[Samba] Samba 3 PDC + OpenLDAP + Mandrake 10.0
Buchan Milne
bgmilne at obsidian.co.za
Thu May 6 12:17:47 GMT 2004
On Thu, 29 Apr 2004, Wisudanto C Suntoyo wrote:
> Hi all Need Urgent Help :(
Sorry for my late reply, I have been quite busy catching up on package
maintenance and on a project on a tight schedule.
>
> I' m new to this List... I'm trying to setup a new Samba 3 PDC + OpenLDAP
> on a Mandrake 10.0 to replace an older server...
> Cause I need an LDAP Backend for a BDC planned on a remote site, and Samba 3
> came along.
>
> So I'm following this Doc
> http://au1.samba.org/samba/docs/man/guide/happy.html
This document has a number of errors, and does not address a number of
issues that have been taken care of for you in the Mandrake packages of
openldap and samba.
Additionally, it shows a *very* convoluted method of getting network
authentication for unix clients working against unix servers (via
wnbind??).
Although I haven't had time to update the articles at mandrakesecure.net
for OpenLDAP-2.1 and samba3, I think they would still be a better
startingpoint.
http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php
>
> 1. I fail once I get to this step 18 of initialization and creation
>
> [root at qjktsmb root]# net rpc join -U Administrator%My_Pa555
> The username or password was not correct.
>
This is the ridiculous part, it's not necessary to run winbind on unix
clients when you have a unix LDAP server, so you don't need to join unix
clients to the domain.
The method I suggest is to add an LDAP account for 'root, for example by
using the openldap-migration package. Then, you will be able to set this
root user's smb password (via smbpasswd -a), and use that account to join
machines to the domain.
Additionally, if you have users who are members of the adm group with smb
passwords, they should also be able to join machines to the domain.
> I've Tried changing the pass a few times with the smbldap-passwd tool
> nothing changed
>
> 2. I also cant seem to authenticate my Administrator user (uid=0) to add
> Machine
> accounts... an unknown username or bad password error comes up
>
> Any Ideas
>
> Regards Wisu
>
>
> LDAP log --->
>
>From the LDAP log, it seems you are having samba bind as your OpenLDAP
rootdn, which is a bad practice. You should instead add an account for the
machine (exampes such as those shown in the mandrakesecure.net articles
should work), and add that dn to the "cn=Domain Controllers" group (it
should not be a posixGroup ... so delete the one the smb-populate makes
for you, andmake it a groupofnames:
$ ldapsearch -x "(cn=Domain Controllers)" -LLL
dn: cn=Domain Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com
objectClass: groupOfNames
objectClass: top
cn: Domain Controllers
member: cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
)
(BTW, this only applies if you are using the Mandrake packages, if you've
compiled from source, you've lost a lot of good configuration).
Regards,
Buchan
More information about the samba
mailing list