Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

Tue, 20 Jul 2004 08:49:58 -0700 

abebe lsslp wrote:

I was having trouble sleeping last night, so I start
going over your past e-mails. Do you remember you
asking me that I need to make sure LDAP is
authenticating system users? And I told you that it
was. I was not completely lying, it authenticates
'testuser1' with no problem. However, 'administrator'
is getting kicked out as soon as it logs in. Here is
what it looks like:

[EMAIL PROTECTED] root]# ssh [EMAIL PROTECTED]
[EMAIL PROTECTED]'s password:
Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17
Connection to 192.168.1.10 closed.
[EMAIL PROTECTED] root]#


Off course:

loginShell: /bin/false

It logins, then just die, because it have no shell. :)

Here is part of 'slapd.log':
+++++++++++++++++++++++++++++++++++++++++++++++++++
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:22:31 eaglex slapd[20508]: conn=7 fd=15
closed
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=posixAccount)(uid=administrator))"
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH
attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 fd=15
ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND
dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu"
mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
anonymous mech=implicit ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18
ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389)
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:19 eaglex slapd[20508]: deferring
operation
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(&(objectClass=shadowAccount)(uid=Administrator))"
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH
attr=uid userPassword shadowLastChange shadowMax
shadowMin shadowWarning shadowInactive shadowExpire
Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=8 op=4
UNBIND
Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389)
Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18
closed
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" method=128
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND
dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0
RESULT tag=97 err=0 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH
base="dc=wbcoll,dc=edu" scope=2
filter="(uid=Administrator)"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
base="ou=Groups,dc=wbcoll,dc=edu" scope=1
filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))"
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH
attr=cn userPassword memberUid uniqueMember gidNumber
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2
SEARCH RESULT tag=101 err=0 nentries=1 text=
Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15
closed

+++++++++++++++++++++++++++++++++++++++++++++++++++

Is it alright if I delete the files in
'/var/lib/ldap/*' before I use 'slapindex'?

When I do the 'ldapsearch' command, machine entry does
not exist anymore.

Here is my 'smb.conf' after taking out what you told
me and using 'testparm -s > /tmp/smb.conf'

+++++++++++++++++++++++++++++++++++++++++++++
[EMAIL PROTECTED] root]# cat /tmp/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
# Global parameters
[global]
       workgroup = AGUILAS
       netbios name = EALGEX
       server string = Samba-LDAP PDC Server
       map to guest = Bad User
       passdb backend = ldapsam:ldap://127.0.0.1/
       username map = /etc/samba/smbusers
       log level = 10
       log file = /var/log/samba/%m.log
       max log size = 10000
       time server = Yes
       deadtime = 10
       socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
       printcap name = cups
       add user script = /usr/sbin/smbldap-useradd -m
"%u"
       add group script = /usr/sbin/smbldap-groupadd
-p "%g"
       add user to group script =
/usr/sbin/smbldap-groupmod -m "%u" "%g"
       delete user from group script =
/usr/sbin/smbldap-groupmod -x "%u" "%g"
       set primary group script =
/usr/sbin/smbldap-usermod -g "%g" "%u"
       add machine script = /usr/sbin/smbldap-useradd
-w "%u"
       logon script = logon.bat
       logon path =
       logon drive = H:
       logon home =
       domain logons = Yes
       os level = 65
       preferred master = Yes
       domain master = Yes
       dns proxy = No
       wins support = Yes
       ldap suffix = dc=wbcoll,dc=edu
       ldap machine suffix =
ou=People,dc=wbcoll,dc=edu
       ldap user suffix = ou=Users,dc=wbcoll,dc=edu
       ldap group suffix = ou=Groups,dc=wbcoll,dc=edu
       ldap idmap suffix = dc=wbcoll,dc=edu
       ldap admin dn = cn=Manager,dc=wbcoll,dc=edu
       ldap passwd sync = Yes
       ldap delete dn = Yes
       printer admin = @print Operators
       create mask = 0640
       directory mask = 0750
       hosts allow = 192.168.1., 192.168.2., 127.
       printing = cups
       dont descend =
/proc,/dev,/etc,/lib,/lost+found,/initrd

[homes]
       comment = Home Directories
       read only = No
       browseable = No

[netlogon]
       comment = Network Logon Service
       path = /var/lib/samba/netlogon
       guest ok = Yes
       share modes = No

++++++++++++++++++++++++++++++++++++++++++++++++

once again,

Ambex









__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to