Samba-Ldap
RSzczesniak at mis.com.pl
RSzczesniak at mis.com.pl
Wed Sep 20 08:24:56 GMT 2000
"paco cornejo" <impaco at mixmail.com>
00-09-19 11:09
Do: rszczesniak at mis.com.pl
DW:
Temat: Samba-Ldap
Thanks a lot for answer so soon..!!
I´ll tell you more details about the errors i´m
getting.
Im I´m using the Head version of Samba 2.1 prealpha,
and
OpenLdap 1.2.9 for Solaris 7 sparc.
I have some questions...
-I don´t know how to obtain the Rids, and i dont know
how to encrypt the password because "smbpasswd -a
user" gives me an error message (see later), the
smbpasswd file that stores the users an passwords is
not created and i don´t know why..
-Wich is the order to create a user... i first make an
account with useradd, then i write an ldif using
sambaAccount class defined in slapd.oc.conf defined at
ignacio coupeau´s Howto... an everything seems ok but
when i do smbpasswd -a user, then i get an error
message like this...
----------------------------------------------
# smbpasswd -D 255 -a user1
New SMB password:
Retype new SMB password:
bind: No such object
pwdb_smb_map_names
pwdb_smb_map_names
lookupsmbpwuid: unix uid 5223
initialising map
lookupsmbpwntnam: nt user name user1
name 'user1' split into domain: and nt name:user1'
Failed to add entry for user user1.
Failed to change password entry for user1
-----------------------------------------------------
It seems, that you have incorrect parameters (related
to ldap) in smb.conf. Check whether prefix is correct
by adding sample object sambaAccount to the dir tree.
Use bind setting you wrote into smb.conf.
Perform that test using ldapadd utility.
2.- I don´t know how to encrypt passwords when i write
an ldif user....
-----------------------------------------------------
dn: uid=pepe, o=ELMONTE
objectclass: sambaAccount
uid: pepe
lmpassword: pepe <-------------how to ecrypt?
ntpassword: pepe
pwdlastset: <---------- which value?
groupid: 200
pwdmustchange: ffffffff <---- ż?ż?
ntuid: pepe
accflags: [U ] <--------what is this?
gidnumber: 1 <---- the same as gorup in /etc/group
uidnumber: 1005 <---the same as /etc/passwd
rid: 1f4 <---------How i get the rid?
--------------------------------------------
Forget about encrypting passwords by hand ;-)
lmpassword and ntpassword are set by smbpasswd
(of course when the latter is correctly configured
see: ldap params in smb.conf)
-Samba won´t use passwd file anymore, so how can i
encrypt passwd?
What do you mean by "I can encrypt password" ?
-When i run : smbclient -U pepe -L pdc01 i get this on
the server console running in debug mode...
-----------------------------------------------
select activity on 1 descriptors
new connection on 5
activity on:
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
activity on: 5r
read activity on 5
ber_get_next
ber_get_next: tag 0x30 len 36 contents:
ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844
current len 36, contents:
02 01 01 ` 1f 02 01 02 04 13 u i d = r o
o t , 20 o = E L M O N T E 80 05 m
o n t e
do_bind
do_bind: version 2 dn (uid=root, o=ELMONTE) method 128
==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE
dn2entry_r: dn: "UID=ROOT,O=ELMONTE"
=> dn2id( "UID=ROOT,O=ELMONTE" )
=> ldbm_cache_open
( "/export/home/ldapmonte/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
dn2entry_r: dn: "O=ELMONTE"
=> dn2id( "O=ELMONTE" )
====> cache_find_entry_dn2id: found dn: O=ELMONTE
<= dn2id 1 (in cache)
=> id2entry_r( 1 )
====> cache_find_entry_dn2id: found id: 1 rw: 0
entry_rdwr_rtrylock: ID: 1
<= id2entry_r 0xa4e30 (cache)
====> cache_return_entry_r
entry_rdwr_runlock: ID: 1
send_ldap_result 32:O=ELMONTE:
ber_flush: 23 bytes to sd 5
0 15 02 01 01 a 10 0a 01 20 04 09 O = E L
M O N T E 04 00
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
new connection on 8
activity on:
listening for connections on 3, activity on: 5r 8r
before select active_threads 0
select activity on 1 descriptors
activity on: 8r
read activity on 8
ber_get_next
ber_get_next: tag 0x30 len 36 contents:
ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844
current len 36, contents:
02 01 01 ` 1f 02 01 02 04 13 u i d = r o
o t , 20 o = E L M O N T E 80 05 m
o n t e
do_bind
do_bind: version 2 dn (uid=root, o=ELMONTE) method 128
==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE
dn2entry_r: dn: "UID=ROOT,O=ELMONTE"
=> dn2id( "UID=ROOT,O=ELMONTE" )
=> ldbm_cache_open
( "/export/home/ldapmonte/dn2id.dbb", 7, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id NOID
dn2entry_r: dn: "O=ELMONTE"
=> dn2id( "O=ELMONTE" )
====> cache_find_entry_dn2id: found dn: O=ELMONTE
<= dn2id 1 (in cache)
=> id2entry_r( 1 )
====> cache_find_entry_dn2id: found id: 1 rw: 0
entry_rdwr_rtrylock: ID: 1
<= id2entry_r 0xa4e30 (cache)
====> cache_return_entry_r
entry_rdwr_runlock: ID: 1
send_ldap_result 32:O=ELMONTE:
ber_flush: 23 bytes to sd 8
0 15 02 01 01 a 10 0a 01 20 04 09 O = E L
M O N T E 04 00
listening for connections on 3, activity on: 5r 8r
before select active_threads 0
select activity on 2 descriptors
activity on: 5r 8r
read activity on 5
ber_get_next
ber_get_next on fd 5 failed errno 0 (Error 0)
*** got 0 of 0 so far
read activity on 8
ber_get_next
ber_get_next on fd 8 failed errno 0 (Error 0)
*** got 0 of 0 so far
listening for connections on 3, activity on:
before select active_threads 0
--------------------------------------------------
and this on the client console...
--------------------------------------------------
# smbclient -U pepe -L pdc01
Added interface ip=172.18.1.23 bcast=172.18.255.255
nmask=255.255.0.0
Password:
session setup failed: ERRSRV - ERRbadpw (Bad password -
name/password pair in a Tree Connect or Session Setup
are invalid.)
---------------------------------------------------
Simple, but less possible answer would be:
encrypt password = false
It would be, but it won't be - You said you have
this set to 'true'
More complex possible answer:
Samba host which you trying to connect from is not
member of domain X, as opposed to (NT)host pdc01.
-Ldap server runs fine with pam_ldap module for
authenticate ftp, telnet and local logins...
These don't have to be affiliated, ie. sambaAccount
objects may lie in different part of directory tree.
-the smb.conf and slapd.conf are well configured as
the HowTo.. i send you too. and set password
ecrypted=yes.
Received neither smb.conf nor slapd.conf.
-In the Howto says that i have to create a file called
ldappasswd in ../samba/private/ with the root passwd
of ldap server... What is the syntax? only the
password?
That's right. Remember to set permissions to 0600 !
Well i think that´s all ... please see if you can help
me...
Thanks a lot in advance.. and excuse my poor english..
Mine also isn't perfect :)
Tu correo gratis en MixMail http://www.mixmail.com
Inicia tu navegacion en http://www.ya.com
More information about the samba-ntdom
mailing list