Samba-Ldap

RSzczesniak at mis.com.pl RSzczesniak at mis.com.pl
Wed Sep 20 08:24:56 GMT 2000 

"paco cornejo" <impaco at mixmail.com>
00-09-19 11:09

 
        Do:     rszczesniak at mis.com.pl
        DW: 
        Temat:  Samba-Ldap

Thanks a lot for answer so soon..!! 

I´ll tell you more details about the errors i´m 
getting. 

Im I´m using the Head version of Samba 2.1 prealpha, 
and 
OpenLdap 1.2.9 for Solaris 7 sparc. 

I have some questions... 

-I don´t know how to obtain the Rids, and i dont know 
how to encrypt the password because "smbpasswd -a 
user" gives me an error message (see later), the 
smbpasswd file that stores the users an passwords is 
not created and i don´t know why.. 

-Wich is the order to create a user... i first make an 
account with useradd, then i write an ldif using 
sambaAccount class defined in slapd.oc.conf defined at 
ignacio coupeau´s Howto... an everything seems ok but 
when i do smbpasswd -a user, then i get an error 
message like this... 

---------------------------------------------- 
# smbpasswd -D 255 -a user1 
New SMB password: 
Retype new SMB password: 
bind: No such object 
pwdb_smb_map_names 
pwdb_smb_map_names 
lookupsmbpwuid: unix uid 5223 
initialising map 
lookupsmbpwntnam: nt user name user1 
name 'user1' split into domain: and nt name:user1' 
Failed to add entry for user user1. 
Failed to change password entry for user1 
----------------------------------------------------- 

It seems, that you have incorrect parameters (related
to ldap) in smb.conf. Check whether prefix is correct
by adding sample object sambaAccount to the dir tree.
Use bind setting you wrote into smb.conf.
Perform that test using ldapadd utility.


2.- I don´t know how to encrypt passwords when i write 
an ldif user.... 
----------------------------------------------------- 
dn: uid=pepe, o=ELMONTE 
objectclass: sambaAccount 
uid: pepe 
lmpassword: pepe <-------------how to ecrypt? 
ntpassword: pepe 
pwdlastset: <---------- which value? 
groupid: 200 
pwdmustchange: ffffffff <---- ż?ż? 
ntuid: pepe 
accflags: [U ] <--------what is this? 
gidnumber: 1 <---- the same as gorup in /etc/group 
uidnumber: 1005 <---the same as /etc/passwd 
rid: 1f4 <---------How i get the rid? 

-------------------------------------------- 
Forget about encrypting passwords by hand ;-)
lmpassword and ntpassword are set by smbpasswd
(of course when the latter is correctly configured
 see: ldap params in smb.conf)


-Samba won´t use passwd file anymore, so how can i 
encrypt passwd?

What do you mean by "I can encrypt password" ?


-When i run : smbclient -U pepe -L pdc01 i get this on 
the server console running in debug mode... 

----------------------------------------------- 
select activity on 1 descriptors 
new connection on 5 
activity on: 
listening for connections on 3, activity on: 5r 
before select active_threads 0 
select activity on 1 descriptors 
activity on: 5r 
read activity on 5 
ber_get_next 
ber_get_next: tag 0x30 len 36 contents: 
ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844 
current len 36, contents: 
02 01 01 ` 1f 02 01 02 04 13 u i d = r o 
o t , 20 o = E L M O N T E 80 05 m 
o n t e 
do_bind 
do_bind: version 2 dn (uid=root, o=ELMONTE) method 128 
==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE 
dn2entry_r: dn: "UID=ROOT,O=ELMONTE" 
=> dn2id( "UID=ROOT,O=ELMONTE" ) 
=> ldbm_cache_open 
( "/export/home/ldapmonte/dn2id.dbb", 7, 600 ) 
<= ldbm_cache_open (cache 0) 
<= dn2id NOID 
dn2entry_r: dn: "O=ELMONTE" 
=> dn2id( "O=ELMONTE" ) 
====> cache_find_entry_dn2id: found dn: O=ELMONTE 
<= dn2id 1 (in cache) 
=> id2entry_r( 1 ) 
====> cache_find_entry_dn2id: found id: 1 rw: 0 
entry_rdwr_rtrylock: ID: 1 
<= id2entry_r 0xa4e30 (cache) 
====> cache_return_entry_r 
entry_rdwr_runlock: ID: 1 
send_ldap_result 32:O=ELMONTE: 
ber_flush: 23 bytes to sd 5 
0 15 02 01 01 a 10 0a 01 20 04 09 O = E L 
M O N T E 04 00 
listening for connections on 3, activity on: 5r 
before select active_threads 0 
select activity on 1 descriptors 
new connection on 8 
activity on: 
listening for connections on 3, activity on: 5r 8r 
before select active_threads 0 
select activity on 1 descriptors 
activity on: 8r 
read activity on 8 
ber_get_next 
ber_get_next: tag 0x30 len 36 contents: 
ber_dump: buf 0xa4820, ptr 0xa4820, end 0xa4844 
current len 36, contents: 
02 01 01 ` 1f 02 01 02 04 13 u i d = r o 
o t , 20 o = E L M O N T E 80 05 m 
o n t e 
do_bind 
do_bind: version 2 dn (uid=root, o=ELMONTE) method 128 
==> ldbm_back_bind: dn: UID=ROOT,O=ELMONTE 
dn2entry_r: dn: "UID=ROOT,O=ELMONTE" 
=> dn2id( "UID=ROOT,O=ELMONTE" ) 
=> ldbm_cache_open 
( "/export/home/ldapmonte/dn2id.dbb", 7, 600 ) 
<= ldbm_cache_open (cache 0) 
<= dn2id NOID 
dn2entry_r: dn: "O=ELMONTE" 
=> dn2id( "O=ELMONTE" ) 
====> cache_find_entry_dn2id: found dn: O=ELMONTE 
<= dn2id 1 (in cache) 
=> id2entry_r( 1 ) 
====> cache_find_entry_dn2id: found id: 1 rw: 0 
entry_rdwr_rtrylock: ID: 1 
<= id2entry_r 0xa4e30 (cache) 
====> cache_return_entry_r 
entry_rdwr_runlock: ID: 1 
send_ldap_result 32:O=ELMONTE: 
ber_flush: 23 bytes to sd 8 
0 15 02 01 01 a 10 0a 01 20 04 09 O = E L 
M O N T E 04 00 
listening for connections on 3, activity on: 5r 8r 
before select active_threads 0 
select activity on 2 descriptors 
activity on: 5r 8r 
read activity on 5 
ber_get_next 
ber_get_next on fd 5 failed errno 0 (Error 0) 
*** got 0 of 0 so far 
read activity on 8 
ber_get_next 
ber_get_next on fd 8 failed errno 0 (Error 0) 
*** got 0 of 0 so far 
listening for connections on 3, activity on: 
before select active_threads 0 

-------------------------------------------------- 

and this on the client console... 

-------------------------------------------------- 
# smbclient -U pepe -L pdc01 
Added interface ip=172.18.1.23 bcast=172.18.255.255 
nmask=255.255.0.0 
Password: 
session setup failed: ERRSRV - ERRbadpw (Bad password -
 

name/password pair in a Tree Connect or Session Setup 
are invalid.) 
--------------------------------------------------- 
Simple, but less possible answer would be:
encrypt password = false
It would be, but it won't be - You said you have
this set to 'true'


More complex possible answer:
Samba host which you trying to connect from is not
member of domain X, as opposed to (NT)host pdc01.


-Ldap server runs fine with pam_ldap module for 
authenticate ftp, telnet and local logins... 

These don't have to be affiliated, ie. sambaAccount
objects may lie in different part of directory tree.


-the smb.conf and slapd.conf are well configured as 
the HowTo.. i send you too. and set password 
ecrypted=yes. 

Received neither smb.conf nor slapd.conf.


-In the Howto says that i have to create a file called 
ldappasswd in ../samba/private/ with the root passwd 
of ldap server... What is the syntax? only the 
password? 

That's right. Remember to set permissions to 0600 !


Well i think that´s all ... please see if you can help 
me... 

Thanks a lot in advance.. and excuse my poor english.. 

Mine also isn't perfect :)








Tu correo gratis en MixMail http://www.mixmail.com
Inicia tu navegacion en http://www.ya.com

More information about the samba-ntdom mailing list