[Samba] Noob having troubles with slapd-populate authentication

Chris Weiss cweiss at casadelove.com
Mon Apr 11 23:58:59 GMT 2005


Sorry about the last few knee-jerk reaction posts. I blame 
over-caffineation and stress :)

John H Terpstra wrote:

>On Thursday 07 April 2005 13:25, Chris Weiss wrote:
>  
>
>>I'm following the "The Linux Samba-OpenLDAP Howto" at
>>http://samba.idealx.org/smbldap-howto.en.html and seem to have run into
>>a problem...
>>
>>I'm to the point where I want to do the initial database population
>>using smbldap-populate.pl, but when I run it, I'm getting:
>>
>>Using builtin directory structure
>>adding new entry: dc=pirategames,dc=net
>>failed to add entry: modifications require authentication at
>>/usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 2.
>>adding new entry: ou=_USERS_,dc=pirategames,dc=net
>>failed to add entry: modifications require authentication at
>>/usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 3.
>>adding new entry: ou=_GROUPS_,dc=pirategames,dc=net
>>failed to add entry: modifications require authentication at
>>/usr/local/sbin/smbldap-populate.pl line 323, <GEN1> line 4.
>>etc...
>>    
>>
>
>It would appear from the above that you have not configured your 
>smbldap-tools. You will need to do this by executing the configure.pl script 
>in the smbldap-tools directory.
>
>  
>
There is no configure.pl present in the folder. Originally, I'd noticed 
that there was nothing in usr/local/sbin, so I followed the INSTALL 
text, which stated to manually copy the files over 
There is a Makefile, which claims to be version 0.8.2-1. There's now 
also a single smbldap_conf.pm that seems to incorporate the settings 
found in both the /etc/opt/IDEALX/smbldaptools/smbldap.conf and 
smbldapbind.conf files, which are now ignored.
The INSTALL directions state the following (in addition to copying):
 . to allow a domain admin to add user using "add user script" in smb.conf :
   chmod 753 smbldap_conf.pm
   chmod 750 smbldap-useradd.pl
   chgrp 512 smbldap_conf.pm smbldap-useradd.pl (512 = 0x200 = Domain 
Admins)
   Have your admin belong to this group
   In smb.conf : domain admin group = " @"Domain Admins" "

However, as I understand it, the "domain admin group" directive has been 
removed in Samba 3. If I read the docs correctly, I need to manage it 
via "net groupmap add ntgroup="Domain Admins" unixgroup=root" (for now, 
I just want root to be able to tweak the server). However, this is 
failing with:
failed to bind to server with dn= 
cn=samba,ou=Users,dc=pirategames,dc=net Error: Invalid credentials

>Also, what version of smbldap-tools are you using? The .pl extension suggests 
>you are using an old version. What version of Samba are you using? Please 
>ensure that the two are matching versions.
>
>  
>
Samba version 3.0.10.2 (via rpm -q)
smbldaptools 0.8.8-1 (via rpm -q)

So I should back out smbldaptools to v0.8.6?

>Samba pre-3.0.6 can use smbldap-tools 0.8.2 or 0.8.4
>Samba 3.0.6 or later requires smbldap-tools 0.8.5 or later.
>Samba 3.0.11 is best used with smbldap-tools 0.8.7 or later.
>
> - John T.
>
>  
>
>>Something I thought was interesting is it's not even pointing out the
>>SID, although I've got it and populated the smbldap.conf file and
>>slapd.conf.pm (I'm using Fedora 3 and the smbldap-tools included seem to
>>have a different default configuration, so I downloaded the RPM and did
>>an update. This problem was occurring before and after the RPM update).
>>
>>Also, using smbldap-useradd.pl fails in the same manner.
>>$ smbldap-useradd.pl -m testuser1
>>failed to perform search; No such object at
>>/usr/local/sbin///smbldap_tools.pm line 154, <DATA> line 283.
>>failed to add entry: modifications require authentication at
>>/usr/local/sbin/smbldap-useradd.pl line 249, <DATA> line 283.
>>No such object at /usr/local/sbin///smbldap_tools.pm line 178, <DATA>
>>line 283.
>>
>>That message seems to indicate that I've not set the tools to choose
>>authentication - I've gone over the permissions settings a few times and
>>things should match up, can anyone help point me in the right direction
>>to look as to why this might be failing?
>>
>>    
>>



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005


-- 
This message has been scanned for viruses and
dangerous content, and is believed to be clean.



More information about the samba mailing list