RE [Samba] Problems with OpenLDAP
2.2.20/Samba 3.0.10 and smbpasswd
spu at corman.be
spu at corman.be
Tue Jan 11 16:16:39 GMT 2005
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
11/01/2005 17:06:16 :
> Hi again,
>
> you say, i cannot compile with --with-ldap and --with-ldapsam.
> Can you tell me why ?
--with-ldap is used for samba-3 schema
--with-ldapsam is used for old samba 2.2 schema.
You can also read this :
http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2531776
> Which one should i use, my intention is to
> store all the secrets and attributs samba needs
> in an openldap-Server ... ?
Ok, I have a samba server with this configuration
Samb with LDAP+ACL
> Greets Harry
>
> spu at corman.be schrieb:
> >
> >
> >
> >
> > You cannot compile with --with-ldap and --with-ldapsam both.
> >
> >
> > -----------------------------------
> > Stéphane PURNELLE stephane.purnelle at corman.be
> > Service Informatique Corman S.A. Tel : 00 32 087/342467
> >
> > samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
> > 11/01/2005 16:52:21 :
> >
> >
> >>Hi,
> >>
> >>i compiled with the following little script :
> >>---snipp--
> >>#!/bin/sh
> >>#
> >># configure & make template-script
> >>#
> >># generated 2005.01.07 13:09,33 by make-mk
> >>#
> >># (c) H. Rueter 01/2005
> >>#
> >>CPPFLAGS="-I /usr/local/bdb-4.3/include
> >>LDFLAGS="-L /usr/local/bdb-4.3/lib
> >>PATH=/usr/local/heimdal/bin:$PATH
> >>
> >>LD_LIBRARY_PATH="/usr/local/bdb-4.3/lib:$LD_LIBRARY_PATH"
> >>
> >>export CPPFLAGS LDFLAGS LD_LIBRARY_PATH PATH
> >>
> >>make clean
> >>
> >>./configure \
> >>--prefix=/usr/local/samba-3.0.10 \
> >>--mandir=/usr/man \
> >>--enable-static=yes \
> >>--enable-shared=yes \
> >>--enable-cups \
> >>--with-smbwrapper \
> >>--with-ldap \
> >>--with-ads \
> >>--with-krb5=/usr/local/heimdal \
> >>--with-automount \
> >>--with-smbmount \
> >>--with-pam \
> >>--with-pam_smbpass \
> >>--with-ldapsam \
> >>--with-syslog \
> >>--with-profiling-data \
> >>--with-quotas \
> >>--with-sys-quotas \
> >>--with-utmp \
> >>--with-manpages-langs={en} \
> >>--with-libsmbclient \
> >>--with-acl-support \
> >>--with-sendfile-support \
> >>--with-winbind \
> >>--with-included-popt \
> >>&& make && make install
> >>---snipp--
> >>
> >>So compiled in both options , is this a mistake ?
> >>
> >>greets Harry
> >>
> >>spu at corman.be schrieb:
> >>
> >>>
> >>>
> >>>Hi,
> >>>
> >>>have compiled with --with-ldap or --with-ldapsam ?
> >>>
> >>>If --with-ldap, you must delete these lines :
> >>>ldap server = 486dx66.hrnet.de
> >>>ldap port = 1389
> >>>
> >>>
> >>>
> >>>
> >>>-----------------------------------
> >>>Stéphane PURNELLE stephane.purnelle at corman.be
> >>>Service Informatique Corman S.A. Tel : 00 32
087/342467
> >>>
> >>>samba-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit sur
> >>>11/01/2005 16:33:31 :
> >>>
> >>>
> >>>
> >>>>Hi everybody,
> >>>>
> >>>>i'm having serious problems with the configuration
> >>>>of samba 3.0.10.
> >>>>
> >>>>First my setup :
> >>>>
> >>>>samba-3.0.10 built from source
> >>>>openldap-2.2.20 built from source
> >>>>OS : Suse Linux 7.1 (but updated -> Kernel 2.4.27)
> >>>>
> >>>>My problem :
> >>>>------------
> >>>>
> >>>>I'm trying to use smbpasswd like the following :
> >>>>
> >>>>---snipp---
> >>>>[PTS2] 486dx66:/usr/local/samba3 # bin/smbpasswd -D 10 tina
> >>>>Netbios name list:-
> >>>>my_netbios_names[0]="486DX66"
> >>>>Trying to load: ldapsam:ldap://486dx66.hrnet.de:1389/
> >>>>Attempting to register passdb backend ldapsam
> >>>>Successfully added passdb backend 'ldapsam'
> >>>>Attempting to register passdb backend ldapsam_compat
> >>>>Successfully added passdb backend 'ldapsam_compat'
> >>>>Attempting to register passdb backend smbpasswd
> >>>>Successfully added passdb backend 'smbpasswd'
> >>>>Attempting to register passdb backend tdbsam
> >>>>Successfully added passdb backend 'tdbsam'
> >>>>Attempting to register passdb backend guest
> >>>>Successfully added passdb backend 'guest'
> >>>>Attempting to find an passdb backend to match
> >>>>
> >>>>---snipp---
> >>>>
> >>>>Everything seems to be okay,
> >>>>but the following lines are the important ones ...
> >>>>
> >>>>---snipp---
> >>>>ldapsam:ldap://486dx66.hrnet.de:1389/ (ldapsam)
> >>>>Found pdb backend ldapsam
> >>>>Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))]
> >>>>smbldap_search: base => [dc=hrnet,dc=de], filter =>
> >>>>[(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))], scope =>
[2]
> >>>>smbldap_open_connection: ldap://486dx66.hrnet.de:1389/
> >>>>smbldap_open_connection: connection opened
> >>>>fetch_ldap_pw: neither ldap secret retrieved!
> >>>>ldap_connect_system: Failed to retrieve password from secrets.tdb
> >>>>Connection to LDAP server failed for the 1 try!
> >>>>---snipp---
> >>>>
> >>>>And so on. So, it is said, there's a connection opened to
> >>>>ldap://486dx66.hrnet.de:1389/
> >>>>but it isn't as the logs auf openldap show (there's no entry which
> >
> > shows
> >
> >>>>any connection from smbpasswd to LDAP-Server, believe me, i can't
show
> >>>>you anything,although loglevel is set to -1, which means that
> >>>>everything would/will be logged)
> >>>>
> >>>>So one could think, there's simple a problem with OpenLDAP,
> >>>>so let's try a similar search :
> >>>>
> >>>>---snipp---
> >>>>[PTS2] 486dx66:/usr/local/samba3 # ../openldap-2.2/bin/ldapsearch -x
-H
> >>>>ldap://486dx66.hrnet.de:1389 -b dc=hrnet,dc=de -s sub
> >>>>'(&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))'
> >>>># extended LDIF
> >>>>#
> >>>># LDAPv3
> >>>># base <dc=hrnet,dc=de> with scope sub
> >>>># filter: (&(objectClass=sambaDomain)(sambaDomainName=HRDOMAIN))
> >>>># requesting: ALL
> >>>>#
> >>>>
> >>>># HRDOMAIN, hrnet.de
> >>>>dn: sambaDomainName=HRDOMAIN,dc=hrnet,dc=de
> >>>>sambaNextUserRid: 41000
> >>>>sambaSID: S-1-5-21-2344209003-2394295749-876522236
> >>>>objectClass: sambaDomain
> >>>>sambaAlgorithmicRidBase: 1000
> >>>>sambaDomainName: HRDOMAIN
> >>>>
> >>>># search result
> >>>>search: 2
> >>>>result: 0 Success
> >>>>
> >>>># numResponses: 2
> >>>># numEntries: 1
> >>>>[PTS2] root at 486dx66:/usr/local/samba3 #
> >>>>
> >>>>---snipp---
> >>>>
> >>>>So OpenLDAP works , i can see it in the logs too ....
> >>>>(too much to show, so you must believe me ;o)
> >>>>
> >>>>Now my question :
> >>>>
> >>>>Does anybody see, where the problem comes from,
> >>>>is there a mistake in my smb.conf or does anyone
> >>>>have hints/solutions ?
> >>>>
> >>>>I tried with ssl=on,ssl=off,ssl = start tls,
> >>>>but this didn't change anything.
> >>>>It must be a samba problem as all tools i tried are working
> >>>>well with Openldap (did mostly try a search to test ..)
> >>>>
> >>>>
> >>>>Here is my smb.conf (only the globals) :
> >>>>
> >>>>---snipp---
> >>>>[global]
> >>>> netbios name = 486DX66
> >>>> workgroup = HRDOMAIN
> >>>> domain logons = Yes
> >>>> domain master = Yes
> >>>> security = User
> >>>>
> >>>> server string = Samba-PDC %v on %h
> >>>>
> >>>> passdb backend = ldapsam:ldap://486dx66.hrnet.de:1389/
> >>>>
> >>>> ldap server = 486dx66.hrnet.de
> >>>> ldap suffix = "dc=hrnet,dc=de"
> >>>> ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
> >>>> ldap port = 1389
> >>>> ldap admin dn = "cn=ldapadmin,dc=hrnet,dc=de"
> >>>> ldap ssl = off
> >>>> ldap user suffix = ou=users
> >>>> ldap group suffix = ou=groups
> >>>> ldap machine suffix = ou=machines
> >>>>
> >>>> encrypt passwords = yes
> >>>> time server = Yes
> >>>>
> >>>> kernel oplocks = no
> >>>> short preserve case = yes
> >>>> wins support = no
> >>>> case sensitive = no
> >>>> max log size = 1000
> >>>>
> >>>> lock dir = /var/lock/samba
> >>>> log file = /var/log/samba-%m.log
> >>>> load printers = yes
> >>>> logon drive = v:
> >>>> os level = 255
> >>>> create mask = 0661
> >>>> logon home = \\%N\%u\.profiles
> >>>> printing = cups
> >>>> printcap = cups
> >>>>
> >>>>
> >>>>---snipp---
> >>>>
> >>>>So, i would be very thankfull if someone
> >>>>could give me a hint ...
> >>>>
> >>>>If mor informations/logs/traces are needed tell
> >>>>me, i will send them ..
> >>>>
> >>>>grets Harry
> >>>>--
> >>>>To unsubscribe from this list go to the following URL and read the
> >>>>instructions: https://lists.samba.org/mailman/listinfo/samba
> >>>
> >>>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions: https://lists.samba.org/mailman/listinfo/samba
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list