[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
GG
jojomi at gmail.com
Wed Apr 7 08:14:52 MDT 2010
Hello Vladimir and anyone else reading :-) !
Attaching these files:
- gg-edited.ldif
- slapd.conf.destination.txt
- slapd.conf.source.txt
- ldap.conf.destination.txt
- ldap.conf.source.txt
- slapadd-ing.LOG this was the log while importing ldif
NET SID ETC
net setlocalsid S-1-5-21-1168...........-..................-...............2
net setdomainsid S-1-5-21-1168...........-..................-...............1
does net setlocal and domain sid have sense or should it be
net setdomainsid
twice with different sids?
Thanks very much!
Giorgio
On 4/6/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> Hi Gorgio
>
> Dne 2.4.2010 17:01, GG napsal(a):
> > Hi all,
> >
> > So I have
> > openldap2-2.1.12-74
> > samba-2.2.7a-72
> >
> > I would like to migrate this existing PDC service to a new server and
> > to current production / stable releases (especially for windows 7
> > joining to the domain).
> >
> > New server is Debian Lenny stable.
> >
> > I have exported the domain SID, and ldap.ldif
> >
> > Now lets get down to it :-)
> > Before importing should I do something about organizational units and so? How?
> >
> >> Import only data to LDAP no configs (slapcat->slapadd)
> > slapadd -c -l slapcat.ldif
> > I did this but attached errors showed up.
> >
> > Error, entries missing!
> > entry 3: dc=people,dc=ExampleDomain,dc=it
> > entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
>
> Can you post first 100 lines of your ldif you try to import? You
> probably missing some base ldif.
>
> >
> >
> > I know nothing about ldap, but my ldap is probably missing some pre
> > required settings ? :-/
> >
>
> Can you post slapd.conf also?
>
>
> > Cheers!
> > Giorgio
> >
> >> Configs yes, live data no, but if you have ldap it *should* be enough to
> >> import ldif from old server, configure samba to use ldap and run smbpasswd
> >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> >> samba see imported users in ldap (pdbedit -L).
> >
> >
> >
> >
> >
> >
> > On 3/27/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> >> On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com> wrote:
> >>> wow I made it!
> >>>
> >>> I copied net and all the libs it complained about from another suse
> >>> server which was not missing it :-)
> >>>
> >>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> >>> Unknown parameter encountered: "domain admin group"
> >>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> >>> Ignoring unknown parameter "domain admin group"
> >>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> >>> is: S-1-5-21-1bla bla
> >>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> >>>
> >>> Which shall I import?
> >>>
> >>
> >> Import both for sure:-). First is localsid, second is domainsid
> >>
> >>> So now back to mail number 2 :-)
> >>>
> >>> LDAP: I exported ldif :-) now
> >>> I copied /etc/groups passwd shadow aliases
> >>>
> >>> now on the new server:
> >>>
> >>> how do I import LDAP and all its configs,
> >>> samba and all its configs are only in smb.conf?
> >>>
> >> Import only data to LDAP no configs (slapcat->slapadd)
> >> Configs yes, live data no, but if you have ldap it *should* be enough to
> >> import ldif from old server, configure samba to use ldap and run smbpasswd
> >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> >> samba see imported users in ldap (pdbedit -L).
> >>
> >>> :-)
> >>> Giorgio
> >>>
> >>>
> >>>
> >>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> >>>> Paste ldap admin dn or ldap suffix in your smb.conf
> >>>>
> >>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> >>>>> try this:
> >>>>>
> >>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> >>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> >>>>>
> >>>>> Dne 26.3.2010 15:00, GG napsal(a):
> >>>>>> Hello!
> >>>>>>
> >>>>>> I'm stuck on getdomainsid: Net command is missing even though libs
> >> and
> >>>>>> smbclient are installed.
> >>>>>>
> >>>>>> I tried this:
> >>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
> >>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> >>>>>> Enter LDAP Password:
> >>>>>> # extended LDIF
> >>>>>> #
> >>>>>> # LDAPv3
> >>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
> >>>>>> # filter: (objectclass=*)
> >>>>>> # requesting: ALL
> >>>>>> #
> >>>>>>
> >>>>>> # search result
> >>>>>> search: 2
> >>>>>> result: 34 Invalid DN syntax
> >>>>>> text: invalid DN
> >>>>>>
> >>>>>> # numResponses: 1
> >>>>>>
> >>>>>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
> >>>>>> I used WORKGROUP as it is the domain we use on pcs and the only one
> >>>>>> defined in smb.conf
> >>>>>>
> >>>>>> I also tried using my pdc HOSTNAME
> >>>>>>
> >>>>>> and this was returned
> >>>>>> # LDAPv3
> >>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
> >>>>>> # filter: (objectclass=*)
> >>>>>> # requesting: ALL
> >>>>>> #
> >>>>>>
> >>>>>> # search result
> >>>>>> search: 2
> >>>>>> result: 34 Invalid DN syntax
> >>>>>> text: invalid DN
> >>>>>>
> >>>>>> # numResponses: 1
> >>>>>>
> >>>>>> Any way to get through this or how to use net command? Maybe
> >> updating
> >>>>>> samba-client?
> >>>>>>
> >>>>>> I tried rpm -i samba-client but it says
> >>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >> samba-client-2.2.12-1.rpm
> >>>>>>
> >>>>>> I found also the original package but it says it is already
> >> installed.
> >>>>>>
> >>>>>> What happens if I remove samba-client and reinstall it soon after on
> >>>>>> the production pdc?
> >>>>>>
> >>>>>>
> >>>>>> Giorgio
> >>>>>>
> >>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> >>>>>>> Dne 26.3.2010 13:50, GG napsal(a):
> >>>>>>>> Hello!
> >>>>>>>>
> >>>>>>>>>> Have you samba-client package installed?
> >>>>>>>>>>
> >>>>>>>>
> >>>>>>>> yes I do at least smbclient is there! but no net command :-/
> >>>>>>>>
> >>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >>>>>>>>
> >>>>>>>> So here are the issues encountered...
> >>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >>>>>>>> samba-client-2.2.12-1.rpm
> >>>>>>>> I found on net...
> >>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> or you can dig domainsid from ldap
> >>>>>>>>
> >>>>>>>> This sounds interesting! How do I do that?
> >>>>>>>>
> >>>>>>>
> >>>>>>> modify to your needs (domain):
> >>>>>>>
> >>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
> >>>>>>> "sambaDomainName=domain,dc=domain,dc=cz"
> >>>>>>>
> >>>>>>> sambaSID: is your domainsid
> >>>>>>>
> >>>>>>> or you can use phpldapadmin to manage you ldap from browser
> >>>>>>>
> >>>>>>>> Thanks very much!
> >>>>>>>> Giorgio
> >>>>>>>>
> >>>>>>>> On 3/26/10, GG <jojomi at gmail.com> wrote<script
> >> type="text/javascript"
> >> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
> >>>>>>>>> Hi!
> >>>>>>>>>
> >>>>>>>>> I'll be at it in a few minutes installing samba client / net
> >>>>>>>>> command :-)
> >>>>>>>>>
> >>>>>>>>> I have a question about the samba sernet repos:
> >>>>>>>>> Shall I apt-get remove samba and use
> >>>>>>>>> http://enterprisesamba.com/index.php?id=148 +
> >>>>>>>>> http://enterprisesamba.com/index.php?id=56
> >>>>>>>>> instead from start?
> >>>>>>>>>
> >>>>>>>>> What is the real advantage of sernet? What about installing
> >>>>>>>>> official
> >>>>>>>>> samba.org packages, are there differences with sernet
> >> (stability?)
> >>>>>>>>> or
> >>>>>>>>> is it just a more liberal repository?
> >>>>>>>>>
> >>>>>>>>> Also I read
> >>>>>>>>>>>> Ensure that all local user and group accounts that are used by
> >>>>>>>>>>>> samba
> >>>>>>>>>>>> have the same uid/gid.
> >>>>>>>>>
> >>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
> >>>>>>>>> groups
> >>>>>>>>> and users?
> >>>>>>>>>
> >>>>>>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \
> >>>>>>>>> --recursive --times --perms --links \
> >>>>>>>>> --owner --group --devices --specials \
> >>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in this case
> >> as
> >>>>>>>>> I'm only syncing data dir)' \
> >>>>>>>>> root at old_PDC:/DATA /DATA
> >>>>>>>>>
> >>>>>>>>> This should bring over every attribute set on files... correct?
> >>>>>>>>>
> >>>>>>>>> [[[did only partially in one case: I set up a twin install (fresh
> >>>>>>>>> install then live cd and full rsync and after that I kept mbr,
> >> but
> >>>>>>>>> changed /boot and the /ect/fstab settings) and the server started
> >>>>>>>>> etc.. LDAP did not work though: authentication was not
> >> available...
> >>>>>>>>> So I must be missing something or this rsync parameter set must
> >> be
> >>>>>>>>> missing something.. I had disconnected old PDC, set same IP and
> >>>>>>>>> hostname to the VM well this worked well for other
> >> virtualizations
> >>>>>>>>> and
> >>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version
> >>>>>>>>> anyway
> >>>>>>>>> :-)
> >>>>>>>>> This was another story but just to share it as it is an excellent
> >>>>>>>>> way
> >>>>>>>>> of migrating sometimes specially for machines you do not master
> >> and
> >>>>>>>>> this is my case very often.]]]
> >>>>>>>>>
> >>>>>>>>> Cheers,
> >>>>>>>>> Giorgio
> >>>>>>>>>
> >>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
> >>>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
> >>>>>>>>>> Hi
> >>>>>>>>>>
> >>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
> >>>>>>>>>>> Hello Vladimir, John and all the NG :-)
> >>>>>>>>>>> Thanks so much for answering. I really hoped someone would :-)
> >>>>>>>>>>>
> >>>>>>>>>>> So I installed Debian latest stable netinst on the future
> >>>>>>>>>>> production
> >>>>>>>>>>> server and here are my issues in the quotes :-( no net command
> >>>>>>>>>>> on my
> >>>>>>>>>>> suse 8.2
> >>>>>>>>>>>
> >>>>>>>>>>> Cheers :-)
> >>>>>>>>>>> Giorgio
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> >>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you
> >> can
> >>>>>>>>>>>>> choose
> >>>>>>>>>>>>> Samba 3.4.x or 3.5.x
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> My hints on migrating to new server:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 1. install new server (Samba,ldap etc.)
> >>>>>>>>>>>
> >>>>>>>>>>> done :-) Debian Stable netinst
> >>>>>>>>>>>
> >>>>>>>>>>>>> 2. set same hostname on new server
> >>>>>>>>>>> My ignorance comes out :-)
> >>>>>>>>>>> Must I set it different from the production server as FW points
> >>>>>>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC
> >>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point
> >>>>>>>>>>> to lan
> >>>>>>>>>>> ip.
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Ok, can be changed later
> >>>>>>>>>>
> >>>>>>>>>>>>> 3. export ldap data from old server and import them to new
> >>>>>>>>>>>>> server
> >>>>>>>>>>>
> >>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
> >>>>>>>>>>> OK
> >>>>>>>>>>>
> >>>>>>>>>>>> Ensure that all local user and group accounts that are used by
> >>>>>>>>>>>> samba
> >>>>>>>>>>>> have the same uid/gid.
> >>>>>>>>>>> my ignorance again... another hint?
> >>>>>>>>>>>>
> >>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net
> >>>>>>>>>>>>> setlocalsid oldsid)
> >>>>>>>>>>>>
> >>>>>>>>>>>> Note:
> >>>>>>>>>>>> net getdomainsid (on old server)
> >>>>>>>>>>>> net setdomainsid (on new server)
> >>>>>>>>>>> thanks :-)
> >>>>>>>>>>>
> >>>>>>>>>>> # net getdomainsid
> >>>>>>>>>>> -bash: net: command not found :-( and not found in yast
> >>>>>>>>>>>
> >>>>>>>>>>> I understand it has to do with extracting the sid from
> >>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse
> >>>>>>>>>>> 8.2 yast
> >>>>>>>>>>> has now net package and googling net is.. well wow!
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Have you samba-client package installed?
> >>>>>>>>>>
> >>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >>>>>>>>>>
> >>>>>>>>>> or you can dig domainsid from ldap
> >>>>>>>>>>
> >>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and shares
> >>>>>>>>>>>>> in smb.conf
> >>>>>>>>>>>>> from old samba smb.conf (check with testparm)
> >>>>>>>>>>>
> >>>>>>>>>>> I see it only contains shares so I bet smb.conf would just keep
> >>>>>>>>>>> all
> >>>>>>>>>>> the old settings rigth? /DATA will be rsynced
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will
> >>>>>>>>>> keep
> >>>>>>>>>> current smb.conf on new server and add only shares from old
> >>>>>>>>>> smb.conf to
> >>>>>>>>>> new smb.conf.
> >>>>>>>>>>
> >>>>>>>>>>>>> 6. stop samba on old server
> >>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new
> >> server
> >>>>>>>>>>>>> 8. stop old server
> >>>>>>>>>>>>> 9. start samba on new server a check everything is working
> >>>>>>>>>>>>> fine (domain
> >>>>>>>>>>>>> logon from windows box, shares and perms)
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> This can be done best when no users are logged in samba
> >> (maybe
> >>>>>>>>>>>>> at weekend?)
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to
> >>>>>>>>>>>>> domain
> >>>>>>>>>>>
> >>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
> >>>>>>>>>>> derived right?
> >>>>>>>>>>>
> >>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
> >>>>>>>>>> 10.04 LTS
> >>>>>>>>>> comes out this will be no longer truth.
> >>>>>>>>>>
> >>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Cheers,
> >>>>>>>>>>>> John T.
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
> >>>>>>>>>>>>>> Hello Vladimir and hi all,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks very much for replying!
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just
> >>>>>>>>>>>>>> happen to
> >>>>>>>>>>>>>> know ubuntu more...
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba
> >>>>>>>>>>>>>> to a new server?
> >>>>>>>>>>>>>> Already tried rsyncing (using all options to keep perms and
> >>>>>>>>>>>>>> attributes
> >>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and
> >>>>>>>>>>>>>> the ldap
> >>>>>>>>>>>>>> auth fails to work :-(
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
> >>>>>>>>>>>>>> problem for
> >>>>>>>>>>>>>> too long grrr
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
> >>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
> >>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
> >>>>>>>>>>>>>>>> Hello,
> >>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7
> >>>>>>>>>>>>>>>> + ldap - to
> >>>>>>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04
> >>>>>>>>>>>>>>>> virtual machine.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> The domain is in production on the physical server, to be
> >>>>>>>>>>>>>>>> dismissed after
> >>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all
> >>>>>>>>>>>>>>>> shared and
> >>>>>>>>>>>>>>>> permission driven file access..
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I was following
> >>>>>>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
> >> but
> >>>>>>>>>>>>>>>> I realize I am in a different scenario...
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration to new
> >>>>>>>>>>>>>>>> os and versions..
> >>>>>>>>>>>>>>>> all at once?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
> >> single
> >>>>>>>>>>>>>>>> partitions :)
> >>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup, just to
> >> be
> >>>>>>>>>>>>>>>> safe ;)
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> What would you guru's suggest as a strategy?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Can I create a new server and add it as secondary domain
> >>>>>>>>>>>>>>>> controller and then
> >>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
> >>>>>>>>>>>>>>>> this method.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already
> >>>>>>>>>>>>>>>> bought Windows 7
> >>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-)
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Gio
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Hi.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7
> >>>>>>>>>>>>>>> into domain,
> >>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
> >>>>>>>>>>>>>>> recommended for
> >>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
> >>>>>>>>>>>>>>> Ubuntu.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and
> >>>>>>>>>>>>>>> read the
> >>>>>>>>>>>>>>> instructions:
> >> https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> --
> >>>>>>>>>>>> To unsubscribe from this list go to the following URL and read
> >>>>>>>>>>>> the
> >>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>> IT system engineer
> >>>>>>>>>> PRODECO, a.s.
> >>>>>>>>>> Tel.: 417 633 762
> >>>>>>>>>> --
> >>>>>>>>>> To unsubscribe from this list go to the following URL and read
> >> the
> >>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Vladimir Psenicka
> >>>>>>> IT system engineer
> >>>>>>> PRODECO, a.s.
> >>>>>>> Tel.: 417 633 762
> >>>>>>> --
> >>>>>>> To unsubscribe from this list go to the following URL and read the
> >>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>> --
> >>>> Vladimir Psenicka
> >>>> IT system engineer
> >>>> PRODECO, a.s.
> >>>> Tel.: 417 633 762
> >>>> --
> >>>> To unsubscribe from this list go to the following URL and read the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
>
>
> --
> Vladimir Psenicka
> IT system engineer
> PRODECO, a.s.
> Tel.: 417 633 762
>
-------------- next part --------------
dn: dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organization
dc: GG-s-Domain
o: GG-s-Domain
structuralObjectClass: organization
entryUUID: 70a33e14-465e-1027-9376-afb057b08757
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030709133859Z
entryCSN: 2003070913:38:59Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030709133859Z
dn: cn=Manager,dc=GG-s-Domain,dc=it
objectClass: organizationalRole
cn: Manager
description:: RGlyZWN0b3J5IE1hbmFnZXIg
structuralObjectClass: organizationalRole
entryUUID: 70a968c0-465e-1027-9377-afb057b08757
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030709133859Z
entryCSN: 2003070913:38:59Z#0x0002#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030709133859Z
dn: dc=People,dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organizationalUnit
ou: "People"
dc: "People"
structuralObjectClass: organizationalUnit
entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801082225Z
entryCSN: 2003080108:22:25Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030801082225Z
dn: dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organizationalUnit
ou: "Sistemi Informativi"
dc: "Sistemi Informativi"
structuralObjectClass: organizationalUnit
entryUUID: a468f4c0-5845-1027-9dc6-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801082650Z
entryCSN: 2003080108:26:50Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030801082650Z
dn: uid=Christian Sanvi,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: inetOrgPerson
entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
objectClass: inetOrgPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount
mail: christian.sanvi at GG-s-Domain.it
mailHost: mail.GG-s-Domain.it
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
uid: csanvi
cn: csanvi
sn: sanvi
rid: 1000
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/christian
gecos: Christian Sanvi,,,
entryCSN: 2008042908:48:24Z#0x0002#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20080429084824Z
userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
shadowLastChange: 14695
dn: uid=Alessandro Surname,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=i
t
structuralObjectClass: inetOrgPerson
entryUUID: e970a122-584e-1027-9dc8-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
mailHost: mail.GG-s-Domain.it
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/alessandro.Surname
sn: apinciroli
shadowMax: 99999
shadowWarning: 7
gecos: Alessandro Surname,,,
acctFlags: [UD ]
uid: apinciroli
cn: apinciroli
homeDirectory: /home/alessandro
uidNumber: 1001
objectClass: inetOrgPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 100
ntPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
lmPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
loginShell: /bin/bash
title: pippo
rid: 1001
userPassword:: e2NyeXB0fTAuTHBKZUlhSDdpZ1k=
shadowLastChange: 13193
entryCSN: 2006021409:51:59Z#0x0002#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20060214095159Z
mail: alessandro.Surname at GG-s-Domain.it
dn: dc=Groups,dc=People,dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organizationalUnit
ou: "Groups"
dc: "Groups"
structuralObjectClass: organizationalUnit
entryUUID: 9d6852d0-5852-1027-9dca-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801095941Z
entryCSN: 2003080109:59:41Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030801095941Z
dn: cn=sisinfo,dc=Groups,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: posixGroup
entryUUID: 869dbe52-5855-1027-9dcb-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801102032Z
objectClass: posixGroup
objectClass: top
cn: sisinfo
description: Sistemi Informativi
gidNumber: 1000
userPassword:: e2NyeXB0fXg=
memberUid: 6Surname
memberUid: 5Surname
memberUid: 4Surname
memberUid: 3Surname
memberUid: 2Surname
memberUid: 1Surname
entryCSN: 2003091812:56:20Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030918125620Z
dn: cn=machines,dc=Groups,dc=People,dc=GG-s-Domain,dc=it
cn: machines
description: Computers
objectClass: posixGroup
objectClass: top
structuralObjectClass: posixGroup
entryUUID: aeebb668-76e9-1027-991a-9a7de9f0a44a
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030909081640Z
gidNumber: 1001
entryCSN: 2003090909:24:02Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030909092402Z
dn: cn=ntadmin,dc=Groups,dc=People,dc=GG-s-Domain,dc=it
cn: ntadmin
description: Amministratori NT
gidNumber: 1002
memberUid: root
memberUid: Administrator
memberUid: Giorgio
objectClass: posixGroup
objectClass: top
structuralObjectClass: posixGroup
entryUUID: 155cb69e-7ba5-1027-991c-9a7de9f0a44a
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030915084812Z
entryCSN: 2003091508:48:12Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030915084812Z
dn: uid=Administrator,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
lmPassword: 24BE0A7084B85584AAD3B435B51404EE
acctFlags: [U ]
uid: Administrator
uidNumber: 1006
cn: Administrator
loginShell: /bin/sh
gidNumber: 100
rid: 3012
gecos: Administrator,,,
homeDirectory: /home/Administrator
mailHost: mail.GG-s-Domain.it
sn: Administrator
ntPassword: CE3CE0293E58602F922179861B260C69
structuralObjectClass: inetOrgPerson
entryUUID: 083a6b4a-7c7d-1027-9277-e6806351bc48
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030916103401Z
mail: administrator at GG-s-Domain.it
userPassword:: e2NyeXB0fWF0b2JKTkFDUXN3YzI=
shadowLastChange: 12324
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/administrator
entryCSN: 2003102216:10:37Z#0x0001#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20031022161037Z
dn: dc=Utenti,dc=People,dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organizationalUnit
objectClass: top
structuralObjectClass: organizationalUnit
entryUUID: 5071c0de-7c91-1027-9278-e6806351bc48
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030916125912Z
dc: Utenti
ou: Utenti
entryCSN: 2003091613:00:44Z#0x0001#0#0000
dn: uid=surnameuid,dc=Utenti,dc=People,dc=GG-s-Domain,dc=it
cn: airoldid
gidNumber: 100
homeDirectory: /DATA/homes/airoldid
mail: surnameuid at gg-s-domain.it
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
rid: 1009
sn: surnameuid
uid: surnameuid
uidNumber: 1009
structuralObjectClass: inetOrgPerson
entryUUID: 81a17eda-7c94-1027-927a-e6806351bc48
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030916132203Z
mailHost: mail.gg-s-domain.it
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/surnameuid
gecos: surname name
entryCSN: 2008051411:35:25Z#0x0001#0#0000
modifiersName: cn=Manager,dc=gg-s-domain,dc=it
modifyTimestamp: 20080514113525Z
-------------- next part --------------
# Allow LDAPv2 binds
allow bind_v2
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix "dc=GG-s-Domain,dc=it"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn "cn=admin,dc=GG-s-Domain,dc=it"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=GG-s-Domain,dc=it" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=GG-s-Domain,dc=it" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=GG-s-Domain,dc=it" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
-------------- next part --------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/qmail.schema
#include /etc/openldap/schema/qmailControl.schema
include /etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#loglevel 448
loglevel 256
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
password-hash {MD5}
TLSCertificateFile /etc/ssl/certs/ldapcert.pem
TLSCertificateKeyFile /etc/ssl/certs/ldapkey.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /etc/ssl/certs/cacert.pem
# Load dynamic backend modules:
# modulepath /usr/lib/openldap/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
#
# Disallow clear text exchange of passwords
# disallow bind_simple_unprotected
#
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
access to dn.base="" by * read
access to attribute=userPassword
by dn="cn=authuser,dc=GG-s-Domain,dc=it" write
by anonymous auth
by self write
by * none
access to *
by self write
by users read
by anonymous auth
#
# if no access controls are present, the default policy is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=GG-s-Domain,dc=it"
rootdn "cn=Manager,dc=GG-s-Domain,dc=it"
rootpw gastec2003
directory /var/lib/ldap
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail,mailalternateaddress,mailforwardingaddress eq
readonly off
updatedn "cn=Manager,dc=GG-s-Domain,dc=it"
#updateref "ldap://mail.GG-s-Domain.it";
updateref ldap://mail.GG-s-Domain.it
#replogfile /var/lib/ldap/replog
-------------- next part --------------
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
-------------- next part --------------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
base dc=GG-s-Domain,dc=it
#uri ldap://diabolik.GG-s-Domain.it
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#tls_reqcert allow
#tls_checkpeer no
#tls_cacertfile /etc/ssl/certs/cacert.pem
rootbinddn cn=Manager,dc=GG-s-Domain,dc=it
nss_base_passwd dc=People,dc=GG-s-Domain,dc=it
nss_base_shadow dc=People,dc=GG-s-Domain,dc=it
nss_base_group dc=Groups,dc=People,dc=GG-s-Domain,dc=it
host diabolik.GG-s-Domain.it
binddn cn=Manager,dc=GG-s-Domain,dc=it
bindpw gastec2003
#bindpw {SSHA}BHfyMMqUCeaONoChRh50PgXTwKDnbZpY
#ldap_version 2
#ssl start_tls
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
pam_template_login_attribute uid
pam_password crypt
ldap_version 3
ssl no
More information about the samba
mailing list