[Samba] urgent

Johnny R vasiana09 at gmail.com
Mon Mar 29 05:30:00 MDT 2010 

reetings List,
I am a newbie in this list so please be indulgent.
I am actually about running a samba (PDC) with OpenLDAP in Debian. I
installed it (Samba) and configured it, but it didn't still work. Here are
some outputs:
from *net getlocalsid*
csiidebian:~# net getlocalsid
[2010/03/29 17:57:33,  0] lib/smbldap.c:1086(smbldap_connect_system)
  failed to bind to server ldap://127.0.0.1 with
dn="cn=admin,dc=csimaroc,dc=net" Error: Invalid credentials
        (unknown)
SID for domain CSIDEBIAN is: S-1-5-21-2033656986-2476707763-2123375676
csidebian:~#

it still give me the wrong SID.
When I tried to add or search some entry in the  Ldap DB, it gave me the
following error: "

ldap_sasl_interactive_bind_s: Invalid credentials (49)", I d like to notify
that I have the same password for samba admin and ldap admin (smbpasswd and
slappasswd). I was been in this error since 2 weeks   so please help me, it
makes me crazy!
Here are my configuration files :
*etc/samba/smb.conf*
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[global]
workgroup = CSIMAROC
server string = csidebian
        netbios name = CSIDEBIAN
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://127.0.0.1
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel %u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
domain logons = Yes
domain master = Yes
dns proxy = No
wins support = Yes
        ldap suffix = dc=csimaroc,dc=net
ldap admin dn = cn=admin,dc=csimaroc,dc=net
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap user suffix = ou=users
panic action = /usr/share/samba/panic-action %d
        ldap ssl = off
        encrypt passwords = yes
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
browsable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
share modes = No

[profiles]
comment = Users profiles
path = /home/samba/profiles
create mask = 0600
directory mask = 0700
browseable = No
browsable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
browseable = No
browsable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/*etc/ldap/slapd.conf*
# This is the main slapd configuration file. See slapd.conf(5) for more

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

include         /etc/ldap/schema/samba.schema


pidfile         /var/run/slapd/slapd.pid


argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        none


modulepath /usr/lib/ldap
moduleload back_hdb


sizelimit 500
tool-threads 1


backend hdb

database        hdb

# The base of your directory in database #1
suffix          "dc=csimaroc,dc=net"

 rootdn          "cn=admin,dc=csimaroc,dc=net"
 rootpw          {SSHA}L0puRf7u2ASeTVeRziR/s1JZQUQpCaQ0

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint      512 30

access to attrs=userPassword
        by dn="cn=admin,dc=csimaroc,dc=net" write
        by anonymous auth
        by self write
        by * none


access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=admin,dc=csimaroc,dc=net" write
        by * read
*/etc/ldap/ldap.conf*

BASE dc=csimaroc,dc=net
>
> URI ldap://127.0.0.1/
>
> ssl no
>
> rootbinddn  cn=admin,dc=csimaroc,dc=net
>
> bindpw ldapadmin
>
>
>
/etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-2252255531-4061614174-2474224977"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
sambaDomain="DOMSMB"

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
#   (typically a replication directory)

# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
slaveLDAP=127.0.0.1

# Slave LDAP port
# If not defined, parameter is set to "389"
slavePort="389"

# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP=127.0.0.1

# Master LDAP port
# If not defined, parameter is set to "389"
#masterPort="389"
masterPort="389"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to "0"
ldapTLS="0"

# Use SSL for LDAP
# If set to 1, this option will use SSL for connection
# (standard port for ldaps is 636)
# If not defined, parameter is set to "0"
ldapSSL="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
#cafile="/root/certs/ca.pem"

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientcert="/root/certs/ldap.csimaroc.net.pem"

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
#clientkey="/root/keys/ldap.csimaroc.net.key"

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=csimaroc,dc=net"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for
computersdn
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for
groupsdn
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and
groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="SSHA"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"

##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\PDC-SRV\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\PDC-SRV\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive="H:"

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain="csimaroc.info"

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm)
but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"


*/etc/smbldap-tools/smbldap_bind.conf*
*
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
masterDN="cn=admin,dc=csimaroc,dc=net"
masterPw="ldapadmin"
slaveDN="cn=admin,dc=csimaroc,dc=net"
slavePw="ldapadmin"


Thank u all for your help.
Best regards.

*

-- 
-----------------------------------------------------------------
|JJohnny RANDRIAMAMPIONONA              |
| Phone: +212663682554                            |
| National School of Applied Sciences          |
| 1818 TANGIER 90000                               |
|----------------------------------------------------------------|

More information about the samba mailing list