OpenLDAP and Samba IDMAP
Hello - I have samba configured as follows...
##START /etc/samba/smb.conf## [global] workgroup = cottsaynet # realm = cottsaynet server string = cottsaynetsmb netbios name = cottsaynetsmb wins support = yes os level = 33 preferred master = yes domain master = yes local master = yes domain logons = yes guest account = nobody guest ok = yes time server = yes hide dot files = yes security = user encrypt passwords = yes log level = 2 log file = /var/log/samba/main.log max log size = 2048 debug timestamp = yes syslog = 1 logon script = %u.bat # logon path = \\cottsaynetnasa\profiles\%u logon path = logon drive = U: logon home = \\cottsaynetnasa\%u add machine script = /usr/sbin/useradd -d /dev/null -g 502 -s /bin/false -M %m$ add user script = /usr/sbin/useradd -M -g 501 %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u smb passwd file = /etc/samba/smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* winbind nested groups = no winbind use default domain = yes passdb backend = smbpasswd # ldap admin dn = cn=Manager,dc=cottsay,dc=net # ldap idmap suffix = ou=idmap # ldap suffix = dc=cottsay,dc=net # idmap backend = ldap:ldap://cottsaynetsmb.cottsay.net idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 idmap backend = idmap_rid:COTTSAYNET=16777216-33554431 ##END /etc/samba/smb.conf## ...on my Fedora Core 6 server (all packages up to date) and this is the LDAP... ##START /etc/openldap/slapd.conf## include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/openldap/cacerts/server.pem TLSCertificateFile /etc/openldap/cacerts/server.pem TLSCertificateKeyFile /etc/openldap/cacerts/server.pem access to * by self write by users read by anonymous auth ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=cottsay,dc=net" rootdn "cn=Manager,dc=cottsay,dc=net" rootpw {SSHA}xxxxx directory /var/lib/ldap index objectClass eq index uidNumber eq index gidNumber eq index cn eq index sambaSID eq ##END /etc/openldap/slapd.conf## Whenever I try an LDAP command such as: ldapadd -x -D "cn=Manager,dc=cottsay,dc=net" -W it just sits there on a new line without a prompt...what am I doing wrong? Thanks, Scott K Logan CottsayNet logans@cottsay.net |
Nevermind...gave up on LDAP...just using the RID stuff now.
|
Cannot make Samba + ldap talk
Hi, having similar problems. Seems like this setup is not done by many people that's why the replies on the forum are so few; actually I got none on my former post. Not complaining though because these configuration files are just so many.
If you ever got a solution, kindly tell me about it because now Im very stuck on a project. Cannot add computers nor read user information from ldap through Samba Samba logs say there is no connection but I can telnet to my ldap server on localhost:389 smbd.log [2008/07/31 15:06:09, 0] smbd/server.c:main(948) smbd version 3.0.28-1.el5_2.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2008/07/31 15:13:24, 0] smbd/server.c:main(948) smbd version 3.0.28-1.el5_2.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2007 [2008/07/31 15:47:27, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected [2008/07/31 15:47:27, 0] lib/util_sock.c:get_peer_addr(1224) getpeername failed. Error was Transport endpoint is not connected Tried to redirect ldaplogs to /var/log/ without success These are my config files; dont seem to be able to see any error /etc/ldap.conf -------------- host letter.example.org base dc=letter,dc=example,dc=org binddn cn=config bindpw mysecret rootbinddn uid=zimbra,cn=admins,cn=zimbra port 389 timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 nss_base_passwd ou=people,dc=letter,dc=example,dc=org?one nss_base_shadow ou=people,dc=letter,dc=example,dc=org?one nss_base_passwd ou=machines,dc=letter,dc=example,dc=org?one nss_base_shadow ou=machines,dc=letter,dc=example,dc=org?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman uri ldap://letter.example.org/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 /etc/samba/smb.conf ------------------- [global] workgroup = EXAMPLE netbios name = EXAMPLE_SERVER server string = Samba Server Version %v password server = ldap://letter.example.org passdb backend = ldapsam:ldap://letter.example.org guest account = games log file = /var/log/samba/%m.log max log size = 50 add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/groupdel "%g" delete user from group script = /usr/sbin/userdel "%u" "%g" add machine script = /usr/local/sbin/smbldap-useradd -w -g Workstations "%u" logon script = %u.bat logon path = \\EXAMPLE_SERVER\profiles\%U domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=config ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = dc=letter,dc=example,dc=org ldap user suffix = ou=people guest ok = Yes cups options = raw [homes] comment = Home Directories valid users = example\%S read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba guest ok = No printable = Yes browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon share modes = No [Profiles] path = /var/lib/samba/profiles read only = No profile acls = Yes /conf/slapd.conf ---------------- include "/opt/zimbra/openldap/etc/openldap/schema/core.schema" include "/opt/zimbra/openldap/etc/openldap/schema/cosine.schema" include "/opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema" include "/opt/zimbra/openldap/etc/openldap/schema/amavisd.schema" include "/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema" include "/opt/zimbra/lib/conf/zimbra-ext.schema" include "/opt/zimbra/openldap/etc/openldap/schema/nis.schema" include "/opt/zimbra/openldap/etc/openldap/schema/samba.schema" threads 8 pidfile "/opt/zimbra/openldap/var/run/slapd.pid" argsfile "/opt/zimbra/openldap/var/run/slapd.args" TLSCertificateFile /opt/zimbra/conf/slapd.crt TLSCertificateKeyFile /opt/zimbra/conf/slapd.key TLSVerifyClient never modulepath /opt/zimbra/openldap/libexec/openldap moduleload back_bdb.la moduleload back_monitor.la moduleload syncprov.la moduleload accesslog.la access to dn.subtree="ou=people,dc=letter,dc=example,dc=org" by dn.children="cn=admins,cn=zimbra" write by * break access to dn.subtree="ou=groups,dc=letter,dc=example,dc=org" by dn.children="cn=admins,cn=zimbra" write by * read access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword by anonymous auth by dn.children="cn=admins,cn=zimbra" write access to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra" write access to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zimbraGalLdapBindDn,zimbraAuthTokenKey,zi mbraPreAuthKey,zimbraPasswordHistory,zimbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admins,cn=zimbra" write by * none access to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.exact="uid=zmamavis,cn=appaccts,cn=zimbra" read by * read access to attrs=amavisAccount by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmamavis,cn=appaccts,cn=zimbra" read by * break access to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmamavis,cn=appaccts,cn=zimbra" read by * break access to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmpostfix,cn=appaccts,cn=zimbra" read access to filter=(!(zimbraHideInGal=TRUE)) attrs=cn,co,company,dc,displayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,post alCode,sn,st,street,streetAddress,telephoneNumber,title,uid by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read access to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCanonicalAddress,zimbraMailCatchAllAddres s,zimbraMailCatchAllCanonicalAddress,zimbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,z imbraMailForwardingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,zimbraMai lTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliveryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * read access to attrs=entry by dn.children="cn=admins,cn=zimbra" write by * read database config rootpw {SSHA}SpVR7qIkga7IB+6fKiYrYPzNE0Vj4bxl database monitor rootdn "cn=config" access to dn.children="cn=monitor" by dn.children="cn=admins,cn=zimbra" read database bdb suffix "" rootdn "cn=config" cachesize 10000 idlcachesize 10000 checkpoint 64 5 directory "/opt/zimbra/openldap-data" index objectClass eq index zimbraForeignPrincipal eq index zimbraYahooId eq index zimbraId eq index zimbraVirtualHostname eq index zimbraVirtualIPAddress eq index zimbraAuthKerberos5Realm eq index zimbraMailCatchAllAddress eq,sub index zimbraMailDeliveryAddress eq,sub index zimbraMailForwardingAddress eq index zimbraMailAlias eq,sub index zimbraMailTransport eq index zimbraDomainName eq,sub index zimbraShareInfo sub index uid pres,eq index mail pres,eq,sub index cn pres,eq,sub index displayName pres,eq,sub index sn pres,eq,sub index gn pres,eq,sub index zimbraCalResSite eq,sub index zimbraCalResBuilding eq,sub index zimbraCalResFloor eq,sub index zimbraCalResRoom eq,sub index zimbraCalResCapacity eq index entryUUID eq index entryCSN eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq sizelimit unlimited timelimit unlimited /etc/smbldap-tools/smbldap_bind.conf ------------------------------------ slaveDN="cn=config" slavePw="mysecret" masterDN="cn=config" masterPw="mysecret" -Know this is repitition but put it anyway for smbldap-tools /etc/smbldap-tools/smbldap_bind.conf ------------------------------------ SID="S-1-5-21-2983891234-811595315-1297521234" sambaDomain="EXAMPLE" slaveLDAP="127.0.0.1" slavePort="389" masterLDAP="127.0.0.1" masterPort="389" suffix="dc=letter,dc=example,dc=org" usersdn="ou=people,${suffix}" computersdn="ou=machines,${suffix}" groupsdn="ou=groups,${suffix}" sambaUnixIdPooldn="sambaDomainName=example,${suffix}" scope="one" hash_encrypt="SSHA" crypt_salt_format="%s" userLoginShell="/bin/bash" userHome="/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userScript="logon.bat" mailDomain="example.org" with_smbpasswd="0" with_slappasswd="0" /etc/nsswitch.conf ------------------ passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus /etc/pam.d/system-auth ---------------------- auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so /etc/ldap.secret ---------------- mysecret Copied the schema files to ldap schema folder and done the following too smbpasswd -a root type: smbpasswd -w mysecret Someone kindly assist. Im running openldap, samba 3.0.28, smbldap-tools 0.9.2 on Centos 5 Linux. Yours, Martin. |
All times are GMT -5. The time now is 02:08 PM. |