[Samba] Samba LDAP rootpw error
Matt Richards
matt at mattstone.net
Sun Mar 26 23:36:23 GMT 2006
> Sorry Matt, I've got it going now - at least to the point of getting the
> smbldap-populate to work. The next issue is smbpasswd -a root. It's not
> working. Also, I've installed phpldapadmin and can't get it to connect
> either. The issue now seems to be a TLS connection between Samba and
> LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
> For example, both phpldapadmin and lsmbldap-usermod -J Administrator
> complain about TLS connections to the LDAP server.
>
> I've been looking at the idealx.org instructions for TLS with LDAP but
> still not getting it working.
>
>
> -----------------------------------------------------------------------
>
> Further to the above:
> Trying to get TLS working is a pain. I've also had only slightly better
> luck with trying to not use it. When I don't use it, I can get
> ldapsearch to return a result. However, Samba doesn't seem to want to
> talk to it. When I try to get TLS running, I get TLS errors everywhere. :(
>
>
> Right now I've got it configured, I believe, to not use TLS. When I run
> smbpasswd, I get:
>
> semper:/etc/smbldap-tools# smbpasswd -a root
> fetch_ldap_pw: neither ldap secret retrieved!
> ldap_connect_system: Failed to retrieve password from secrets.tdb
> Connection to LDAP server failed for the 1 try!
>
:) glad its working, hehe er.
ldap_connect_system: Failed to retrieve password from secrets.tdb
from the http://samba.idealx.org/smbldap-tools.en.html doc ...
don't forget to also set the samba account password in secrets.tdb file :
smbpasswd -w samba
... from man smbpasswd ...
-w password
This parameter is only available if Samba has been compiled
with
LDAP support. The -w switch is used to specify the password
to
be used with theldap admin dn. Note that the password is
stored
in the secrets.tdb and is keyed off of the admin's DN.
This
means that if the value of ldap admin dn ever changes, the
pass-
word will need to be manually updated as well.
HTH
Matt.
> I've attached my various .conf files again. Sorry to be such a pain, but
> I am not having any luck by myself.
>
> -------------------------------------------------------------------------
>
> BTW - Here's the results of an ldapsearch:
>
> semper:/var/lib/ldap# smbldap-populate -a Administrator -b nobody
> -semper:/var/lib/ldap# ldapsearch -D cn=admin,dc=rahim-dale,dc=org -b
> dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <dc=rahim-dale,dc=org> with scope sub
> # filter: (objectclass=*)
> # requesting:
> #
>
> # rahim-dale.org
> dn: dc=rahim-dale,dc=org
>
> # admin, rahim-dale.org
> dn: cn=admin,dc=rahim-dale,dc=org
>
> # Users, rahim-dale.org
> dn: ou=Users,dc=rahim-dale,dc=org
>
> # Groups, rahim-dale.org
> dn: ou=Groups,dc=rahim-dale,dc=org
>
> # Computers, rahim-dale.org
> dn: ou=Computers,dc=rahim-dale,dc=org
>
> # Idmap, rahim-dale.org
> dn: ou=Idmap,dc=rahim-dale,dc=org
>
> # rahim-dale, rahim-dale.org
> dn: sambaDomainName=rahim-dale,dc=rahim-dale,dc=org
>
> # Administrator, Users, rahim-dale.org
> dn: uid=Administrator,ou=Users,dc=rahim-dale,dc=org
>
> # nobody, Users, rahim-dale.org
> dn: uid=nobody,ou=Users,dc=rahim-dale,dc=org
>
> # Domain Admins, Groups, rahim-dale.org
> dn: cn=Domain Admins,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Users, Groups, rahim-dale.org
> dn: cn=Domain Users,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Guests, Groups, rahim-dale.org
> dn: cn=Domain Guests,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Computers, Groups, rahim-dale.org
> dn: cn=Domain Computers,ou=Groups,dc=rahim-dale,dc=org
>
> # Administrators, Groups, rahim-dale.org
> dn: cn=Administrators,ou=Groups,dc=rahim-dale,dc=org
>
> # Print Operators, Groups, rahim-dale.org
> dn: cn=Print Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Backup Operators, Groups, rahim-dale.org
> dn: cn=Backup Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Replicators, Groups, rahim-dale.org
> dn: cn=Replicators,ou=Groups,dc=rahim-dale,dc=org
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 18
> # numEntries: 17
>
>
More information about the samba
mailing list