dc=de], filter =
[((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope =
[2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
smbldap_open_connection: connection opened
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!
---snipp---
And so on. So, it is said, there's a connection opened to
ldap://486dx66.hrnet.de:1389/
but it isn't as the logs auf openldap show (there's no entry which
shows
any connection from smbpasswd to LDAP-Server, believe me, i can't
show
you anything,although loglevel is set to -1, which means that
everything would/will be logged)
So one could think, there's simple a problem with OpenLDAP,
so let's try a similar search :
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x
-H
ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
'((objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
# extended LDIF
#
# LDAPv3
# base dc=hrnet,dc=de with scope sub
# filter:
Re: [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi again, i'm very happy someone out there tries to solute my problem ;o) If you mean the pw for ldap admin dn = cn=ldapadmin,dc=hrnet,dc=de yes, i did ... greets Harry William Jojo schrieb: did you set the rootdn password with smbpasswd -w rootdnpw? Bill [deleted] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
Hi ;o)
here are more informations :
Because just testing and not public you get to know all my secrets ;o)
PW is : secret
slapd.conf (partly ..):
---snipp---
databasebdb
suffix dc=hrnet,dc=de
rootdn cn=ldapmanager,dc=hrnet,dc=de
rootpw secret
directory /usr/local/openldap-2.2/var/openldap-data
indexobjectClasseq
indexsambaSIDeq
indexsambaPrimaryGroupSIDeq
indexsambaDomainNameeq
indexuid,uidNumber,gidNumber,memberUid eq
indexcn,mail,surname,givenname eq,subinitial
access to *
by * write
---snipp---
smb.conf (partly, what's of interest) :
---snipp---
# now without passdb backend
#passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = dc=hrnet,dc=de
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap port = 1389
ldap admin dn = cn=ldapmanager,dc=hrnet,dc=de
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
---snipp---
William Jojo schrieb:
I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's
compiled ok, which I believe it is since you are getting errors about not
finding the rootdn password.
Hmmm, well, here's a couple of things:
1) How tight do you have the restrictions on slapd.conf with respect to
accessing certain containers?
See above, no restrictions now ..
2) be certain the rootdn in slapd.conf exactly matches ldap admin dn.
See above ...
3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes are
in place. (i've done that myself :-)
Okay, i did this again after having finished smb.conf ...
4) tdbdump the secrets.tdb to verify that the entry in the database shows
the correct rootdn and password selected.
Seems to be okay
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb {
key = SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de
data = secret\00
}
{
key = SECRETS/SID/HRDOMAIN
data =
\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
}
{
key = SECRETS/SID/486DX66
data =
\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
}
---snipp---
Here's the output i have now ..
---snipp---
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 # bin/smbpasswd -D 10 -c
etc/smb.conf tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
New SMB password:
Retype new SMB password:
smbldap_search: base = [dc=hrnet,dc=de], filter =
[(((uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))],
scope = [2]
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as cn=ldapmanager,dc=hrnet,dc=de
failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error:
Can't contact LDAP server
(unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as cn=ldapmanager,dc=hrnet,dc=de
[ -- cut here -- ]
---snipp---
So what's wrong ?
Is it that i compiled in --with-ldap AND --with-ldapsam =
greets Harry
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with OpenLDAP 2.2.20/Samba 3.0.10 and smbpasswd
On Tue, 11 Jan 2005, [ISO-8859-1] Harry Rüter wrote:
Hi ;o)
here are more informations :
Because just testing and not public you get to know all my secrets ;o)
PW is : secret
slapd.conf (partly ..):
---snipp---
databasebdb
suffix dc=hrnet,dc=de
rootdn cn=ldapmanager,dc=hrnet,dc=de
rootpw secret
directory /usr/local/openldap-2.2/var/openldap-data
indexobjectClasseq
indexsambaSIDeq
indexsambaPrimaryGroupSIDeq
indexsambaDomainNameeq
indexuid,uidNumber,gidNumber,memberUid eq
indexcn,mail,surname,givenname eq,subinitial
access to *
by * write
---snipp---
smb.conf (partly, what's of interest) :
---snipp---
# now without passdb backend
#passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
ldap server = 486dx66.hrnet.de
ldap suffix = dc=hrnet,dc=de
ldap filter = ((uid=%u)(objectclass=sambaSamAccount))
ldap port = 1389
ldap admin dn = cn=ldapmanager,dc=hrnet,dc=de
ldap ssl = off
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
---snipp---
William Jojo schrieb:
I'm using 3.0.10 and 2.2.20 without any problems, so assuming it's
compiled ok, which I believe it is since you are getting errors about not
finding the rootdn password.
Hmmm, well, here's a couple of things:
1) How tight do you have the restrictions on slapd.conf with respect to
accessing certain containers?
See above, no restrictions now ..
2) be certain the rootdn in slapd.conf exactly matches ldap admin dn.
See above ...
3) don't run smbpasswd -w rootdnpw until *after* the smb.conf changes are
in place. (i've done that myself :-)
Okay, i did this again after having finished smb.conf ...
4) tdbdump the secrets.tdb to verify that the entry in the database shows
the correct rootdn and password selected.
Seems to be okay
---snipp---
[PTS2] 486dx66:/usr/local/samba3 # bin/tdbdump private/secrets.tdb {
key = SECRETS/LDAP_BIND_PW/cn=ldapmanager,dc=hrnet,dc=de
data = secret\00
}
{
key = SECRETS/SID/HRDOMAIN
data =
\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
}
{
key = SECRETS/SID/486DX66
data =
\01\04\00\00\00\00\00\05\15\00\00\00L\9B\E6\9F\B1\E1\FF#'\C3\B6G\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00
}
---snipp---
Here's the output i have now ..
---snipp---
[PTS2] [EMAIL PROTECTED]:/usr/local/samba3 # bin/smbpasswd -D 10 -c
etc/smb.conf tina
Netbios name list:-
my_netbios_names[0]=486DX66
Trying to load: ldapsam_compat
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
New SMB password:
New SMB password:
Retype new SMB password:
smbldap_search: base = [dc=hrnet,dc=de], filter =
[(((uid=tina)(objectclass=sambaSamAccount))(objectclass=sambaAccount))],
scope = [2]
this is going to be a problem if the account is not created with both
object classes, but I can't say for sure as I've never even tried it. I'd
pick the newer --with-ldap option and go from there.
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as cn=ldapmanager,dc=hrnet,dc=de
failed to bind to server with dn= cn=ldapmanager,dc=hrnet,dc=de Error:
Can't contact LDAP server
(unknown)
Connection to LDAP server failed for the 1 try!
check for firewall/DNS issues here. everything else looks good.
smbldap_open_connection: ldap://486dx66.hrnet.de:1389
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://486dx66.hrnet.de:1389
as cn=ldapmanager,dc=hrnet,dc=de
[ -- cut here -- ]
---snipp---
So what's wrong ?
Is it that i compiled in --with-ldap AND --with-ldapsam =
there's really no need to use --with-ldapsam unless you need to comply
with 2.x samba.schema
Bill
greets Harry
--
To unsubscribe from this list go to the following URL
