[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)

Craig White craigwhite at azapple.com
Thu Mar 2 04:16:18 GMT 2006 

On Thu, 2006-03-02 at 14:47 +1100, adrian sender wrote:
> I will try to explain my situtation a little better so other can understand.
> 
> I am sticking to the documentation, (samba 3 by example by jht) excellent 
> book!;
> 
> So here is where I am at;
> 
> I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per 
> the documentation chapter 6.
> 
> I do have a bdc; however there is no relivence to that as I am only working 
> on the PDC at the time;
> 
> I have these commented out in the slapd.conf for the moment.
> 
> #replica     host=192.168.0.3:389
> #            suffix="dc=tinistuff,dc=com"
> #            binddn="cn=updateuser,dc=tinistuff,dc=com"
> #            bindmethod=simple credentials=123456
> 
> #replogfile  /var/lib/ldap/replogfile
> 
> 
> This is my smb.conf as per chapter 6;
> ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
> 
> ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
> 
> [root at node1 sbin]# smbpasswd -w 123456
> Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in 
> secrets.tdb
> 
> Does this look right so far; I am now going to configure smbldaptools as per 
> the documentation; In chapter 5 (./configure)
> 
> Ok, now we take a look at this -
> [root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> 
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
> masterPw="123456"
> 
> 
> Time to populate the ldap DB.
> [root at node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
> 
> This does not work because it cannot bind as "sambaadmin"
> 
> If I change my smbldap_bind to Manager, I can populate the DB.
> 
> root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> 
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=Manager,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=Manager,dc=tinistuff,dc=com"
> masterPw="123456"
> 
> Now it populates fine.
> 
> Is this a fault on my behalf, or is there something wrong with "sambaadmin" 
> in the config files?
> 
> PS - please forgive any spelling errors.
> 
----
the problem with this of course is that this really has nothing to do
with Samba at all - this is strictly a user grappling with LDAP.

What do you get from command line ?

ldapsearch -x -h localhost -D 'cn=Manager,dc=tinistuff,dc=com' -W \
'(cn=sambaadmin)'

If there is a dn: there it should show several attributes including a
userPassword attribute.

My guess is that is why it's not working...either there isn't a dn:
cn=sambaadmin,dc=tinistuff,dc=com or there isn't a userPassword
attribute set.

My recommendation to you is to forget all about samba for a while and
learn how to set up and manage LDAP. Then integrating samba will be a
piece of cake.

Here's my best suggestion, buy LDAP System Administration book by Gerald
Carter (yes, our Jerry)...it's a bit outdated but it makes understanding
LDAP easy.

Using samba to learn LDAP is like trying to use salad tongs to do neuro
surgery.

Craig

More information about the samba mailing list