openchange_provision problem? HowTO to install manual
Sassy Natan
sassyn at gmail.com
Sun Dec 21 20:40:23 GMT 2008
Dear OpenChange / Samab4 Users
First of all I want to thanks to all Samba4 and OpenChange developers for
this project! I'm sure that once those projects will be stable enough I will
replace it with my current Micro$oft infrastructure.
I have been playing a little with samba4 and openchange during this week and
I willing to write a fully document HOWTO install for those who not sure
how. But before I can handle this I need some help from you guys to help me
out.
All the work was done on the wonderful upcoming Debian distribution name
Lenny (pair of binoculars with feet from the Toy Story movie J ).
Lenny is still in RC1 mode but I found it stable enough to run even in a
production environment. I have used the AMD64 distribution version which can
be downloaded at
http://cdimage.debian.org/cdimage/lenny_di_rc1/amd64/iso-cd/debian-testing-amd64-netinst.iso
After installation all the gcc, binutils and all other dependencies I have
compile Samba4 git head version (Version 4.0.0alpha6-GIT-138283c) (Checkout
was done in 16/12/2008).
This was quite easy, no special problem. I haven manage to compile it debian
style which mean using the --enable-fhs and some other configuration
options.
I build my own DEB file and packed all the files together.
Since I wanted to use OpenLDAP as my backend server I install the OpenLDAP
using apt-get. SLAPD version which is installed is 2.4.11-1.
Then I started my provisions backed as appears in Samba4 Wiki. I notice some
bug in the provision script (file
/usr/lib/python2.5/site-packages/samba/provision.py in my DEB File near line
1378). I had to fix the path for the ad2oLschema command.
After that I run the ./setup/provision-backend --realm=edu.local
--domain=edu --ldap-admin-pass=admin --ldap-backend-type=openldap
--server-role='domain controller' --host-name=DC.
Output was:
Converted 536 records (skipped 13) with 0 failures
Your openldap Backend for Samba4 is now configured, and is ready to be
started
Server Role: domain controller
Hostname: dc
DNS Domain: edu.local
Base DN: DC=edu,DC=local
LDAP admin user: samba-admin
LDAP admin password: admin
Start slapd with: slapd -f /var/lib/samba-4.0/ldap/slapd.conf -h
ldapi://%2Fvar%2Flib%2Fsamba-4.0%2Fldap%2Fldapi
Run provision with: --ldap-backend=ldapi --ldap-backend-type=openldap
--password=manager11 --username=samba-admin
I started the LDAP server as the script suggested, not before I change the
modules.conf of the LDAP Server (/var/lib/samba-4.0/ldap/modules.conf in my
configuration).
I don't know way the modules.conf doesn't include the following modules
already inside it, I guess that maybe Andrew Bartlett (Which I must say
seems to know everything!!! based on his answers everywhere on the
internet) assume you should compile your OpenLDAP by yourslef with the
modules included in the slapd binary file. For me I manage to run the
OpenLDAP server with no problem after adding the following to the
modules.conf file:
moduleload refint
moduleload memberof
moduleload back_hdb
moduleload syncprov
Next task was to run the setup/provision command. Again this was easy, no
problem and my samab4 server was almost done and ready. I restarted my
OpenLDAP server with debug on (using –d-1) and run the e "smbd -i -M single
-d3". Server was up but still minor problem accord. I notice in the debug
windows that some directories couldn't be found.
Don't know why the "make install" didn't created the following directories:
/var/run/samba
/var/run/samba/ntp_signd
/var/run/samba/winbindd
/var/lib/samba/winbindd_privileged
chmod 750 /var/lib/samba/winbindd_privileged
I run the ./configure like 4 times and it seems to me like a bug in this
version.
Any way I fixed that – and also update my DEB file.
SO NOW I HAVE samba4 server running. Manage to add user, add Windows XP to
the domain, create a login script, change the GPO – works Like Charm. Andrew
Bartlett and Samba4 Developer – U R COOOOL!
My next task was to create my own DEB file for OpenChange! – I already
started to think about collaboration with WebMail and openchange
(squirrelmail or RoundCube could be nice tools for this).
So I used the lastest snapshot from the openchange SVN (r937) and installed
some other C++, C dependencies as appear in there HowTO.txt file (in the
doc directory).
Compile was easy. But I had to change some issue with the $PKG_CONFIG_PATH.
To my observation it seems that the $PKG_CONFIG_PATH environment set is
being rewritten . So no matter what you will have in the PKG_CONFIG_PATH the
./configure will tell you – you don't have samab4 installed. Fix that by
edit the file configure after running autogen. Should appear in line 1970.
Mines look like this:
old_PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
PKG_CONFIG_PATH="$PKG_CONFIG_PATH:$sambaprefix/lib/pkgconfig" (I add
the $PKG_CONFIG_PATH)
if test -n "$PKG_CONFIG" && \
Now I compile the package, copy the man files, copy the setup folder (after
compile) to my package since the "make install" don't do. I also copied the
files and directory inside the python folder to my
/usr/lib/python2.5/site-packages/ folder.
Finally I have my DEB file!!!!!
So I installed it and was excited to try it out.
What Next? Well I'm not sure the HOWTO seems to me very old.
To my understating I should now run the ./openchange_provision command. So
LDAP will have the schema update for exchange.
But if someone know about previous step please let me know.
So I started the ./openchange_provision. I remember that for creating the
schema I used the samba-admin user as Andrew Bartlett point out. I looked in
the slapd.conf to make sure samba-admin as full permission on the LDAP tree
and yes – it do has!
So my command was as follow:
./openchange_provision --password=admin --username=samba-admin
--simple-bind-dn=cn=samba-admin,cn=samba
Look quite nice right? But then here I'm stuck. While running this I'm
getting the following:
Dev:/usr/share/openchange/setup# ./openchange_provision --password=admin
--username=samba-admin --simple-bind-dn=cn=samba-admin,cn=samba
NOTE: This operation can take several minutes
[+] Step 1: Register Exchange OIDs
[+] Step 2: Add new Exchange classes and attributes to Samba schema
Traceback (most recent call last):
File "./openchange_provision", line 53, in <module>
openchange.provision(setup_path, lp, creds, firstorg=opts.firstorg,
firstou=opts.firstou)
File "/usr/lib/python2.5/site-packages/openchange/provision.py", line 309,
in provision
install_schemas(setup_path, names, lp, creds)
File "/usr/lib/python2.5/site-packages/openchange/provision.py", line 144,
in install_schemas
"SCHEMADN": names.schemadn
File "/usr/lib/python2.5/site-packages/samba/provision.py", line 163, in
setup_add_ldif
ldb.add_ldif(data)
File "/usr/lib/python2.5/site-packages/samba/__init__.py", line 188, in
add_ldif
self.add(msg)
_ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION - <entryDN: no
user modification allowed> <>')
In the OpenLDAP log (running –d-1 debug level) I getting the following
ber_scanf fmt (}) ber:
>>> dnPrettyNormal:
<CN=ms-Exch-Active-Directory-Connector,CN=Schema,CN=Configuration,DC=edu,DC=local>
<<< dnPrettyNormal:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>,
<cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local>
>>> dnPretty:
<CN=ms-Exch-Active-Directory-Connector,CN=Schema,CN=Configuration,DC=edu,DC=local>
<<< dnPretty:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
>>> dnNormalize:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
<<< dnNormalize:
<cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local>
>>> dnPretty: <CN=Class-Schema,CN=Schema,CN=Configuration,DC=edu,DC=local>
<<< dnPretty: <cn=Class-Schema,cn=Schema,cn=Configuration,dc=edu,dc=local>
>>> dnNormalize:
<cn=Class-Schema,cn=Schema,cn=Configuration,dc=edu,dc=local>
<<< dnNormalize:
<cn=class-schema,cn=schema,cn=configuration,dc=edu,dc=local>
>>> dnPretty:
<CN=ms-Exch-Active-Directory-Connector,CN=Schema,CN=Configuration,DC=edu,DC=local>
<<< dnPretty:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
>>> dnNormalize:
<cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local>
<<< dnNormalize:
<cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local>
bdb_dn2entry("cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local")
=>
hdb_dn2id("cn=ms-exch-active-directory-connector,cn=schema,cn=configuration,dc=edu,dc=local")
<= hdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found
(-30990)
hdb_referrals: tag=104
target="cn=ms-Exch-Active-Directory-Connector,cn=Schema,cn=Configuration,dc=edu,dc=local"
matched="cn=Schema,cn=Configuration,dc=edu,dc=local"
send_ldap_result: conn=3 op=60 p=3
send_ldap_response: msgid=61 tag=105 err=19
ber_flush2: 51 bytes to sd 28
connection_get(30): got connid=5
connection_read(30): checking for input on id=5
ber_get_next
ber_get_next on fd 30 failed errno=0 (Success)
connection_closing: readying conn=5 sd=30 for close
connection_close: conn=5 sd=30
connection_get(29): got connid=4
connection_read(29): checking for input on id=4
ber_get_next
ber_get_next on fd 29 failed errno=0 (Success)
connection_closing: readying conn=4 sd=29 for close
connection_close: conn=4 sd=29
connection_get(28): got connid=3
connection_read(28): checking for input on id=3
ber_get_next
ber_get_next on fd 28 failed errno=0 (Success)
connection_closing: readying conn=3 sd=28 for close
connection_close: conn=3 sd=28
I used ldapsearch and LDP.exe from Microsoft Support Tools and look under
the Schema. Indeed the cn=ms-exch-active-directory-connector doesn't exist
in my OpenLDAP, but isn't this what the openchange_provision need to do?
Does someone can let me know where I go worng? 5 hours searching and
nothing!
Thanks!!!
Sassy Natan
More information about the samba-technical
mailing list