LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-21-2005, 08:11 PM   #1
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
samba root user with Open LDAP


hi there,

i've setup my samba primary domain controller to work with OpenLDAP + phpmyadmin but at the moment i'm having trouble adding my XP box to my domain i need to use the root user/password, and yet when i try and add my machine it asks for a username and password and then tells me it can not find the domain.

i have added a user called root in phpldapadmin, is that enough to snyc the samba + ldap users?

i have added a machine in phpldapadmin, is that enough to snyc the samba + ldap machines?

have i configured something wrong in my smb.conf file?




[global]

#LDAP

passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au
ldap suffix = dc=school,dc=cathedral,dc=qld,dc=edu,dc=au
ldap machine suffix = ou=Machines
ldap user suffix = ou=Users
ldap group suffix = ou=groups
ldap admin dn = "cn=Directory Manager,dc=school,dc=cathedral,dc=qld,dc=edu,dc=au"
enable privileges = yes

ldap ssl = No
#ldap ssl = Yes
#ldap ssl = start tls

#smbpasswd -x delete the entire dn-entry
ldap delete dn = no



#LDAP TOOLS

#add group script = /usr/local/smbldap-tools/smbldap-groupadd "%g" && /usr/bin/net groupmap add ntgroup="%g" unixgroup="%g"
#delete group script = /usr/local/smbldap-tools/smbldap-groupdel %g
#add user to group script = /usr/local/smbldap-tools/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/local/smbldap-tools/smbldap-groupmod -x %u %g
#add machine script = /usr/local/smbldap-tools/smbldap-useradd -w "%u"
#set primary group script = /usr/local/smbldap-tools/smbldap-usermod -g gid %u
#add user script = /usr/local/smbldap-tools/smbldap-useradd -a %u
#delete user script = /usr/local/smbldap-tools/smbldap-userdel %u






workgroup = fedora
netbios name = fedora
comment = Linux RedHat Samba Server
security = user
null passwords = Yes
encrypt passwords = yes

logon drive = U:
logon path = \\%N\profiles\%g

domain master = yes
domain logons = yes
preferred master = yes
os level = 255

# we have other wins server (samba, of course)
#wins support = yes
wins support = no
wins proxy = no
wins server = 159.237.12.25

log file = /usr/local/etc2/samba_2_2/logs
public = No
browseable = No
writable = No

; necessary share for domain controller
[netlogon]
path = /usr/local/etc2/samba_2_2/netlogon
locking = no
read only = yes
write list = ntadmin

; share for storing user profiles
[profiles]
path = /usr/local/etc2/samba2_2/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700


and i have exported my LDIF file if there is a problem in there can someone tell me

version: 1

# LDIF Export for: dc=***,dc=***,dc=***,dc=***,dc=***
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on July 22, 2005 11:00 am
# Server: OpenLDAP on Fedora Core 4 (fedora.***.cathedral.qld.edu.au)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 16

# Entry 1: dc=***,dc=***,dc=***,dc=***,dc=***
dn: dc=***,dc=***,dc=***,dc=***,dc=***
objectClass: dcObject
objectClass: organization
o: The Fedora Test
dc: ***

# Entry 2: ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Machines
objectClass: top
objectClass: organizationalUnit

# Entry 3: ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Users
objectClass: top
objectClass: organizationalUnit

# Entry 4: ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: admins
objectClass: top
objectClass: organizationalUnit

# Entry 5: ou=Staff,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Staff,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Staff
objectClass: top
objectClass: organizationalUnit

# Entry 6: ou=students,ou=Users,dc=***,dc=***,dc=***,dc=***...
dn: ou=students,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: students
objectClass: top
objectClass: organizationalUnit

# Entry 7: sambaDomainName=FEDORA,dc=***,dc=cathedral,dc=qld,dc=edu,dc...
dn: sambaDomainName=FEDORA,dc=***,dc=***,dc=***,dc=***,dc=***
sambaDomainName: FEDORA
sambaSID: S-1-5-21-1675496788-2563150897-1245547224
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain

# Entry 8: ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Groups
objectClass: top
objectClass: organizationalUnit

# Entry 9: ou=Local,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
dn: ou=Local,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
ou: Local
objectClass: top
objectClass: organizationalUnit

# Entry 10: uid=pmatthews,ou=Local,ou=Users,dc=***,dc=cathedral,dc=qld...
dn: uid=pmatthews,ou=Local,ou=Users,dc=***,dc=cathedral,dc=qld,dc=edu,dc=
au
uid: pmatthews
givenName: Paul
sn: Matthews
cn: Paul Matthews
userPassword: *password*
loginShell: /bin/bash
uidNumber: 503
gidNumber: 503
homeDirectory: /home/pmatthews
shadowMin: -1
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson

# Entry 11: ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,...
dn: ou=SambaUsers,ou=Groups,dc=***,dc=***,dc=***,dc=***,dc=***
ou: SambaUsers
objectClass: top
objectClass: organizationalUnit

# Entry 12: cn=Admins,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=q...
dn: cn=Admins,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,d
c=au
cn: Admins
gidNumber: 2000
displayName: Admins
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 13: cn=Staff,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=ql...
dn: cn=Staff,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu,dc
=au
cn: Staff
gidNumber: 2001
displayName: Staff
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 14: cn=Students,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc...
dn: cn=Students,ou=SambaUsers,ou=Groups,dc=***,dc=cathedral,dc=qld,dc=edu
,dc=au
cn: Students
gidNumber: 2002
displayName: Students
sambaSID: S-1-5-32-544
sambaGroupType: 2
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping

# Entry 15: uid=pma$,ou=Machines,dc=***,dc=cathedral,dc=qld,dc=edu,dc=...
dn: uid=pma$,ou=Machines,dc=***,dc=***,dc=***,dc=***,dc=***
gidNumber: 30000
uidNumber: 501
uid: pma$
cn: pma
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: account

# Entry 16: uid=root,ou=admins,ou=Users,dc=***,dc=cathedral,dc=qld,dc=...
dn: uid=root,ou=admins,ou=Users,dc=***,dc=***,dc=***,dc=***,dc=***
cn: Root
displayName: Root Administrator
gecos: Root Administrator
gidNumber: 2000
homeDirectory: /home/root
loginShell: /bin/bash
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaAcctFlags: [U ]
sambaPrimaryGroupSID: S-1-5-32-544
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-1675496788-2563150897-1245547224-1002
shadowLastChange: 11778
uid: root
uidNumber: 1
userPassword: *password*
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdCanChange: 1121993471
sambaLMPassword: E52CAC67419A9A224A3B108F3FA6CB6D
sambaNTPassword: 8846F7EAEE8FB117AD06BDD830B7586C
sambaPwdLastSet: 1121993471
 
Old 07-23-2005, 01:44 AM   #2
mpeg4codec
Member
 
Registered: Jul 2005
Distribution: Debian, Gentoo, self-built [not LFS]
Posts: 109

Rep: Reputation: 15
Have you run smbpasswd -w secret to store the LDAP admin's password?
 
Old 07-24-2005, 05:44 PM   #3
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Original Poster
Rep: Reputation: 30
yes i have done the smbpasswd -w password
 
Old 07-25-2005, 12:31 AM   #4
mpeg4codec
Member
 
Registered: Jul 2005
Distribution: Debian, Gentoo, self-built [not LFS]
Posts: 109

Rep: Reputation: 15
Try to do it again, and this time see if anything turns up in your system logs. For Debian, things tend to turn up in /var/log/debug. It may be different for you. Run this command:

find /var/log -type f -print0 | xargs -0 grep -l slapd

and the output will be the list of files that contain the string slapd. Post any relevant lines from when you try to add the machine to the domain again.
 
Old 07-25-2005, 12:44 AM   #5
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Original Poster
Rep: Reputation: 30
[root@fedora samba]# find /var/log -type f -print0 | xargs -0 grep -l slapd
/var/log/prelink.log
/var/log/anaconda.syslog
[root@fedora samba]#

thats what i got when i tryed what you wanted me to do, it didn't seam relevent to me tell me if i'm wrong,

i started a new samba log file and this is what came out when i restarted my samba service, i guess there is a problem with my LDAP configuration, can you tell me what it is? cause i'm stumped


[2005/07/25 15:41:10, 0] lib/smbldap.c:smbldap_connect_system(852)
failed to bind to server ldap://127.0.0.1/ with dn="uid=root,dc=school,dc=cathedral,dc=qld,dc=edu,dc=au" Error: Invalid credentials

[2005/07/25 15:41:10, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:11, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:12, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:13, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:14, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:15, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:16, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:17, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:18, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:19, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:20, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:21, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:22, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:23, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:24, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:25, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
[2005/07/25 15:41:25, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:26, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:27, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:28, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:29, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:30, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:31, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:32, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:33, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:34, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:35, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:36, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:37, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:38, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:39, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:40, 0] lib/smbldap.c:smbldap_search_suffix(1176)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
[2005/07/25 15:41:40, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 1 try!
[2005/07/25 15:41:41, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 2 try!
[2005/07/25 15:41:42, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 3 try!
[2005/07/25 15:41:43, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 4 try!
[2005/07/25 15:41:44, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 5 try!
[2005/07/25 15:41:45, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 6 try!
[2005/07/25 15:41:46, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 7 try!
[2005/07/25 15:41:47, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 8 try!
[2005/07/25 15:41:48, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 9 try!
[2005/07/25 15:41:49, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 10 try!
[2005/07/25 15:41:50, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 11 try!
[2005/07/25 15:41:51, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 12 try!
[2005/07/25 15:41:52, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 13 try!
[2005/07/25 15:41:53, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 14 try!
[2005/07/25 15:41:54, 1] lib/smbldap.c:another_ldap_try(1011)
Connection to LDAP server failed for the 15 try!
[2005/07/25 15:41:55, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Timed out)
 
Old 07-26-2005, 12:05 AM   #6
mpeg4codec
Member
 
Registered: Jul 2005
Distribution: Debian, Gentoo, self-built [not LFS]
Posts: 109

Rep: Reputation: 15
Ah, in that case, Samba cannot connect to the LDAP server whatsoever, try changing this line in your configuration file:

passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au

to these two lines:

passdb backend = ldapsam
ldap server = ldap://fedora.school.cathedral.qld.edu.au

Also, make sure you can connect to the LDAP server with a different client on the same machine that the Samba server is residing. Try running this command:

ldapsearch -x -b 'dc=school,dc=cathedral,dc=qld,dc=edu,dc=au' -H ldap://fedora.school.cathedral.qld.edu.au

If you get connection errors on that, copy and paste them here.
 
Old 01-16-2007, 08:08 PM   #7
mr_ekkasit
LQ Newbie
 
Registered: Oct 2006
Posts: 1

Rep: Reputation: 0
Change the ...
passdb backend = ldapsam:ldap://fedora.school.cathedral.qld.edu.au
to...
passdb backend = ldapsam:"ldap://fedora.school.cathedral.qld.edu.au"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba PDC , LDAP user authentication , what about Machines ? Jingle Linux - Enterprise 0 07-22-2005 09:00 AM
I can open XWin applications as root user PinRojas Debian 3 06-18-2005 08:30 PM
Root can't open display, but normal user can? sw67 Slackware 6 06-05-2005 11:48 PM
Apps wont open as user but will as root slewis1972 Linux - Software 1 10-25-2003 12:07 PM
root user can't open display chr15t0 Linux - General 7 01-28-2003 07:34 AM


All times are GMT -5. The time now is 09:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration