Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm planning to set up an nice Samba domain and want to use LDAP for all account info (also for the linux-accounts). I currently have OpenLDAP (latest stable) and Samba 3.0.1 installed.
I use Gentoo's packaging system, but that shouldn't matter too much.
Can anyone give me some support on LDAP and LDAP-Samba integration? Because I'm a newbie at those things...
What program should I use to add/remove/view LDAP entries?
What properties must/should/may be set for the linux (posix) account, for the samba account?
I currently have a samba (3.0) domain set up on another machine (acting as PDC) with the smbpasswd file as database. I'd like to transport all password(hashed) and SID's to the new setup. Is that possible, how?
Can I use a different organisational-unit for machine accounts? or should they be in the same as the users?
Should I use SSL for LDAP? also allow non-encrypted? how to setup the nsswich?
In short: can anyone guide me through that setup-stage?
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Rep:
Re: Set up LDAP an Samba PDC
Quote:
Originally posted by nielchiano Hi everyone,
I currently have a samba (3.0) domain set up on another machine (acting as PDC) with the smbpasswd file as database. I'd like to transport all password(hashed) and SID's to the new setup. Is that possible, how?
Would you be prepared to post your smb.conf? I'm trying to get Samba 3.0 working as a PDC, but can't quite get it.
Looking at a working smb.conf would be a great help.
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Rep:
Thanks for that. I can't seem to get the LDAP side of things happening though... I keep getting messages like:
2004/02/17 12:05:03, 0] lib/smbldap.c:smbldap_search_suffix(1077)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials)
[2004/02/17 13:06:36, 0] lib/smbldap.c:fetch_ldap_pw(256)
fetch_ldap_pw: neither ldap secret retrieved!
[2004/02/17 13:06:36, 0] lib/smbldap.c:smbldap_connect_system(741)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2004/02/17 13:06:36, 1] lib/smbldap.c:smbldap_retry_open(890)
Connection to LDAP Server failed for the 1 try!
[2004/02/17 13:07:42, 0] lib/smbldap.c:smbldap_search_suffix(1077)
smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials)
I think you should tell Samda how it should bind. Tell it the dn of the account to bind as in the smb.conf
And tell the password with "smbpass -w secret"
In it, John Terpstra details how to configure samba in LDAP mode, with multiple LDAP sources as failovers, or using LDAP for multi-site configurations.
Available toward the end of March.
I agree with Nielchiano above, sounds like you're missing the bind information in secrets.tdb
I'm starting to sound like a shill for this book, but:
URL removed because it won't let me post it...
In it, John Terpstra details how to configure samba in LDAP mode, with multiple LDAP sources as failovers, or using LDAP for multi-site configurations.
Available toward the end of March.
I agree with Nielchiano above, sounds like you're missing the bind information in secrets.tdb
I'm trying to troubleshoot an issue where new users aren't able to authenticate off of our SAMBA-based PDC. The PDC is bound to an openldap server. Initially I thought there may be something wrong with the accounts, but they're able to successfully authenticate off of fileservers bound to the openldap server.
Unfortunately, I'm not terribly familiar with the set up and logs I assume should be there (such as log.smbd and log.nmbd) aren't.
When used as a PDC does sambe write to different log files (especially for authentication)?
Any point in the right direction would be greatly appreciated...
The essential problem: some users are not able to log into their PCs bound to the PDC. I thought the proper logs to look at were smbd.log and nmbd.log but they don't seem to exist on this server (I inherited w/ little documentation).
I can ssh into the PDC and successfully su to any of the accounts that can't authenticate off their PCs. I don't suspect the PC set up because some users are able to log in successfully.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.