[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)

adrian sender adrian_au1 at hotmail.com
Fri Mar 3 00:49:25 GMT 2006 

I have this in my slap.conf as per the docs;


access to attrs=sambaLMPassword,sambaNTPassword
           by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
           by * none

Should that work?


>From: "Yanick Durant" <dot at linagora.com>
>To: "adrian sender" <adrian_au1 at hotmail.com>
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->      
>sambaadmin)
>Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET)
>
>You need to give enough rights to your "sambaadmin" to allow him to write
>to the ldap repository for adding users, and updating information.
>
>Ie :
>
>This kind of access rule inside your slapd.conf these line need to be
>after the database tag in the config file.
>This will also allow user to change their password
>
>access to attr=userPassword,sambaLMPassword,sambaNTPassword
>	by self write
>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>	by anonymous auth
>	by * none
>
># The admin dn has full write access
>access to *
>	by self write
>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>	by * read
>
>Regards,
>
>Yanick Durant
>
>
> > I will try to explain my situtation a little better so other can
> > understand.
> >
> > I am sticking to the documentation, (samba 3 by example by jht) 
>excellent
> > book!;
> >
> > So here is where I am at;
> >
> > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as 
>per
> > the documentation chapter 6.
> >
> > I do have a bdc; however there is no relivence to that as I am only
> > working
> > on the PDC at the time;
> >
> > I have these commented out in the slapd.conf for the moment.
> >
> > #replica     host=192.168.0.3:389
> > #            suffix="dc=tinistuff,dc=com"
> > #            binddn="cn=updateuser,dc=tinistuff,dc=com"
> > #            bindmethod=simple credentials=123456
> >
> > #replogfile  /var/lib/ldap/replogfile
> >
> >
> > This is my smb.conf as per chapter 6;
> > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
> >
> > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
> >
> > [root at node1 sbin]# smbpasswd -w 123456
> > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in
> > secrets.tdb
> >
> > Does this look right so far; I am now going to configure smbldaptools as
> > per
> > the documentation; In chapter 5 (./configure)
> >
> > Ok, now we take a look at this -
> > [root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> >
> > ############################
> > # Credential Configuration #
> > ############################
> > # Notes: you can specify two differents configuration if you use a
> > # master ldap for writing access and a slave ldap server for reading
> > access
> > # By default, we will use the same DN (so it will work for standard 
>Samba
> > # release)
> > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
> > slavePw="123456"
> > masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
> > masterPw="123456"
> >
> >
> > Time to populate the ldap DB.
> > [root at node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
> >
> > This does not work because it cannot bind as "sambaadmin"
> >
> > If I change my smbldap_bind to Manager, I can populate the DB.
> >
> > root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> >
> > ############################
> > # Credential Configuration #
> > ############################
> > # Notes: you can specify two differents configuration if you use a
> > # master ldap for writing access and a slave ldap server for reading
> > access
> > # By default, we will use the same DN (so it will work for standard 
>Samba
> > # release)
> > slaveDN="cn=Manager,dc=tinistuff,dc=com"
> > slavePw="123456"
> > masterDN="cn=Manager,dc=tinistuff,dc=com"
> > masterPw="123456"
> >
> > Now it populates fine.
> >
> > Is this a fault on my behalf, or is there something wrong with
> > "sambaadmin"
> > in the config files?
> >
> > PS - please forgive any spelling errors.
> >
> > Kind Regards,
> > Adrian Sender.
> >
> >
> >
> >
> >
> >>From: Gordon Messmer <yinyang at eburg.com>
> >>To: adrian sender <adrian_au1 at hotmail.com>,  samba
> >> <samba at lists.samba.org>
> >>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
> >>sambaadmin)
> >>Date: Wed, 01 Mar 2006 08:13:32 -0800
> >>
> >>Well... you have to create the containers using slapdadd.  After the
> >>containers are present, then you can populate them with users, etc, 
>using
> >>ldapadd or other tools.  If you haven't created the containers, nothing
> >> is
> >>going to work.
> >>
> >>
> >>
> >>adrian sender wrote:
> >>>The database has not been populated, and cannot be populated using
> >>>"sambaadmin"
> >>>
> >>>
> >>>
> >>>>From: Gordon Messmer <yinyang at eburg.com>
> >>>>To: adrian sender <adrian_au1 at hotmail.com>
> >>>>CC: samba at lists.samba.org
> >>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
> >>>>sambaadmin)
> >>>>Date: Tue, 28 Feb 2006 22:01:24 -0800
> >>>>
> >>>>adrian sender wrote:
> >>>>>
> >>>>>[root at node1 scripts]# slapadd -v -l admin-accts.ldif
> >>>>>added: "cn=updateuser,dc=tinistuff,dc=com" (00000002)
> >>>>>added: "cn=sambaadmin,dc=tinistuff,dc=com" (00000003)
> >>>>>Error, entries missing!
> >>>>>  entry 1: dc=tinistuff,dc=com
> >>>>
> >>>>If you dump the database, does "dc=tinistuff,dc=com" show up in there?
> >>>> It
> >>>>looks like the entry for the base DN is missing, which might explain
> >>>> the
> >>>>problems that you're having.
> >>>>
> >>>
> >>>
> >>
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
>
>

More information about the samba mailing list