[Samba] net rpc vampire not working
John H Terpstra
jht at samba.org
Mon Dec 5 17:09:05 GMT 2005
On Sunday 04 December 2005 18:25, Del wrote:
> > Use
> > http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html
> Thanks, that is a great help. I have it working now.
> > I would recommend that the user is familiar with setup, usage,
> > maintenance of LDAP prior to doing this.
> Oh, LDAP is no problem. I'm the author of the LdapImport scripts
> which some of you may have seen
> The problem I was having was correct configuration of samba prior to
> running net rpc vampire.
> Just some notes on the migration guide above that you might want to
> incorporate into a later edition:
> example 9.1: "security = user" is missing? Is this intentional?
> the "configure.pl" script from smbldap-tools adds it to smb.conf
> in any case.
> May be useful to mention extending the LDAP schema before attempting
> any of this, e.g. with the samba.schema file.
> Before Step 7: You can't run ./configure.pl in the smbldap-tools directory
> unless samba is running. So you need to do "service smb start" or
> your OS equivalent first. In fact, before doing that you need to
> inform samba of your LDAP bind DN password using:
> smbpasswd -w <password>
> Step 8: Since you need to start samba before you run ./configure.pl, and
> since samba tries to connect to the LDAP server when it starts, you
> will need to start LDAP before you start samba. So this probably belongs
> around step 4 or 5.
> Step 10: You need to do this before starting Samba, so again this needs
> to happen earlier than step 7.
> Step 11: Also, starting Samba will attempt to populate the LDAP directory.
> On Fedora Directory Server (and in fact any non-OpenLDAP server) you may
> hit troubles doing this because the entries aren't formatted correctly
> with the "top" objectClass (on OpenLDAP this parent object class is added
> automatically). To fix this, what I did was:
> cd /opt/IDEALX/sbin
> /smbldap-populate -e /root/LDAP/smb-populate.ldif.
> vi /root/LDAP/smb-populate.ldif
> Change the last LDIF entry in this file to include "objectClass: top"
> ldapadd -x -c -D 'cn=Directory Manager' -W -f /root/LDAP/smb-populate.ldif
> .. and you will need to supply your root DN password to the above command..
> Step 12: This should not actually be necessary on non-OpenLDAP servers. A
> running LDAP server will notice that its directory has been populated. It
> is, however, the case that the OpenLDAP directory is completely empty after
> installation so you may need to do this.
> Step 14: It might be useful to test this using:
> net rpc testjoin
> Step 17: This seems to take a long time. Expect that -- nothing happens
> in the log file for a few seconds at least, don't panic.
I will review your comments when I get an opportunity.
If I recall correctly, Chapter 9 does say that you need to create a fully
functional server per the example of chapter 5 before attempting to perform
One of the key challenges of prescriptive guidance documentation is the fact
that most people want to short-circuit the learning process ignoring the fact
that every short-cut has consequences. :-)
- John T.
John H Terpstra
Phone: +1 (650) 580-8668
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba