LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-24-2007, 09:01 AM   #1
crock
LQ Newbie
 
Registered: Jan 2007
Posts: 2

Rep: Reputation: 0
OpenLDAP and Windows and permissions


Hello all,

Long time lurker first time poster

I've got a Samba 3 PDC/LDAP domain set up and running a treat with BDC's replicating etc. I unfortunately have a load of XP Home desktops which I obviously cannot join to the domain, the Pro desktops work as expected. I have been trying to work around this by using pGina and the ldapauth plugin. I can get it to authenticate a login fine but I cannot for the life of me get the password change to work. Anyone got any experience with this or seen a doc on this. The docs for the ldapauth plugin are a bit sketchy and don't refer to the password change functions.
I'm seeing in the syslog (Ubuntu 6.06) (I've xxx out the private bits) appearing when I try the password change button

Jan 24 14:56:32 ldap slapd[14210]: conn=73 fd=19 ACCEPT from IP=192.168.1.xxx:1047 (IP=0.0.0.0:389)
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 BIND dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk" method=128
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 BIND dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk" mech=SIMPLE ssf=0
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=0 RESULT tag=97 err=0 text=
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 MOD dn="uid=xxx.xxx,ou=Users,dc=xxx,dc=co,dc=uk"
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 MOD attr=userPassword
Jan 24 14:56:32 ldap slapd[14210]: conn=73 op=1 RESULT tag=103 err=50 text=

Also, as an aside, if I edit the share permissions on a Samba share through Windows, it works, but where does it store the details of this?

Any help appreciated, if I get this whole lot working, I'll post my entire docs on how to get to where I've got to from a clean install, it's been a long road so far.

TIA

Crock
 
Old 01-26-2007, 07:26 PM   #2
xjlittle
Member
 
Registered: Aug 2003
Location: Indiana
Distribution: fc6 sles9 & 10 kubuntu ubuntu-server
Posts: 240
Blog Entries: 2

Rep: Reputation: 30
Quote:
Also, as an aside, if I edit the share permissions on a Samba share through Windows, it works, but where does it store the details of this?
We use the Samba+LDAP pdc at work as well. The permissions are stored in the acls on on the file server where the shares are located.
Code:
jslittl@fp3lb:~> getfacl /share2/speech
getfacl: Removing leading '/' from absolute path names
# file: share2/speech
# owner: aewrigh
# group: speech
user::rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::---

jslittl@fp3lb:~>
You can also set acls at the server:
Code:
jslittl@fp3lb:~> setfacl -m u:jslittl:rwx /share2/speech
setfacl: /share2/speech: Operation not permitted
jslittl@fp3lb:~> su
Password: 
fp3lb:/home/jslittl # setfacl -m u:jslittl:rwx /share2/speech
fp3lb:/home/jslittl # getfacl /share2/speech/
getfacl: Removing leading '/' from absolute path names
# file: share2/speech
# owner: aewrigh
# group: speech
user::rwx
user:jslittl:rwx
group::rwx
group:Domain\040Admins:rwx
mask::rwx
other::---

fp3lb:/home/jslittl #
See man setfacl and getfacl for more info.

The other apps that you are asking about I am not familiar with.
 
Old 01-29-2007, 02:05 AM   #3
crock
LQ Newbie
 
Registered: Jan 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for that, I'll have a play. I'm always a bit concerned when something works, but I don't know how.
 
Old 02-17-2007, 10:02 AM   #4
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
I have a how-to on my website http://www.opensourcehowto.org for setting up samba as a primary domain controller (PDC)

OpenLDAP LAM Samba as PDC
http://www.opensourcehowto.org/how-t...ba-as-pdc.html

and if you feeling a little bit more adventurous later on you could try getting into the policies with samba

Samba Primary Domain Controller with Group Policies
http://www.opensourcehowto.org/how-t...-policies.html
 
Old 09-14-2011, 02:29 PM   #5
dschreck
LQ Newbie
 
Registered: Sep 2011
Location: Connecticut, USA
Posts: 1

Rep: Reputation: Disabled
Did you ever solve this?

I know this is from 4 years ago, but did you ever solve the err=50 issue when trying to change passwords ?

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD mstevensfullarmor Linux - Enterprise 14 02-15-2012 06:05 PM
Permissions in a Windows AD mackthelark Linux - Security 1 07-12-2006 11:00 AM
Can I use OpenLDAP as a directory server for Windows? HGeneAnthony Linux - Software 1 02-21-2005 11:15 AM
permissions for windows partitions hhegab Mandriva 2 01-20-2005 08:13 PM
Windows Permissions msamd Linux - Networking 0 12-02-2003 07:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration