[Samba] smbpasswd and LDAP

Beast beast at setuid.com
Fri Aug 1 09:32:48 GMT 2003 

Friday, August 1, 2003, 2:26:21 PM, Markus wrote:

> On Sat, 26 Jul 2003 12:38:12 +0700
> Beast <beast at setuid.com> wrote:

> Hi!

>> Is it possible to use smbpasswd command to add necessary objectclasses
>> and attributes to existing ldap entries which contain only posix
>> account??

> Yes, it should work.
Thnaks for your response, i almost desperate waiting response in this
list.
In facts, many questions (posting) was left unanswered 8=)


>>
>> I have necessary ldap entry under
>> ou=people,ou=mysite,dc=mydomain,dc=com.

> Your LDAP entries really are at "ou=, ou=, dc=, dc="? This setup is not
> a "standard" setup (which holds people in
> "ou=People,dc=mydomain,dc=net". You'll have to tell Samba about where to
> search for your Users using smb.conf's option "ldap suffix".

Many thanks, i was not checking the error once again because many pb
were waiting :(
FYI, we can not use quote becaue samba will include this also.
I already fix it, however problem still appear :

[root at potato samba]# smbpasswd -D5 -a budhi
......
smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-2897595519-3619093474-3625347041-11598)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
Adding new user
Setting entry for user: budhi
failed to add user dn= uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com with: Already exists

failed to modify/add user with uid = budhi (dn = uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com)
Failed to add entry for user budhi.
Failed to modify password entry for user budhi
----

It seems samba was trying to add this new user instead of modify.
Whenever I add new user which doesn't has posixaccount yet, smbpasswd
refused to add. It's like chicken and egg pb.

This coming from ldap log :
----
Aug  1 16:21:31 ventura slapd[15000]: conn=6 op=9 ADD dn="uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com"
Aug  1 16:21:31 ventura slapd[15000]: => bdb_dn2id_add: put failed: DB_KEYEXIST: Key/data pair already exists -30997
----



> Here are my LDAP-settings in smb.conf:

>   # Without SSL:
>   ldap admin dn = cn=manager,dc=mydomain,dc=net
>   ldap server = ldap.mydomain.net
>   ldap suffix = ou=People,dc=mydomain,dc=net


>   # Plus these options for SSL support:
>   #ldap port = 636
>   #ldap ssl = on

Have you try it with tls support? it would not work with this
settings:
----------
   passdb backend = ldapsam, guest
   ldap server = ldap.jkt.irs.co.id
   ldap port = 389
   ldap admin dn = "cn=ldapmanager,dc=indorama,dc=com"
   ldap ssl = start_tls

[root at potato samba]# pdbedit -L
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP Server failed for the 1 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP Server failed for the 2 try!
....
------------

But working when using this syntax :
  passdb backend = ldapsam:ldap://ldap.jkt.irs.co.id, guest

If you have success with samba3, please share :-)
So far I can not make any user (even having uid=0, rid=1000 and
groupmap  rid=512 "Domain Admin")
Any clue?


--beast

More information about the samba mailing list