[Samba] smbpasswd and LDAP
Beast
beast at setuid.com
Fri Aug 1 09:32:48 GMT 2003
Friday, August 1, 2003, 2:26:21 PM, Markus wrote:
> On Sat, 26 Jul 2003 12:38:12 +0700
> Beast <beast at setuid.com> wrote:
> Hi!
>> Is it possible to use smbpasswd command to add necessary objectclasses
>> and attributes to existing ldap entries which contain only posix
>> account??
> Yes, it should work.
Thnaks for your response, i almost desperate waiting response in this
list.
In facts, many questions (posting) was left unanswered 8=)
>>
>> I have necessary ldap entry under
>> ou=people,ou=mysite,dc=mydomain,dc=com.
> Your LDAP entries really are at "ou=, ou=, dc=, dc="? This setup is not
> a "standard" setup (which holds people in
> "ou=People,dc=mydomain,dc=net". You'll have to tell Samba about where to
> search for your Users using smb.conf's option "ldap suffix".
Many thanks, i was not checking the error once again because many pb
were waiting :(
FYI, we can not use quote becaue samba will include this also.
I already fix it, however problem still appear :
[root at potato samba]# smbpasswd -D5 -a budhi
......
smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-2897595519-3619093474-3625347041-11598)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
Adding new user
Setting entry for user: budhi
failed to add user dn= uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com with: Already exists
failed to modify/add user with uid = budhi (dn = uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com)
Failed to add entry for user budhi.
Failed to modify password entry for user budhi
----
It seems samba was trying to add this new user instead of modify.
Whenever I add new user which doesn't has posixaccount yet, smbpasswd
refused to add. It's like chicken and egg pb.
This coming from ldap log :
----
Aug 1 16:21:31 ventura slapd[15000]: conn=6 op=9 ADD dn="uid=budhi,ou=people,ou=jakarta,dc=indorama,dc=com"
Aug 1 16:21:31 ventura slapd[15000]: => bdb_dn2id_add: put failed: DB_KEYEXIST: Key/data pair already exists -30997
----
> Here are my LDAP-settings in smb.conf:
> # Without SSL:
> ldap admin dn = cn=manager,dc=mydomain,dc=net
> ldap server = ldap.mydomain.net
> ldap suffix = ou=People,dc=mydomain,dc=net
> # Plus these options for SSL support:
> #ldap port = 636
> #ldap ssl = on
Have you try it with tls support? it would not work with this
settings:
----------
passdb backend = ldapsam, guest
ldap server = ldap.jkt.irs.co.id
ldap port = 389
ldap admin dn = "cn=ldapmanager,dc=indorama,dc=com"
ldap ssl = start_tls
[root at potato samba]# pdbedit -L
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP Server failed for the 1 try!
Failed to issue the StartTLS instruction: Can't contact LDAP server
Connection to LDAP Server failed for the 2 try!
....
------------
But working when using this syntax :
passdb backend = ldapsam:ldap://ldap.jkt.irs.co.id, guest
If you have success with samba3, please share :-)
So far I can not make any user (even having uid=0, rid=1000 and
groupmap rid=512 "Domain Admin")
Any clue?
--beast
More information about the samba
mailing list