LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-11-2009, 10:49 AM   #1
touzeaud
LQ Newbie
 
Registered: Nov 2007
Location: Paris, France
Distribution: Ubuntu 8.10
Posts: 7

Rep: Reputation: 0
samba4: LDAP memberOf: attribute type undefined


Dear

i'm trying to run samba4 on a Debian lenny with LDAP backend

when execute
slapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295

the slapd server crash with this output :

<<< dnPrettyNormal: <cn=samba-admin,cn=samba>, <cn=samba-admin,cn=samba>
line 57 (refint_attributes nonSecurityMemberBL nonSecurityMember
msDS-NonMembersBL msDS-NonMembers directReports manager
bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL
msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink
msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL
queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy
serverReferenceBL serverReference memberOf member)
/etc/samba/ldap/slapd.conf: line 57: refint_attributes <memberOf>:
attribute type undefined

lt-slapd destroy: freeing system resources.
slapd stopped.


Did someone have encounter the same problem?
best regards.
 
Old 04-11-2009, 12:20 PM   #2
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Can you post your slapd.conf file?
 
Old 04-11-2009, 12:47 PM   #3
touzeaud
LQ Newbie
 
Registered: Nov 2007
Location: Paris, France
Distribution: Ubuntu 8.10
Posts: 7

Original Poster
Rep: Reputation: 0
here it is "slpad.txt"
Attached Files
File Type: txt slapd.txt (6.8 KB, 5 views)
 
Old 04-11-2009, 08:25 PM   #4
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Can you post it in [CODE] brackets? Just when I open that file it doesn't wrap correctly.
 
Old 04-11-2009, 08:30 PM   #5
touzeaud
LQ Newbie
 
Registered: Nov 2007
Location: Paris, France
Distribution: Ubuntu 8.10
Posts: 7

Original Poster
Rep: Reputation: 0
Code:
loglevel 0

### needed for initial content load ###
sizelimit unlimited

### Multimaster-ServerIDs and URLs ###



include /etc/samba/ldap/backend-schema.schema

pidfile		/etc/samba/ldap/slapd.pid
argsfile	/etc/samba/ldap/slapd.args
sasl-realm lenny.company.fr

#authz-regexp
#          uid=([^,]*),cn=lenny.company.fr,cn=digest-md5,cn=auth
#          ldap:///DC=lenny,DC=company,DC=fr??sub?(samAccountName=\$1)

#authz-regexp
#          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
#          ldap:///DC=lenny,DC=company,DC=fr??sub?(samAccountName=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

authz-regexp
          uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
          ldap:///cn=samba??one?(cn=\$1)

access to dn.base="" 
       by dn=cn=samba-admin,cn=samba manage
       by anonymous read
       by * read

access to dn.subtree="cn=samba"
       by anonymous auth

access to dn.subtree="DC=lenny,DC=company,DC=fr"
       by dn=cn=samba-admin,cn=samba manage
       by dn=cn=manager manage
       by * none

password-hash   {CLEARTEXT}

include /etc/samba/ldap/modules.conf

defaultsearchbase DC=lenny,DC=company,DC=fr

rootdn cn=Manager

overlay deref

overlay refint
refint_modifiersName cn=samba-admin,cn=samba
refint_attributes  nonSecurityMemberBL nonSecurityMember msDS-NonMembersBL msDS-NonMembers directReports manager bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy serverReferenceBL serverReference memberOf member


# Generated from schema in /etc/samba/ldap/schema-tmp.ldb
overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad nonSecurityMember
memberof-memberof-ad nonSecurityMemberBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-NonMembers
memberof-memberof-ad msDS-NonMembersBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad manager
memberof-memberof-ad directReports
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad bridgeheadTransportList
memberof-memberof-ad bridgeheadServerListBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-ObjectReference
memberof-memberof-ad msDS-ObjectReferenceBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msCOM-UserPartitionSetLink
memberof-memberof-ad msCOM-UserLink
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad msDS-hasMasterNCs
memberof-memberof-ad msDs-masteredBy
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad siteObject
memberof-memberof-ad siteObjectBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad queryPolicyObject
memberof-memberof-ad queryPolicyBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad hasMasterNCs
memberof-memberof-ad masteredBy
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad managedBy
memberof-memberof-ad managedObjects
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad serverReference
memberof-memberof-ad serverReferenceBL
memberof-dangling-error 32

overlay memberof
memberof-dn cn=samba-admin,cn=samba
memberof-dangling error
memberof-refint TRUE
memberof-group-oc top
memberof-member-ad member
memberof-memberof-ad memberOf
memberof-dangling-error 32



database	ldif
suffix		cn=Samba
directory       /etc/samba/ldap/db/samba
rootdn          cn=Manager,cn=Samba

########################################
## olc - configuration ###





########################################
### cn=schema ###
database        hdb
suffix		CN=Schema,CN=Configuration,DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,CN=Schema,CN=Configuration,DC=lenny,DC=company,DC=fr
directory	/etc/samba/ldap/db/schema
index           objectClass eq
index           samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10


### Multimaster-Replication of cn=schema Subcontext ###



#########################################
### cn=config ###
database        hdb
suffix		CN=Configuration,DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,CN=Configuration,DC=lenny,DC=company,DC=fr
directory	/etc/samba/ldap/db/config
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

### Multimaster-Replication of cn=config Subcontext ###



########################################
### cn=users /base-dn  ###
database        hdb
suffix		DC=lenny,DC=company,DC=fr
rootdn          cn=Manager,DC=lenny,DC=company,DC=fr
directory	/etc/samba/ldap/db/user
index           objectClass eq
index           samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq

#syncprov is stable in OpenLDAP 2.3, and available in 2.2.  
#We need this for the contextCSN attribute and mmr.
overlay syncprov
syncprov-sessionlog 100
syncprov-checkpoint 100 10

### Multimaster-Replication of cn=user/base-dn context ###
 
Old 04-11-2009, 11:02 PM   #6
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Ok, so your error is occurring in this line:

Quote:
refint_attributes nonSecurityMemberBL nonSecurityMember msDS-NonMembersBL msDS-NonMembers directReports manager bridgeheadServerListBL bridgeheadTransportList msDS-ObjectReferenceBL msDS-ObjectReference msCOM-UserLink msCOM-UserPartitionSetLink msDs-masteredBy msDS-hasMasterNCs siteObjectBL siteObject queryPolicyBL queryPolicyObject masteredBy hasMasterNCs managedObjects managedBy serverReferenceBL serverReference memberOf member
And the error you are getting is
Quote:
lt-slapd destroy: freeing system resources.
slapd stopped.
right?

Well, the first thing I would look at is the output from
Code:
top
in a separate console as you execute the
Code:
slapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295
command. Next thing I would look at is the syntax of that
command.
 
Old 04-11-2009, 11:06 PM   #7
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Oh yes, and will you check that the slapd daemon is actually running before you run the command?
 
Old 04-12-2009, 07:15 AM   #8
touzeaud
LQ Newbie
 
Registered: Nov 2007
Location: Paris, France
Distribution: Ubuntu 8.10
Posts: 7

Original Poster
Rep: Reputation: 0
sure, there are no conflicts between the standard slpad server and the samba slapi server because they using different parameters

The standard slapd use /var/lib/ldap and 389 port
The samba use /etc/samba/ldap/db and slapi unix socket.

I think perhaps there is a openldap schema error but i don't know.

Currently the samba mailing list is very silent about this problem.

Here it my procedure to install Samba4, perhaps missing something

--------------------------------------------------
Install these packages in order to complete the sources:
Code:
apt-get install libgnutls-dev libwrap0-dev unixodbc-dev libsasl2-dev libslp-dev libperl-dev
*Compiling LDAP server

cd /root
wget ftp://ftp.openldap.org/pub/OpenLDAP/...dap-2.4.16.tgz
Code:
tar -xf openldap-2.4.16.tgz
./configure --prefix=/usr --libexecdir='${prefix}/lib' --sysconfdir=/etc --localstatedir=/var --mandir='${prefix}/share/man' --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd --enable-spasswd --enable-modules --enable-deref=mod --enable-refint=yes --enable-rewrite --enable-rlookups --enable-slapi --enable-slp --enable-wrappers --enable-backends=mod --disable-ndb --enable-overlays=yes --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls=gnutls --with-odbc=unixodbc --enable-hdb=yes
make && make install
check the presence of the module : /usr/lib/ldap/refint.la
check the presence of the module : /usr/lib/ldap/deref.la


Prepare the computer :
The computer netbios name must be compliance : lenny.company.tld
Has "lenny" is your computer netbios name and company.tld is your main domain

Install additional packages in order to compile:
Code:
apt-get install autoconf python-dev

wget http://us5.samba.org/samba/ftp/samba4/samba-4.0.0alpha7.tar.gz
tar -xf samba-4.0.0alpha7.tar.gz -C /root
cd /root/samba-4.0.0alpha7/source4
./autogen.sh
./configure --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --enable-fhs --enable-automatic-dependencies
make 
make install
modify /etc/samba/smb.conf with
Code:
[global]
realm = LENNY.COMPANY.TLD
WORKGROUP=company.tld
Don't forget the uppercase on realm attribute.

Execute
Code:
/root/samba-4.0.0alpha7/source4/setup/provision-backend --realm=lenny.company.tld --ldap-admin-pass=secret --ldap-backend-type=openldap --server-role='domain controller' --domain=COMPANY.TLD
i'm stopped at this point by running
lapd -f /etc/samba/ldap/slapd.conf -h ldapi://%2Fetc%2Fsamba%2Fldap%2Fldapi -d4294967295

Last edited by touzeaud; 04-12-2009 at 07:18 AM.
 
Old 04-13-2009, 01:13 PM   #9
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Well, I think the problem you are having may be related to trying to get your own ldap server running in samba. Would you try installing samba4 using your package manager?

This is a link for the experimental packages list for debian: http://packages.debian.org/experimen...ommon/download

This is a link to a Debian HOWTO:
http://wiki.samba.org/index.php/Samba4/HOWTO

Last edited by irishbitte; 04-13-2009 at 01:14 PM.
 
Old 04-13-2009, 04:36 PM   #10
touzeaud
LQ Newbie
 
Registered: Nov 2007
Location: Paris, France
Distribution: Ubuntu 8.10
Posts: 7

Original Poster
Rep: Reputation: 0
Sure but the installation procedure has been followed and the debian package did not provide the latest version.
The problem that i didn't know where i missed something
 
Old 04-13-2009, 07:03 PM   #11
irishbitte
Senior Member
 
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 82
Ok, you're beyond my expertise so. Samba4 is a complex beast, going on what you've said in previous posts:
Quote:
sure, there are no conflicts between the standard slpad server and the samba slapi server because they using different parameters
I'm guessing you're trying this on a production machine. Can you install a fresh version of lenny in a virtual machine, and try testing Samba4 on there?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP attribute aravind1024004 Linux - Server 1 04-12-2008 01:29 PM
Warning ___ specifies undefined mime type/service type mbvpixies78 Linux - Software 0 12-29-2007 10:25 PM
OpenLDAP error ldapadd: Undefined attribute type (17) gergaholic Linux - Server 2 11-11-2007 03:03 AM
how to define manager or reporting to attribute in qmail-ldap Sanvi Bansal Linux - Server 1 02-09-2007 02:56 AM
freeRADIUS1.0.1-1 Auth against openLDAP2.0.27-17 ignores LDAP pswd Expire attribute tmolise Linux - Networking 0 09-06-2006 10:31 AM


All times are GMT -5. The time now is 10:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration