[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin)

adrian sender adrian_au1 at hotmail.com
Fri Mar 3 13:25:05 GMT 2006 

Well I am glad that there has been alot of input on this topic, alot of 
people are having different opinions but that is because we are not focusing 
with the problem at hand.

The documentation provides full details on how to get samba + ldap working 
from scratch; but there seems to be a gap between chapter 5 & 6;

Once again I will say I love this book; by far the best technical reference 
manaual available for samba and highly recommend it.

Chapter 6, is it assumeing we are starting fresh here, because the ldap 
database is placed in a different directory to what was in chapter 5 
slapd.conf?

Questions;

1. If it is assumeing that we are starting from scratch; all configuration 
files are to that of the documentation - why will the database not populate 
with the smbldap-tools using sambaadmin?

2. If I change sambaadmin to Manager all works fine; is there anything wrong 
with doing this.

3. I am not interested in learning ldap and its complexities, otherwise I 
would not have bothered using ldap, samba 3 by example provides simple steps 
- however this step I am stuck with.

4. A solution ?

For over a year now I have worked around this by using Manager in place of 
sambaadmin - but it is time for me to get to the bottom of this so I can 
start with another problem and  move on to testing samba4.

All your help and time is greatly appreciated.


Thanks.
Adrian.


>From: "adrian sender" <adrian_au1 at hotmail.com>
>To: dot at linagora.com
>CC: samba at lists.samba.org
>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager 
>->sambaadmin)
>Date: Fri, 03 Mar 2006 11:49:25 +1100
>I have this in my slap.conf as per the docs;
>
>
>access to attrs=sambaLMPassword,sambaNTPassword
>           by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>           by * none
>
>Should that work?
>
>
>>From: "Yanick Durant" <dot at linagora.com>
>>To: "adrian sender" <adrian_au1 at hotmail.com>
>>CC: samba at lists.samba.org
>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->      
>>sambaadmin)
>>Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET)
>>
>>You need to give enough rights to your "sambaadmin" to allow him to write
>>to the ldap repository for adding users, and updating information.
>>
>>Ie :
>>
>>This kind of access rule inside your slapd.conf these line need to be
>>after the database tag in the config file.
>>This will also allow user to change their password
>>
>>access to attr=userPassword,sambaLMPassword,sambaNTPassword
>>	by self write
>>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>>	by anonymous auth
>>	by * none
>>
>># The admin dn has full write access
>>access to *
>>	by self write
>>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>>	by * read
>>
>>Regards,
>>
>>Yanick Durant
>>
>>
>> > I will try to explain my situtation a little better so other can
>> > understand.
>> >
>> > I am sticking to the documentation, (samba 3 by example by jht) 
>>excellent
>> > book!;
>> >
>> > So here is where I am at;
>> >
>> > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf as 
>>per
>> > the documentation chapter 6.
>> >
>> > I do have a bdc; however there is no relivence to that as I am only
>> > working
>> > on the PDC at the time;
>> >
>> > I have these commented out in the slapd.conf for the moment.
>> >
>> > #replica     host=192.168.0.3:389
>> > #            suffix="dc=tinistuff,dc=com"
>> > #            binddn="cn=updateuser,dc=tinistuff,dc=com"
>> > #            bindmethod=simple credentials=123456
>> >
>> > #replogfile  /var/lib/ldap/replogfile
>> >
>> >
>> > This is my smb.conf as per chapter 6;
>> > ***Note we are using "sambaadmin" and not "Manager" as in Chapter 5***
>> >
>> > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
>> >
>> > [root at node1 sbin]# smbpasswd -w 123456
>> > Setting stored password for "cn=sambaadmin,dc=tinistuff,dc=com" in
>> > secrets.tdb
>> >
>> > Does this look right so far; I am now going to configure smbldaptools 
>>as
>> > per
>> > the documentation; In chapter 5 (./configure)
>> >
>> > Ok, now we take a look at this -
>> > [root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>> >
>> > ############################
>> > # Credential Configuration #
>> > ############################
>> > # Notes: you can specify two differents configuration if you use a
>> > # master ldap for writing access and a slave ldap server for reading
>> > access
>> > # By default, we will use the same DN (so it will work for standard 
>>Samba
>> > # release)
>> > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
>> > slavePw="123456"
>> > masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
>> > masterPw="123456"
>> >
>> >
>> > Time to populate the ldap DB.
>> > [root at node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
>> >
>> > This does not work because it cannot bind as "sambaadmin"
>> >
>> > If I change my smbldap_bind to Manager, I can populate the DB.
>> >
>> > root at node1 sbin]# cat /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>> >
>> > ############################
>> > # Credential Configuration #
>> > ############################
>> > # Notes: you can specify two differents configuration if you use a
>> > # master ldap for writing access and a slave ldap server for reading
>> > access
>> > # By default, we will use the same DN (so it will work for standard 
>>Samba
>> > # release)
>> > slaveDN="cn=Manager,dc=tinistuff,dc=com"
>> > slavePw="123456"
>> > masterDN="cn=Manager,dc=tinistuff,dc=com"
>> > masterPw="123456"
>> >
>> > Now it populates fine.
>> >
>> > Is this a fault on my behalf, or is there something wrong with
>> > "sambaadmin"
>> > in the config files?
>> >
>> > PS - please forgive any spelling errors.
>> >
>> > Kind Regards,
>> > Adrian Sender.
>> >

More information about the samba mailing list