LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   OpenLDAP and Windows and permissions (https://www.linuxquestions.org/questions/linux-networking-3/openldap-and-windows-and-permissions-522361/)

crock 01-24-2007 09:01 AM
OpenLDAP and Windows and permissions
 
Hello all,

Long time lurker first time poster :)

I've got a Samba 3 PDC/LDAP domain set up and running a treat with BDC's replicating etc. I unfortunately have a load of XP Home desktops which I obviously cannot join to the domain, the Pro desktops work as expected. I have been trying to work around this by using pGina and the ldapauth plugin. I can get it to authenticate a login fine but I cannot for the life of me get the password change to work. Anyone got any experience with this or seen a doc on this. The docs for the ldapauth plugin are a bit sketchy and don't refer to the password change functions.
I'm seeing in the syslog (Ubuntu 6.06) (I've xxx out the private bits) appearing when I try the password change button

Jan 24 14:56:32 ldap slapd[14210]: conn=73 fd=19 ACCEPT from IP=192.168.1.xxx:1047 (IP=0.0.0.0:389)
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 BIND dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk" method=128
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 BIND dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk" mech=SIMPLE ssf=0
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 RESULT tag=97 err=0 text=
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 MOD dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk"
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 MOD attr=userPassword
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 RESULT tag=103 err=50 text=

Also, as an aside, if I edit the share permissions on a Samba share through Windows, it works, but where does it store the details of this?

Any help appreciated, if I get this whole lot working, I'll post my entire docs on how to get to where I've got to from a clean install, it's been a long road so far.

TIA

Crock

xjlittle 01-26-2007 07:26 PM
Quote:
Also, as an aside, if I edit the share permissions on a Samba share through Windows, it works, but where does it store the details of this?
We use the Samba+LDAP pdc at work as well. The permissions are stored in the acls on on the file server where the shares are located.
Code:
jslittl@fp3lb:~> getfacl /share2/speech
getfacl: Removing leading '/' from absolute path names
# file: share2/speech
# owner: aewrigh
# group: speech
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::---

jslittl@fp3lb:~>
You can also set acls at the server:
Code:
jslittl@fp3lb:~> setfacl -m u:jslittl:rwx /share2/speech
setfacl: /share2/speech: Operation not permitted
jslittl@fp3lb:~> su
Password:
fp3lb:/home/jslittl # setfacl -m u:jslittl:rwx /share2/speech
fp3lb:/home/jslittl # getfacl /share2/speech/
getfacl: Removing leading '/' from absolute path names
# file: share2/speech
# owner: aewrigh
# group: speech
user::rwx
user:jslittl:rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::---

fp3lb:/home/jslittl #
See man setfacl and getfacl for more info.

The other apps that you are asking about I am not familiar with.

crock 01-29-2007 02:05 AM
Thanks for that, I'll have a play. I'm always a bit concerned when something works, but I don't know how.

paul_mat 02-17-2007 10:02 AM
I have a how-to on my website http://www.opensourcehowto.org for setting up samba as a primary domain controller (PDC)

OpenLDAP LAM Samba as PDC
http://www.opensourcehowto.org/how-t...ba-as-pdc.html

and if you feeling a little bit more adventurous later on you could try getting into the policies with samba

Samba Primary Domain Controller with Group Policies
http://www.opensourcehowto.org/how-t...-policies.html

dschreck 09-14-2011 02:29 PM
Did you ever solve this?
 
I know this is from 4 years ago, but did you ever solve the err=50 issue when trying to change passwords ?

Thanks.


All times are GMT -5. The time now is 02:58 AM.