samba root user with Open LDAP

paul_mat · 07-21-2005, 08:11 PM

hi there,

i've setup my samba primary domain controller to work with OpenLDAP + phpmyadmin but at the moment i'm having trouble adding my XP box to my domain i need to use the root user/password, and yet when i try and add my machine it asks for a username and password and then tells me it can not find the domain.

i have added a user called root in phpldapadmin, is that enough to snyc the samba + ldap users?

i have added a machine in phpldapadmin, is that enough to snyc the samba + ldap machines?

have i configured something wrong in my smb.conf file?

[global]

#LDAP

passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au
ldap suffix = dc=school,dc=cathedral,dc=qld,dc=edu,dc=au
ldap machine suffix = ou=Machines
ldap user suffix = ou=Users
ldap group suffix = ou=groups
ldap admin dn = "cn=Directory Manager,dc=school,dc=cathedral,dc=qld,dc=edu,dc=au"
enable privileges = yes

ldap ssl = No
#ldap ssl = Yes
#ldap ssl = start tls

#smbpasswd -x delete the entire dn-entry
ldap delete dn = no

#LDAP TOOLS

#add group script = /usr/local/smbldap-tools/smbldap-groupadd "%g" && /usr/bin/net groupmap add ntgroup="%g" unixgroup="%g"
#delete group script = /usr/local/smbldap-tools/smbldap-groupdel %g
#add user to group script = /usr/local/smbldap-tools/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/local/smbldap-tools/smbldap-groupmod -x %u %g
#add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u"
#set primary group script = /usr/local/smbldap-tools/smbldap-usermod -g gid %u
#add user script = /usr/local/smbldap-tools/smbldap-useradd -a %u
#delete user script = /usr/local/smbldap-tools/smbldap-userdel %u

workgroup = fedora
netbios name = fedora
comment = Linux RedHat Samba Server
security = user
null passwords = Yes
encrypt passwords = yes

logon drive = U:
logon path = \\%N\profiles\%g

domain master = yes
domain logons = yes
preferred master = yes
os level = 255

# we have other wins server (samba, of course)
#wins support = yes
wins support = no
wins proxy = no
wins server = 159.237.12.25

log file = /usr/local/etc2/samba_2_2/logs
public = No
browseable = No
writable = No

; necessary share for domain controller
[netlogon]
path = /usr/local/etc2/samba_2_2/netlogon
locking = no
read only = yes
write list = ntadmin

; share for storing user profiles
[profiles]
path = /usr/local/etc2/samba2_2/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700

and i have exported my LDIF file if there is a problem in there can someone tell me

version: 1

# LDIF Export for: dc=***,dc=***,dc=***,dc=***,dc=***
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on July 22, 2005 11:00 am
# Server: OpenLDAP on Fedora Core 4 (fedora.***.cathedral.qld.edu.au)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 16

# Entry 1: dc=***,dc=***,dc=***,dc=***,dc=***
dn: dc=***,dc=***,dc=***,dc=***,dc=***
objectClass: dcObject
objectClass: organization
o: The Fedora Test
dc: ***

# Entry 2: ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Machines
objectClass: top
objectClass: organizationalUnit

# Entry 3: ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Users
objectClass: top
objectClass: organizationalUnit

# Entry 4: ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: admins
objectClass: top
objectClass: organizationalUnit

# Entry 5: ou=Staff,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Staff,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Staff
objectClass: top
objectClass: organizationalUnit

# Entry 6: ou=students,ou=Users,dc=***,dc=***,dc=***,dc=***...
dn: ou=students,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: students
objectClass: top
objectClass: organizationalUnit

# Entry 7: sambaDomainName=FEDORA,dc=***,dc=cathedral,dc=qld,dc=edu,dc...
dn: sambaDomainName=FEDORA,dc=***,dc=***,dc=***,dc=***,dc=***
sambaDomainName: FEDORA
sambaSID: S-1-5-21-1675496788-2563150897-1245547224
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain

# Entry 8: ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Groups
objectClass: top
objectClass: organizationalUnit

# Entry 9: ou=Local,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Local,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Local
objectClass: top
objectClass: organizationalUnit

# Entry 10: uid=pmatthews,ou=Local,ou=Users,dc=***,dc=cathedral,dc=qld...
dn: uid=pmatthews,ou=Local,ou=Users,dc=***,dc=cathedral,dc=qld,dc=edu,dc=
au
uid: pmatthews
givenName: Paul
sn: Matthews
cn: Paul Matthews
userPassword: *password*
loginShell: /bin/bash
uidNumber: 503
gidNumber: 503
homeDirectory: /home/pmatthews
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson

# Entry 11: ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,...
dn: ou=SambaUsers,ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
ou: SambaUsers
objectClass: top
objectClass: organizationalUnit

# Entry 12: cn=Admins,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=q...
dn: cn=Admins,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,d
c=au
cn: Admins
gidNumber: 2000
displayName: Admins
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 13: cn=Staff,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=ql...
dn: cn=Staff,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,dc
=au
cn: Staff
gidNumber: 2001
displayName: Staff
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 14: cn=Students,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc...
dn: cn=Students,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu
,dc=au
cn: Students
gidNumber: 2002
displayName: Students
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 15: uid=pma$,ou=Machines,dc=***,dc=cathedral,dc=qld,dc=edu,dc=...
dn: uid=pma$,ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
gidNumber: 30000
uidNumber: 501
uid: pma$
cn: pma
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: account

# Entry 16: uid=root,ou=admins,ou=Users,dc=***,dc=cathedral,dc=qld,dc=...
dn: uid=root,ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
cn: Root
displayName: Root Administrator
gecos: Root Administrator
gidNumber: 2000
homeDirectory: /home/root
loginShell: /bin/bash
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [U ]
sambaPrimaryGroupSID: S-1-5-32-544
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-1675496788-2563150897-1245547224-1002
shadowLastChange: 11778
uid: root
uidNumber: 1
userPassword: *password*
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdCanChange: 1121993471
sambaLMPassword: E52CAC67419A9A224A3B108F3FA6CB6D
sambaNTPassword: 8846F7EAEE8FB117AD06BDD830B7586C
sambaPwdLastSet: 1121993471

mpeg4codec · 07-23-2005, 01:44 AM

Have you run smbpasswd -w secret to store the LDAP admin's password?

paul_mat · 07-24-2005, 05:44 PM

yes i have done the smbpasswd -w password

mpeg4codec · 07-25-2005, 12:31 AM

Try to do it again, and this time see if anything turns up in your system logs. For Debian, things tend to turn up in /var/log/debug. It may be different for you. Run this command:

find /var/log -type f -print0 | xargs -0 grep -l slapd

and the output will be the list of files that contain the string slapd. Post any relevant lines from when you try to add the machine to the domain again.

paul_mat · 07-25-2005, 12:44 AM

[root@fedora samba]# find /var/log -type f -print0 | xargs -0 grep -l slapd
/var/log/prelink.log
/var/log/anaconda.syslog
[root@fedora samba]#

thats what i got when i tryed what you wanted me to do, it didn't seam relevent to me tell me if i'm wrong,

i started a new samba log file and this is what came out when i restarted my samba service, i guess there is a problem with my LDAP configuration, can you tell me what it is? cause i'm stumped

[2005/07/25 15:41:10, 0] lib/smbldap.c:smbldap_connect_system(852)
failed to bind to server ldap://127.0.0.1/ with dn="uid=root,dc=school,dc=cathedral,dc=qld,dc=edu,dc=au" Error: Invalid credentials

[2005/07/25 15:41:10, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:11, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:12, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:13, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:14, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:15, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:16, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:17, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:18, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:19, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:20, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:21, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:22, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:23, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:24, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:25, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
[2005/07/25 15:41:25, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:26, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:27, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:28, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:29, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:30, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:31, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:32, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:33, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:34, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:35, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:36, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:37, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:38, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:39, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:40, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
[2005/07/25 15:41:40, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:41, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:42, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:43, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:44, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:45, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:46, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:47, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:48, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:49, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:50, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:51, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:52, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:53, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:54, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:55, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out)

mpeg4codec · 07-26-2005, 12:05 AM

Ah, in that case, Samba cannot connect to the LDAP server whatsoever, try changing this line in your configuration file:

passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au

to these two lines:

passdb backend = ldapsam
ldap server = ldap://fedora.school.cathedral.qld.edu.au

Also, make sure you can connect to the LDAP server with a different client on the same machine that the Samba server is residing. Try running this command:

ldapsearch -x -b 'dc=school,dc=cathedral,dc=qld,dc=edu,dc=au' -H ldap://fedora.school.cathedral.qld.edu.au

If you get connection errors on that, copy and paste them here.

mr_ekkasit · 01-16-2007, 08:08 PM

Change the ...
passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au
to...
passdb backend = ldapsam:"ldap://fedora.school.cathedral.qld.edu.au"