[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)

Craig White craigwhite at azapple.com
Fri Mar 3 03:08:32 GMT 2006 

you are gonna need to add 'self write' to your ACL's for users to login.

You probably should follow Yanick's very simple ACL's at first - just to
get you started but you aren't going to learn ACL's from samba

Craig

On Fri, 2006-03-03 at 11:49 +1100, adrian sender wrote:
> I have this in my slap.conf as per the docs;
> 
> 
> access to attrs=sambaLMPassword,sambaNTPassword
>            by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>            by * none
> 
> Should that work?
> 
> 
> >From: "Yanick Durant" <dot at linagora.com>
> >To: "adrian sender" <adrian_au1 at hotmail.com>
> >CC: samba at lists.samba.org
> >Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->      
> >sambaadmin)
> >Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET)
> >
> >You need to give enough rights to your "sambaadmin" to allow him to write
> >to the ldap repository for adding users, and updating information.
> >
> >Ie :
> >
> >This kind of access rule inside your slapd.conf these line need to be
> >after the database tag in the config file.
> >This will also allow user to change their password
> >
> >access to attr=userPassword,sambaLMPassword,sambaNTPassword
> >	by self write
> >	by dn="cn=Manager,dc=tinistuff,dc=com" write
> >	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
> >	by anonymous auth
> >	by * none
> >
> ># The admin dn has full write access
> >access to *
> >	by self write
> >	by dn="cn=Manager,dc=tinistuff,dc=com" write
> >	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
> >	by * read
> >
> >Regards,
> >
> >Yanick Durant
> >
> >
> > > I will try to explain my situtation a little better so other can
> > > understand.
> > >
> > > I am sticking to the documentation, (samba 3 by example by jht) 
> >excellent
> > > book!;
> > >
> > > So here is where I am at;
> > >
> > > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as 
> >per
> > > the documentation chapter 6.
> > >
> > > I do have a bdc; however there is no relivence to that as I am only
> > > working
> > > on the PDC at the time;
> > >
> > > I have these commented out in the slapd.conf for the moment.
> > >
> > > #replica     host=192.168.0.3:389
> > > #            suffix="dc=tinistuff,dc=com"
> > > #            binddn="cn=updateuser,dc=tinistuff,dc=com"
> > > #            bindmethod=simple credentials=123456
> > >
> > > #replogfile  /var/lib/ldap/replogfile
> > >
> > >
> > > This is my smb.conf as per chapter 6;
> > > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
> > >
> > > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
> > >
> > > [root at node1 sbin]# smbpasswd -w 123456
> > > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in
> > > secrets.tdb
> > >
> > > Does this look right so far; I am now going to configure smbldaptools as
> > > per
> > > the documentation; In chapter 5 (./configure)
> > >
> > > Ok, now we take a look at this -
> > > [root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> > >
> > > ############################
> > > # Credential Configuration #
> > > ############################
> > > # Notes: you can specify two differents configuration if you use a
> > > # master ldap for writing access and a slave ldap server for reading
> > > access
> > > # By default, we will use the same DN (so it will work for standard 
> >Samba
> > > # release)
> > > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
> > > slavePw="123456"
> > > masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
> > > masterPw="123456"
> > >
> > >
> > > Time to populate the ldap DB.
> > > [root at node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
> > >
> > > This does not work because it cannot bind as "sambaadmin"
> > >
> > > If I change my smbldap_bind to Manager, I can populate the DB.
> > >
> > > root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
> > >
> > > ############################
> > > # Credential Configuration #
> > > ############################
> > > # Notes: you can specify two differents configuration if you use a
> > > # master ldap for writing access and a slave ldap server for reading
> > > access
> > > # By default, we will use the same DN (so it will work for standard 
> >Samba
> > > # release)
> > > slaveDN="cn=Manager,dc=tinistuff,dc=com"
> > > slavePw="123456"
> > > masterDN="cn=Manager,dc=tinistuff,dc=com"
> > > masterPw="123456"
> > >
> > > Now it populates fine.
> > >
> > > Is this a fault on my behalf, or is there something wrong with
> > > "sambaadmin"
> > > in the config files?
> > >
> > > PS - please forgive any spelling errors.
> > >
> > > Kind Regards,
> > > Adrian Sender.
> > >
> > >
> > >
> > >
> > >
> > >>From: Gordon Messmer <yinyang at eburg.com>
> > >>To: adrian sender <adrian_au1 at hotmail.com>,  samba
> > >> <samba at lists.samba.org>
> > >>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
> > >>sambaadmin)
> > >>Date: Wed, 01 Mar 2006 08:13:32 -0800
> > >>
> > >>Well... you have to create the containers using slapdadd.  After the
> > >>containers are present, then you can populate them with users, etc, 
> >using
> > >>ldapadd or other tools.  If you haven't created the containers, nothing
> > >> is
> > >>going to work.
> > >>
> > >>
> > >>
> > >>adrian sender wrote:
> > >>>The database has not been populated, and cannot be populated using
> > >>>"sambaadmin"
> > >>>
> > >>>
> > >>>
> > >>>>From: Gordon Messmer <yinyang at eburg.com>
> > >>>>To: adrian sender <adrian_au1 at hotmail.com>
> > >>>>CC: samba at lists.samba.org
> > >>>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
> > >>>>sambaadmin)
> > >>>>Date: Tue, 28 Feb 2006 22:01:24 -0800
> > >>>>
> > >>>>adrian sender wrote:
> > >>>>>
> > >>>>>[root at node1 scripts]# slapadd -v -l admin-accts.ldif
> > >>>>>added: "cn=updateuser,dc=tinistuff,dc=com" (00000002)
> > >>>>>added: "cn=sambaadmin,dc=tinistuff,dc=com" (00000003)
> > >>>>>Error, entries missing!
> > >>>>>  entry 1: dc=tinistuff,dc=com
> > >>>>
> > >>>>If you dump the database, does "dc=tinistuff,dc=com" show up in there?
> > >>>> It
> > >>>>looks like the entry for the base DN is missing, which might explain
> > >>>> the
> > >>>>problems that you're having.
> > >>>>
> > >>>
> > >>>
> > >>
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> > >
> >
> >
> 
>

More information about the samba mailing list