[Samba] Re: Solaris 9-Samba LDAP (was: libiconv problems)

Anthony Hess tonyh at engr.arizona.edu
Sun Aug 8 22:37:22 GMT 2004 

Hello,

Thanks for your offer - Im a bit under a time crunch and hoping to get this
done in time for school starting (about two weeks - and that includes
migrating all of the accounts and windows boxes over to this domain from a
2.2.x/NT4 domain).  Never having set this up before makes it all the more
fun :)

I don't think the libiconv errors are affecting the operation of the server.
Ive been sent some suggestions, so Ill try those out and respond to the list
with results.

I am just running the standard install (I didn't install the OS myself - it
was done while I was gone on vacation), so probably North American english
or some such.  

In terms of configuration questions - did you install using the OpenLDAP
libraries like I did, or did you modify the Samba make file to allow to
compile against the Sun ldap libraries?  If the latter, what benefits does
that give you over the OpenLDAP ones?  (note I am still using the Sun
directory server - I just used the open source libraries).  I figured that
using the OpenLDAP libraries would be easier in a couple of ways in the
future when I needed to compile newer versions.

At any rate - on to an actual problem besides libiconv.  This machine is set
up via nsswitch.conf to do everything via the directory (meaning the non
system accounts are in ldap and working).  Whenever I try to run smbpasswd
-a to add the samba attributes to the directory, it fails with a write
permission error (the bind password is correct - I used smbpasswd -w to
write that to the secrets.tdb file).

Here is the error for that:

ldapsam_modify_entry: Failed to modify user dn=
uid=lnn,ou=People,dc=mge,dc=arizona,dc=edu with: Insufficient access
        Insufficient 'write' privilege to the 'sambaSID' attribute of entry
'uid=lnn,ou=people,dc=mge,dc=arizona,dc=edu'.

ldapsam_add_sam_account: failed to modify/add user with uid = lnn (dn =
uid=lnn,ou=People,dc=mge,dc=arizona,dc=edu)
Failed to add entry for user lnn.
Failed to modify password entry for user lnn

Thinking that perhaps smbpasswd wasn't the right way to go I just created
and imported an LDIF with the necessary attributes (except the correct nt/lm
passwords - the attributes were added however).  Then trying to use
smbpasswd on the same account it fails with the following error (looks
pretty much like the write error I was getting before):

ldapsam_modify_entry: Failed to modify user dn=
uid=tony,ou=People,dc=mge,dc=arizona,dc=edu with: Insufficient access
        Insufficient 'write' privilege to the 'sambaPwdCanChange' attribute
of entry 'uid=tony,ou=people,dc=mge,dc=arizona,dc=edu'.

ldapsam_update_sam_account: failed to modify user with uid = tony, error:
Insufficient 'write' privilege to the 'sambaPwdCanChange' attribute of entry
'uid=tony,ou=people,dc=mge,dc=arizona,dc=edu'.
 (Success)
Failed to modify entry for user tony.
Failed to modify password entry for user tony

So Im kind of stumped because making these changes with ldapadd and
ldapmodify works just fine.  Unfortunately creating all of the passwords on
another machine and copy and pasting them over is probably not an optimal
solution :)

Do I need to have all of the Samba domain accounts set up before I can use
smbpasswd?  I didn't see anything to indicate that, but it would make some
sense if that were the case.  Well, except how do I set the administrator
password if smbpasswd doesn't work :)

And something else interesting happens when I try to make a connection to
the server via samba (from /var/adm/messages):

Aug  8 15:07:01 yellow smbd[18863]: [ID 293258 user.error] libsldap: Status:
91  Mesg: Error 0
Aug  8 15:07:01 yellow smbd[18863]: [ID 293258 user.error] libsldap: Status:
91  Mesg: Bad file number
Aug  8 15:07:01 yellow smbd[18863]: [ID 293258 user.error] libsldap: Status:
7  Mesg: Session error no available conn.

This is before I try to authenticate - this is simply bringing up a
connection.  Keep in mind, the directory works fine (for everything else not
smbd) or else I couldn't log in.  Perhaps this is related to the my earlier
problem?

Any ideas are appreciated,

Tony


On 8/5/04 4:43 PM, "Paul Gienger" <pgienger at ae-solutions.com> wrote:

> Can't help you on your libiconv issues, but if you would like, I can
> attempt to be your tour guide to getting it set up.  I'm actually doing
> the same thing right now, only difference between us is that I *have*
> gotten it working ;).  But seriously, I'm starting with a clean build of
> a machine and will be using it for migration to samba 3 at our company.
> I have tested it fairly well before, but this is the go-live after a few
> month hiatus.  Sorry, I don't have a full 'here's what you do' listing
> laying around, going from memory here.
> 
> Feel free to ask anything, but keep it on list please so others may see.
> 
> I'm curious as to what language/charset you are running Solaris in and
> any languages you have added support for.
>

More information about the samba mailing list