Hello Vladimir and anyone else reading :-) ! Attaching these files:
- gg-edited.ldif - slapd.conf.destination.txt - slapd.conf.source.txt - ldap.conf.destination.txt - ldap.conf.source.txt - slapadd-ing.LOG this was the log while importing ldif NET SID ETC net setlocalsid S-1-5-21-1168...........-..................-...............2 net setdomainsid S-1-5-21-1168...........-..................-...............1 does net setlocal and domain sid have sense or should it be net setdomainsid twice with different sids? Thanks very much! Giorgio On 4/6/10, Vladimir Psenicka <[email protected]> wrote: > Hi Gorgio > > Dne 2.4.2010 17:01, GG napsal(a): > > Hi all, > > > > So I have > > openldap2-2.1.12-74 > > samba-2.2.7a-72 > > > > I would like to migrate this existing PDC service to a new server and > > to current production / stable releases (especially for windows 7 > > joining to the domain). > > > > New server is Debian Lenny stable. > > > > I have exported the domain SID, and ldap.ldif > > > > Now lets get down to it :-) > > Before importing should I do something about organizational units and so? > > How? > > > >> Import only data to LDAP no configs (slapcat->slapadd) > > slapadd -c -l slapcat.ldif > > I did this but attached errors showed up. > > > > Error, entries missing! > > entry 3: dc=people,dc=ExampleDomain,dc=it > > entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it > > Can you post first 100 lines of your ldif you try to import? You > probably missing some base ldif. > > > > > > > I know nothing about ldap, but my ldap is probably missing some pre > > required settings ? :-/ > > > > Can you post slapd.conf also? > > > > Cheers! > > Giorgio > > > >> Configs yes, live data no, but if you have ldap it *should* be enough to > >> import ldif from old server, configure samba to use ldap and run smbpasswd > >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if > >> samba see imported users in ldap (pdbedit -L). > > > > > > > > > > > > > > On 3/27/10, Vladimir Psenicka <[email protected]> wrote: > >> On Fri, 26 Mar 2010 15:32:50 +0100, GG <[email protected]> wrote: > >>> wow I made it! > >>> > >>> I copied net and all the libs it complained about from another suse > >>> server which was not missing it :-) > >>> > >>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435) > >>> Unknown parameter encountered: "domain admin group" > >>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125) > >>> Ignoring unknown parameter "domain admin group" > >>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain??? > >>> is: S-1-5-21-1bla bla > >>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla > >>> > >>> Which shall I import? > >>> > >> > >> Import both for sure:-). First is localsid, second is domainsid > >> > >>> So now back to mail number 2 :-) > >>> > >>> LDAP: I exported ldif :-) now > >>> I copied /etc/groups passwd shadow aliases > >>> > >>> now on the new server: > >>> > >>> how do I import LDAP and all its configs, > >>> samba and all its configs are only in smb.conf? > >>> > >> Import only data to LDAP no configs (slapcat->slapadd) > >> Configs yes, live data no, but if you have ldap it *should* be enough to > >> import ldif from old server, configure samba to use ldap and run smbpasswd > >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if > >> samba see imported users in ldap (pdbedit -L). > >> > >>> :-) > >>> Giorgio > >>> > >>> > >>> > >>> On 3/26/10, Vladimir Psenicka <[email protected]> wrote: > >>>> Paste ldap admin dn or ldap suffix in your smb.conf > >>>> > >>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): > >>>>> try this: > >>>>> > >>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b > >>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" > >>>>> > >>>>> Dne 26.3.2010 15:00, GG napsal(a): > >>>>>> Hello! > >>>>>> > >>>>>> I'm stuck on getdomainsid: Net command is missing even though libs > >> and > >>>>>> smbclient are installed. > >>>>>> > >>>>>> I tried this: > >>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b > >>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it" > >>>>>> Enter LDAP Password: > >>>>>> # extended LDIF > >>>>>> # > >>>>>> # LDAPv3 > >>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub > >>>>>> # filter: (objectclass=*) > >>>>>> # requesting: ALL > >>>>>> # > >>>>>> > >>>>>> # search result > >>>>>> search: 2 > >>>>>> result: 34 Invalid DN syntax > >>>>>> text: invalid DN > >>>>>> > >>>>>> # numResponses: 1 > >>>>>> > >>>>>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... > >>>>>> I used WORKGROUP as it is the domain we use on pcs and the only one > >>>>>> defined in smb.conf > >>>>>> > >>>>>> I also tried using my pdc HOSTNAME > >>>>>> > >>>>>> and this was returned > >>>>>> # LDAPv3 > >>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub > >>>>>> # filter: (objectclass=*) > >>>>>> # requesting: ALL > >>>>>> # > >>>>>> > >>>>>> # search result > >>>>>> search: 2 > >>>>>> result: 34 Invalid DN syntax > >>>>>> text: invalid DN > >>>>>> > >>>>>> # numResponses: 1 > >>>>>> > >>>>>> Any way to get through this or how to use net command? Maybe > >> updating > >>>>>> samba-client? > >>>>>> > >>>>>> I tried rpm -i samba-client but it says > >>>>>> file /usr/share/man/man1/smbclient.1.gz from install of > >>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package > >>>>>> samba-client-2.2.7a-72 when trying to rpm -i > >> samba-client-2.2.12-1.rpm > >>>>>> > >>>>>> I found also the original package but it says it is already > >> installed. > >>>>>> > >>>>>> What happens if I remove samba-client and reinstall it soon after on > >>>>>> the production pdc? > >>>>>> > >>>>>> > >>>>>> Giorgio > >>>>>> > >>>>>> On 3/26/10, Vladimir Psenicka <[email protected]> wrote: > >>>>>>> Dne 26.3.2010 13:50, GG napsal(a): > >>>>>>>> Hello! > >>>>>>>> > >>>>>>>>>> Have you samba-client package installed? > >>>>>>>>>> > >>>>>>>> > >>>>>>>> yes I do at least smbclient is there! but no net command :-/ > >>>>>>>> > >>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` > >>>>>>>>>> samba-client-3.5.1-4.1.x86_64 > >>>>>>>> > >>>>>>>> So here are the issues encountered... > >>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of > >>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package > >>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i > >>>>>>>> samba-client-2.2.12-1.rpm > >>>>>>>> I found on net... > >>>>>>>> > >>>>>>>>>> > >>>>>>>>>> or you can dig domainsid from ldap > >>>>>>>> > >>>>>>>> This sounds interesting! How do I do that? > >>>>>>>> > >>>>>>> > >>>>>>> modify to your needs (domain): > >>>>>>> > >>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b > >>>>>>> "sambaDomainName=domain,dc=domain,dc=cz" > >>>>>>> > >>>>>>> sambaSID: is your domainsid > >>>>>>> > >>>>>>> or you can use phpldapadmin to manage you ldap from browser > >>>>>>> > >>>>>>>> Thanks very much! > >>>>>>>> Giorgio > >>>>>>>> > >>>>>>>> On 3/26/10, GG <[email protected]> wrote<script > >> type="text/javascript" > >> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786";></script>: > >>>>>>>>> Hi! > >>>>>>>>> > >>>>>>>>> I'll be at it in a few minutes installing samba client / net > >>>>>>>>> command :-) > >>>>>>>>> > >>>>>>>>> I have a question about the samba sernet repos: > >>>>>>>>> Shall I apt-get remove samba and use > >>>>>>>>> http://enterprisesamba.com/index.php?id=148 + > >>>>>>>>> http://enterprisesamba.com/index.php?id=56 > >>>>>>>>> instead from start? > >>>>>>>>> > >>>>>>>>> What is the real advantage of sernet? What about installing > >>>>>>>>> official > >>>>>>>>> samba.org packages, are there differences with sernet > >> (stability?) > >>>>>>>>> or > >>>>>>>>> is it just a more liberal repository? > >>>>>>>>> > >>>>>>>>> Also I read > >>>>>>>>>>>> Ensure that all local user and group accounts that are used by > >>>>>>>>>>>> samba > >>>>>>>>>>>> have the same uid/gid. > >>>>>>>>> > >>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for > >>>>>>>>> groups > >>>>>>>>> and users? > >>>>>>>>> > >>>>>>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \ > >>>>>>>>> --recursive --times --perms --links \ > >>>>>>>>> --owner --group --devices --specials \ > >>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in this case > >> as > >>>>>>>>> I'm only syncing data dir)' \ > >>>>>>>>> r...@old_pdc:/DATA /DATA > >>>>>>>>> > >>>>>>>>> This should bring over every attribute set on files... correct? > >>>>>>>>> > >>>>>>>>> [[[did only partially in one case: I set up a twin install (fresh > >>>>>>>>> install then live cd and full rsync and after that I kept mbr, > >> but > >>>>>>>>> changed /boot and the /ect/fstab settings) and the server started > >>>>>>>>> etc.. LDAP did not work though: authentication was not > >> available... > >>>>>>>>> So I must be missing something or this rsync parameter set must > >> be > >>>>>>>>> missing something.. I had disconnected old PDC, set same IP and > >>>>>>>>> hostname to the VM well this worked well for other > >> virtualizations > >>>>>>>>> and > >>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version > >>>>>>>>> anyway > >>>>>>>>> :-) > >>>>>>>>> This was another story but just to share it as it is an excellent > >>>>>>>>> way > >>>>>>>>> of migrating sometimes specially for machines you do not master > >> and > >>>>>>>>> this is my case very often.]]] > >>>>>>>>> > >>>>>>>>> Cheers, > >>>>>>>>> Giorgio > >>>>>>>>> > >>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > >>>>>>>>> <[email protected]> wrote: > >>>>>>>>>> Hi > >>>>>>>>>> > >>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a): > >>>>>>>>>>> Hello Vladimir, John and all the NG :-) > >>>>>>>>>>> Thanks so much for answering. I really hoped someone would :-) > >>>>>>>>>>> > >>>>>>>>>>> So I installed Debian latest stable netinst on the future > >>>>>>>>>>> production > >>>>>>>>>>> server and here are my issues in the quotes :-( no net command > >>>>>>>>>>> on my > >>>>>>>>>>> suse 8.2 > >>>>>>>>>>> > >>>>>>>>>>> Cheers :-) > >>>>>>>>>>> Giorgio > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*[email protected]> > >>>>>>>>>>>> wrote: > >>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: > >>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you > >> can > >>>>>>>>>>>>> choose > >>>>>>>>>>>>> Samba 3.4.x or 3.5.x > >>>>>>>>>>>>> > >>>>>>>>>>>>> My hints on migrating to new server: > >>>>>>>>>>>>> > >>>>>>>>>>>>> 1. install new server (Samba,ldap etc.) > >>>>>>>>>>> > >>>>>>>>>>> done :-) Debian Stable netinst > >>>>>>>>>>> > >>>>>>>>>>>>> 2. set same hostname on new server > >>>>>>>>>>> My ignorance comes out :-) > >>>>>>>>>>> Must I set it different from the production server as FW points > >>>>>>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC > >>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point > >>>>>>>>>>> to lan > >>>>>>>>>>> ip. > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Ok, can be changed later > >>>>>>>>>> > >>>>>>>>>>>>> 3. export ldap data from old server and import them to new > >>>>>>>>>>>>> server > >>>>>>>>>>> > >>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif > >>>>>>>>>>> OK > >>>>>>>>>>> > >>>>>>>>>>>> Ensure that all local user and group accounts that are used by > >>>>>>>>>>>> samba > >>>>>>>>>>>> have the same uid/gid. > >>>>>>>>>>> my ignorance again... another hint? > >>>>>>>>>>>> > >>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net > >>>>>>>>>>>>> setlocalsid oldsid) > >>>>>>>>>>>> > >>>>>>>>>>>> Note: > >>>>>>>>>>>> net getdomainsid (on old server) > >>>>>>>>>>>> net setdomainsid (on new server) > >>>>>>>>>>> thanks :-) > >>>>>>>>>>> > >>>>>>>>>>> # net getdomainsid > >>>>>>>>>>> -bash: net: command not found :-( and not found in yast > >>>>>>>>>>> > >>>>>>>>>>> I understand it has to do with extracting the sid from > >>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse > >>>>>>>>>>> 8.2 yast > >>>>>>>>>>> has now net package and googling net is.. well wow! > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Have you samba-client package installed? > >>>>>>>>>> > >>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` > >>>>>>>>>> samba-client-3.5.1-4.1.x86_64 > >>>>>>>>>> > >>>>>>>>>> or you can dig domainsid from ldap > >>>>>>>>>> > >>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and shares > >>>>>>>>>>>>> in smb.conf > >>>>>>>>>>>>> from old samba smb.conf (check with testparm) > >>>>>>>>>>> > >>>>>>>>>>> I see it only contains shares so I bet smb.conf would just keep > >>>>>>>>>>> all > >>>>>>>>>>> the old settings rigth? /DATA will be rsynced > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will > >>>>>>>>>> keep > >>>>>>>>>> current smb.conf on new server and add only shares from old > >>>>>>>>>> smb.conf to > >>>>>>>>>> new smb.conf. > >>>>>>>>>> > >>>>>>>>>>>>> 6. stop samba on old server > >>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new > >> server > >>>>>>>>>>>>> 8. stop old server > >>>>>>>>>>>>> 9. start samba on new server a check everything is working > >>>>>>>>>>>>> fine (domain > >>>>>>>>>>>>> logon from windows box, shares and perms) > >>>>>>>>>>>>> > >>>>>>>>>>>>> This can be done best when no users are logged in samba > >> (maybe > >>>>>>>>>>>>> at weekend?) > >>>>>>>>>>>>> > >>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to > >>>>>>>>>>>>> domain > >>>>>>>>>>> > >>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb > >>>>>>>>>>> derived right? > >>>>>>>>>>> > >>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu > >>>>>>>>>> 10.04 LTS > >>>>>>>>>> comes out this will be no longer truth. > >>>>>>>>>> > >>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7. > >>>>>>>>>>>> > >>>>>>>>>>>> Cheers, > >>>>>>>>>>>> John T. > >>>>>>>>>>>> > >>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a): > >>>>>>>>>>>>>> Hello Vladimir and hi all, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Thanks very much for replying! > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just > >>>>>>>>>>>>>> happen to > >>>>>>>>>>>>>> know ubuntu more... > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba > >>>>>>>>>>>>>> to a new server? > >>>>>>>>>>>>>> Already tried rsyncing (using all options to keep perms and > >>>>>>>>>>>>>> attributes > >>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and > >>>>>>>>>>>>>> the ldap > >>>>>>>>>>>>>> auth fails to work :-( > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the > >>>>>>>>>>>>>> problem for > >>>>>>>>>>>>>> too long grrr > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Giorgio > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka > >>>>>>>>>>>>>> <[email protected]> wrote: > >>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a): > >>>>>>>>>>>>>>>> Hello, > >>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-) > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 > >>>>>>>>>>>>>>>> + ldap - to > >>>>>>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 > >>>>>>>>>>>>>>>> virtual machine. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> The domain is in production on the physical server, to be > >>>>>>>>>>>>>>>> dismissed after > >>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all > >>>>>>>>>>>>>>>> shared and > >>>>>>>>>>>>>>>> permission driven file access.. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I was following > >>>>>>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html > >> but > >>>>>>>>>>>>>>>> I realize I am in a different scenario... > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration to new > >>>>>>>>>>>>>>>> os and versions.. > >>>>>>>>>>>>>>>> all at once? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and > >> single > >>>>>>>>>>>>>>>> partitions :) > >>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup, just to > >> be > >>>>>>>>>>>>>>>> safe ;) > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> What would you guru's suggest as a strategy? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Can I create a new server and add it as secondary domain > >>>>>>>>>>>>>>>> controller and then > >>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with > >>>>>>>>>>>>>>>> this method. > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already > >>>>>>>>>>>>>>>> bought Windows 7 > >>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh). > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-) > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Gio > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 > >>>>>>>>>>>>>>> into domain, > >>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is > >>>>>>>>>>>>>>> recommended for > >>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want > >>>>>>>>>>>>>>> Ubuntu. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Vladimir Psenicka > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and > >>>>>>>>>>>>>>> read the > >>>>>>>>>>>>>>> instructions: > >> https://lists.samba.org/mailman/options/samba > >>>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> -- > >>>>>>>>>>>> To unsubscribe from this list go to the following URL and read > >>>>>>>>>>>> the > >>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> -- > >>>>>>>>>> Vladimir Psenicka > >>>>>>>>>> IT system engineer > >>>>>>>>>> PRODECO, a.s. > >>>>>>>>>> Tel.: 417 633 762 > >>>>>>>>>> -- > >>>>>>>>>> To unsubscribe from this list go to the following URL and read > >> the > >>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba > >>>>>>>>>> > >>>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Vladimir Psenicka > >>>>>>> IT system engineer > >>>>>>> PRODECO, a.s. > >>>>>>> Tel.: 417 633 762 > >>>>>>> -- > >>>>>>> To unsubscribe from this list go to the following URL and read the > >>>>>>> instructions: https://lists.samba.org/mailman/options/samba > >>>>>>> > >>>>> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Vladimir Psenicka > >>>> IT system engineer > >>>> PRODECO, a.s. > >>>> Tel.: 417 633 762 > >>>> -- > >>>> To unsubscribe from this list go to the following URL and read the > >>>> instructions: https://lists.samba.org/mailman/options/samba > >>>> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > Vladimir Psenicka > IT system engineer > PRODECO, a.s. > Tel.: 417 633 762 >
dn: dc=GG-s-Domain,dc=it objectClass: dcObject objectClass: organization dc: GG-s-Domain o: GG-s-Domain structuralObjectClass: organization entryUUID: 70a33e14-465e-1027-9376-afb057b08757 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030709133859Z entryCSN: 2003070913:38:59Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030709133859Z dn: cn=Manager,dc=GG-s-Domain,dc=it objectClass: organizationalRole cn: Manager description:: RGlyZWN0b3J5IE1hbmFnZXIg structuralObjectClass: organizationalRole entryUUID: 70a968c0-465e-1027-9377-afb057b08757 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030709133859Z entryCSN: 2003070913:38:59Z#0x0002#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030709133859Z dn: dc=People,dc=GG-s-Domain,dc=it objectClass: dcObject objectClass: organizationalUnit ou: "People" dc: "People" structuralObjectClass: organizationalUnit entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801082225Z entryCSN: 2003080108:22:25Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030801082225Z dn: dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it objectClass: dcObject objectClass: organizationalUnit ou: "Sistemi Informativi" dc: "Sistemi Informativi" structuralObjectClass: organizationalUnit entryUUID: a468f4c0-5845-1027-9dc6-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801082650Z entryCSN: 2003080108:26:50Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030801082650Z dn: uid=Christian Sanvi,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it structuralObjectClass: inetOrgPerson entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801093311Z objectClass: inetOrgPerson objectClass: person objectClass: sambaAccount objectClass: qmailUser objectClass: posixAccount objectClass: shadowAccount mail: [email protected] mailHost: mail.GG-s-Domain.it mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi uid: csanvi cn: csanvi sn: sanvi rid: 1000 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1000 gidNumber: 100 homeDirectory: /home/christian gecos: Christian Sanvi,,, entryCSN: 2008042908:48:24Z#0x0002#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20080429084824Z userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M= shadowLastChange: 14695 dn: uid=Alessandro Surname,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=i t structuralObjectClass: inetOrgPerson entryUUID: e970a122-584e-1027-9dc8-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801093311Z mailHost: mail.GG-s-Domain.it mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/alessandro.Surname sn: apinciroli shadowMax: 99999 shadowWarning: 7 gecos: Alessandro Surname,,, acctFlags: [UD ] uid: apinciroli cn: apinciroli homeDirectory: /home/alessandro uidNumber: 1001 objectClass: inetOrgPerson objectClass: person objectClass: sambaAccount objectClass: qmailUser objectClass: posixAccount objectClass: shadowAccount gidNumber: 100 ntPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX lmPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX loginShell: /bin/bash title: pippo rid: 1001 userPassword:: e2NyeXB0fTAuTHBKZUlhSDdpZ1k= shadowLastChange: 13193 entryCSN: 2006021409:51:59Z#0x0002#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20060214095159Z mail: [email protected] dn: dc=Groups,dc=People,dc=GG-s-Domain,dc=it objectClass: dcObject objectClass: organizationalUnit ou: "Groups" dc: "Groups" structuralObjectClass: organizationalUnit entryUUID: 9d6852d0-5852-1027-9dca-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801095941Z entryCSN: 2003080109:59:41Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030801095941Z dn: cn=sisinfo,dc=Groups,dc=People,dc=GG-s-Domain,dc=it structuralObjectClass: posixGroup entryUUID: 869dbe52-5855-1027-9dcb-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801102032Z objectClass: posixGroup objectClass: top cn: sisinfo description: Sistemi Informativi gidNumber: 1000 userPassword:: e2NyeXB0fXg= memberUid: 6Surname memberUid: 5Surname memberUid: 4Surname memberUid: 3Surname memberUid: 2Surname memberUid: 1Surname entryCSN: 2003091812:56:20Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030918125620Z dn: cn=machines,dc=Groups,dc=People,dc=GG-s-Domain,dc=it cn: machines description: Computers objectClass: posixGroup objectClass: top structuralObjectClass: posixGroup entryUUID: aeebb668-76e9-1027-991a-9a7de9f0a44a creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030909081640Z gidNumber: 1001 entryCSN: 2003090909:24:02Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030909092402Z dn: cn=ntadmin,dc=Groups,dc=People,dc=GG-s-Domain,dc=it cn: ntadmin description: Amministratori NT gidNumber: 1002 memberUid: root memberUid: Administrator memberUid: Giorgio objectClass: posixGroup objectClass: top structuralObjectClass: posixGroup entryUUID: 155cb69e-7ba5-1027-991c-9a7de9f0a44a creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030915084812Z entryCSN: 2003091508:48:12Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20030915084812Z dn: uid=Administrator,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: sambaAccount objectClass: qmailUser objectClass: posixAccount objectClass: shadowAccount objectClass: top lmPassword: 24BE0A7084B85584AAD3B435B51404EE acctFlags: [U ] uid: Administrator uidNumber: 1006 cn: Administrator loginShell: /bin/sh gidNumber: 100 rid: 3012 gecos: Administrator,,, homeDirectory: /home/Administrator mailHost: mail.GG-s-Domain.it sn: Administrator ntPassword: CE3CE0293E58602F922179861B260C69 structuralObjectClass: inetOrgPerson entryUUID: 083a6b4a-7c7d-1027-9277-e6806351bc48 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030916103401Z mail: [email protected] userPassword:: e2NyeXB0fWF0b2JKTkFDUXN3YzI= shadowLastChange: 12324 mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/administrator entryCSN: 2003102216:10:37Z#0x0001#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20031022161037Z dn: dc=Utenti,dc=People,dc=GG-s-Domain,dc=it objectClass: dcObject objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit entryUUID: 5071c0de-7c91-1027-9278-e6806351bc48 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030916125912Z dc: Utenti ou: Utenti entryCSN: 2003091613:00:44Z#0x0001#0#0000 dn: uid=surnameuid,dc=Utenti,dc=People,dc=GG-s-Domain,dc=it cn: airoldid gidNumber: 100 homeDirectory: /DATA/homes/airoldid mail: [email protected] objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: sambaAccount objectClass: qmailUser objectClass: posixAccount objectClass: shadowAccount objectClass: top rid: 1009 sn: surnameuid uid: surnameuid uidNumber: 1009 structuralObjectClass: inetOrgPerson entryUUID: 81a17eda-7c94-1027-927a-e6806351bc48 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030916132203Z mailHost: mail.gg-s-domain.it mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/surnameuid gecos: surname name entryCSN: 2008051411:35:25Z#0x0001#0#0000 modifiersName: cn=Manager,dc=gg-s-domain,dc=it modifyTimestamp: 20080514113525Z
# Allow LDAPv2 binds allow bind_v2 # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel none # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb # The maximum number of entries that is returned for a search operation sizelimit 500 # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. tool-threads 1 ####################################################################### # Specific Backend Directives for hdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend hdb ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type hdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database hdb # The base of your directory in database #1 suffix "dc=GG-s-Domain,dc=it" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. # rootdn "cn=admin,dc=GG-s-Domain,dc=it" # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # The dbconfig settings are used to generate a DB_CONFIG file the first # time slapd starts. They do NOT override existing an existing DB_CONFIG # file. You should therefore change these settings in DB_CONFIG directly # or remove DB_CONFIG and restart slapd for changes to take effect. # For the Debian package we use 2MB as default but be sure to update this # value if you have plenty of RAM dbconfig set_cachesize 0 2097152 0 # Sven Hartge reported that he had to set this value incredibly high # to get slapd running at all. See http://bugs.debian.org/303057 for more # information. # Number of objects that can be locked at the same time. dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Checkpoint the BerkeleyDB database periodically in case of system # failure and to speed slapd shutdown. checkpoint 512 30 # Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=GG-s-Domain,dc=it" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=GG-s-Domain,dc=it" write by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=GG-s-Domain,dc=it" write # by dnattr=owner write ####################################################################### # Specific Directives for database #2, of type 'other' (can be hdb too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other> # The base of your directory for database #2 #suffix "dc=debian,dc=org"
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema #include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/qmail.schema #include /etc/openldap/schema/qmailControl.schema include /etc/openldap/schema/samba.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #loglevel 448 loglevel 256 allow bind_v2 pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args password-hash {MD5} TLSCertificateFile /etc/ssl/certs/ldapcert.pem TLSCertificateKeyFile /etc/ssl/certs/ldapkey.pem TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /etc/ssl/certs/cacert.pem # Load dynamic backend modules: # modulepath /usr/lib/openldap/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Sample security restrictions # # Disallow clear text exchange of passwords # disallow bind_simple_unprotected # # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to dn.base="" by * read access to attribute=userPassword by dn="cn=authuser,dc=GG-s-Domain,dc=it" write by anonymous auth by self write by * none access to * by self write by users read by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write! ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=GG-s-Domain,dc=it" rootdn "cn=Manager,dc=GG-s-Domain,dc=it" rootpw gastec2003 directory /var/lib/ldap index default pres,eq index objectClass,uid,uidnumber,gidnumber,cn index mail,mailalternateaddress,mailforwardingaddress eq readonly off updatedn "cn=Manager,dc=GG-s-Domain,dc=it" #updateref "ldap://mail.GG-s-Domain.it";; updateref ldap://mail.GG-s-Domain.it #replogfile /var/lib/ldap/replog
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. base dc=GG-s-Domain,dc=it #uri ldap://diabolik.GG-s-Domain.it #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #tls_reqcert allow #tls_checkpeer no #tls_cacertfile /etc/ssl/certs/cacert.pem rootbinddn cn=Manager,dc=GG-s-Domain,dc=it nss_base_passwd dc=People,dc=GG-s-Domain,dc=it nss_base_shadow dc=People,dc=GG-s-Domain,dc=it nss_base_group dc=Groups,dc=People,dc=GG-s-Domain,dc=it host diabolik.GG-s-Domain.it binddn cn=Manager,dc=GG-s-Domain,dc=it bindpw gastec2003 #bindpw {SSHA}BHfyMMqUCeaONoChRh50PgXTwKDnbZpY #ldap_version 2 #ssl start_tls pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute gid pam_template_login_attribute uid pam_password crypt ldap_version 3 ssl no
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
