[Samba] smbldap-tools problem with Samba 3.0.1/LDAP 2.1.22/Fedora Core 1

Data Control Systems Inc. - Mike Elkevizth mike at dcsamerica.com
Fri Jan 9 23:21:48 GMT 2004 

I'm trying to setup a samba PDC/BDC with disconnected auth. and am stuck at
step one because I can't get smbldap-tools to work right. First when I do a
smbldap-useradd.pl -a test, it works fine. ldapsearch shows the entry
properly. Then I try smbldap-usershow.pl or smbldap-userdel.pl or any other
one for that matter and they all fail with a "user test does not exist"!
Also if I do a smbldap-useradd.pl -w ... for a workstation add it adds the
workstation to the directory, but doesn't add any samba entries
(SambaSamAccount, etc.). Please someone help, I've been working on this for
quite a while and really need to get it working soon.

Thanks,
Mike


PS tried smbldap-useradd -a -w ... also and it did not work either which
really should never need to be anyhow as the only reason to add a
workstation account with smbldap would be for samba anyhow.

                                                            SMB.CONF File

[global]
 # Basic settings

 workgroup = dcs
 netbios name = Dcs004
 server string = Rittman Server
 security = user

 # Network settings

 time server = yes
 wins support = yes
 name resolve order = wins lmhosts bcast
 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
 hosts allow = 127.0.0.1 192.168.5.0/255.255.255.192
192.168.5.128/255.255.255.192 192.168.5.192/255.255.255.192

 # Domain control options

 os level = 99
 local master = yes
 preferred master = yes
 domain master = yes
 domain logons = yes
 logon script = %U.bat
 logon path = \\%L\profile\

 # Password change and create options for domain control

 unix password sync = yes
 ldap passwd sync = yes
 passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
 encrypt passwords = yes
 passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
 ;add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d
/dev/null -g machines -c 'Machine Account' -s /bin/false %u
 ;add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
 ;delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
 ;add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m
'%u' '%g'
 ;delete user from group script =
/usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
 ;set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g
'%g' '%u'
 ;add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' &&
/usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print
$2}'
 ;delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

 # LDAP settings

 passdb backend = ldapsam
 ldap ssl = no
 ldap admin dn = cn=sambauser,dc=dcs
 ldap suffix = dc=dcs
 ldap machine suffix = ou=Computers
 ldap user suffix = ou=Users
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=IDMap

 # Log settings

 log level = 3
 log file = /var/log/samba/log.%m
 max log size = 50

....Shares

                                                            SLAPD.CONF File

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24
23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include  /etc/openldap/schema/core.schema
include  /etc/openldap/schema/cosine.schema
include  /etc/openldap/schema/inetorgperson.schema
include  /etc/openldap/schema/nis.schema
include  /etc/openldap/schema/redhat/autofs.schema

include  /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Define global ACLs to disable default read access.
include /etc/openldap/slapd.access.conf

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
#argsfile //var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
#TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
#TLSCertificateFile /usr/share/ssl/certs/slapd.pem
#TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
TLSCACertificateFile /usr/share/ssl/certs/cacert.pem
TLSCertificateFile /usr/share/ssl/certs/slapdcrt.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapdkey.pem

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
#  Allow self write access
#  Allow authenticated users read access
#  Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database ldbm
suffix  "dc=dcs"
rootdn  "cn=root,dc=dcs"
rootpw  {MD5}42yH/6KRY4GNICdbwU1OTg==

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 tls=yes
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com at EXAMPLE.COM

More information about the samba mailing list