[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)

Yanick Durant dot at linagora.com
Thu Mar 2 08:49:19 GMT 2006 

You need to give enough rights to your "sambaadmin" to allow him to write
to the ldap repository for adding users, and updating information.

Ie :

This kind of access rule inside your slapd.conf these line need to be
after the database tag in the config file.
This will also allow user to change their password

access to attr=userPassword,sambaLMPassword,sambaNTPassword
	by self write
	by dn="cn=Manager,dc=tinistuff,dc=com" write
	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
	by anonymous auth
	by * none

# The admin dn has full write access
access to *
	by self write
	by dn="cn=Manager,dc=tinistuff,dc=com" write
	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
	by * read

Regards,

Yanick Durant


> I will try to explain my situtation a little better so other can
> understand.
>
> I am sticking to the documentation, (samba 3 by example by jht) excellent
> book!;
>
> So here is where I am at;
>
> I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as per
> the documentation chapter 6.
>
> I do have a bdc; however there is no relivence to that as I am only
> working
> on the PDC at the time;
>
> I have these commented out in the slapd.conf for the moment.
>
> #replica     host=192.168.0.3:389
> #            suffix="dc=tinistuff,dc=com"
> #            binddn="cn=updateuser,dc=tinistuff,dc=com"
> #            bindmethod=simple credentials=123456
>
> #replogfile  /var/lib/ldap/replogfile
>
>
> This is my smb.conf as per chapter 6;
> ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
>
> ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
>
> [root at node1 sbin]# smbpasswd -w 123456
> Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in
> secrets.tdb
>
> Does this look right so far; I am now going to configure smbldaptools as
> per
> the documentation; In chapter 5 (./configure)
>
> Ok, now we take a look at this -
> [root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading
> access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
> masterPw="123456"
>
>
> Time to populate the ldap DB.
> [root at node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
>
> This does not work because it cannot bind as "sambaadmin"
>
> If I change my smbldap_bind to Manager, I can populate the DB.
>
> root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>
> ############################
> # Credential Configuration #
> ############################
> # Notes: you can specify two differents configuration if you use a
> # master ldap for writing access and a slave ldap server for reading
> access
> # By default, we will use the same DN (so it will work for standard Samba
> # release)
> slaveDN="cn=Manager,dc=tinistuff,dc=com"
> slavePw="123456"
> masterDN="cn=Manager,dc=tinistuff,dc=com"
> masterPw="123456"
>
> Now it populates fine.
>
> Is this a fault on my behalf, or is there something wrong with
> "sambaadmin"
> in the config files?
>
> PS - please forgive any spelling errors.
>
> Kind Regards,
> Adrian Sender.
>
>
>
>
>
>>From: Gordon Messmer <yinyang at eburg.com>
>>To: adrian sender <adrian_au1 at hotmail.com>,  samba
>> <samba at lists.samba.org>
>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
>>sambaadmin)
>>Date: Wed, 01 Mar 2006 08:13:32 -0800
>>
>>Well... you have to create the containers using slapdadd.  After the
>>containers are present, then you can populate them with users, etc, using
>>ldapadd or other tools.  If you haven't created the containers, nothing
>> is
>>going to work.
>>
>>
>>
>>adrian sender wrote:
>>>The database has not been populated, and cannot be populated using
>>>"sambaadmin"
>>>
>>>
>>>
>>>>From: Gordon Messmer <yinyang at eburg.com>
>>>>To: adrian sender <adrian_au1 at hotmail.com>
>>>>CC: samba at lists.samba.org
>>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
>>>>sambaadmin)
>>>>Date: Tue, 28 Feb 2006 22:01:24 -0800
>>>>
>>>>adrian sender wrote:
>>>>>
>>>>>[root at node1 scripts]# slapadd -v -l admin-accts.ldif
>>>>>added: "cn=updateuser,dc=tinistuff,dc=com" (00000002)
>>>>>added: "cn=sambaadmin,dc=tinistuff,dc=com" (00000003)
>>>>>Error, entries missing!
>>>>>  entry 1: dc=tinistuff,dc=com
>>>>
>>>>If you dump the database, does "dc=tinistuff,dc=com" show up in there?
>>>> It
>>>>looks like the entry for the base DN is missing, which might explain
>>>> the
>>>>problems that you're having.
>>>>
>>>
>>>
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>

More information about the samba mailing list