[Samba] Samba LDAP rootpw error

Gary Dale garydale at torfree.net
Sat Mar 25 14:00:47 GMT 2006 

Matt Richards wrote:

>>I was following the howto below (originally posted on this list as BIG
>>Samba howto for debian only.) to see if I could get my not-quite-working
>>Samba 3.0.14a (debian) server fully working and able to handle my Linux
>>logins too. The problem I'm having with my Samba setup is that I can't
>>change user passwords except through Swat. Users can't change them from
>>their machines using the Windows password change - but they are notified
>>to change them by when they expire.
>>
>>Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP
>>Server configuration". Neither slapindex nor slapd will run. It looks
>>like it doesn't like something about my root password, but I'm not sure
>>what it wants (I'm no expert on LDAP).  :)
>>
>>Slapindex complains "bad configuration file". Slapd gives the more
>>detailed:
>>   line 65 (rootpw ***)
>>   /etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn is
>>under suffix
>>
>>I've attached my slapd.conf file if that is of any assistance. Any help
>>will be greatly appreciated.
>>
>>
>>Louis van Belle wrote:
>>
>>    
>>
>[..snip..]
>
>humm well looking at the config file the first thing that i notice is this
>...
>
># The base of your directory in database #1
>suffix          "dc=rahim-dale,dc=org"
>rootdn                "cn=admin,dc=toronto,dc=ontario,dc=ca"
>
>
>your root dn isn't in the base of your ldap tree, this should probuly be
>something like ...
>
>suffix          "dc=rahim-dale,dc=org"
>rootdn                "cn=admin,dc=rahim-dale,dc=org"
>
>try it n let us know what happens :).
>
>HTH
>
>Matt.
>
>  
>
You got it in one!  I've got slapd running.

Now I'm stuck at "5.4 set the samba ldap admin password". I can set the 
admin password and get the expected response, but when I try 
"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it fails 
to add the various groups. I get "failed to add entry: modifications 
require authentication at /usr/sbin/smbldap-populate line 460, <GEN1> 
line 3." for each ou=<groupname> it tries to add.

Any ideas?

More information about the samba mailing list