Hi,
I have an Open 3.5 box
What i want to do is to have a box authenticating from LDAP for samba,smtp,pop,ftp,apache
Samba is supposed to be a PDC authenticating from LDAP.
I installed openldap-server-2.1.27 , openldap-client-2.1.27 from openbsd packages.
Openldap has ldbm backend, and i have a directory which i can use for smtp and pop authentication.
Bind is installed and dns records for myhost.com is working correctly.
Installed samba-3.0.9 from source with --with-ldap and --with-ldapsam - The configuration files are at the end of the email.
Ran the smbldap-populate.pl and created the necessary directories,
when i try to create an account using smbldap-useradd.pl, it creates the ldap entries successfuly but can not create the unix user (actually i'm not sure if this is really necessary, since i dont want to use real users on my system)
./smbldap-useradd.pl -a savas (smbldap-useradd savas didnt work either)
When i invoke command
# ../bin/net groupmap list
Domain Admins (S-1-5-21-4276031234-832571036-2739979074-512) -> Domain Admins
Domain Users (S-1-5-21-4276031234-832571036-2739979074-513) -> Domain Users
Domain Guests (S-1-5-21-4276031234-832571036-2739979074-514) -> Domain Guests
Administrators (S-1-5-21-4276031234-832571036-2739979074-544) -> Administrators
users (S-1-5-21-4276031234-832571036-2739979074-545) -> users
Guests (S-1-5-21-4276031234-832571036-2739979074-546) -> Guests
Power Users (S-1-5-21-4276031234-832571036-2739979074-547) -> Power Users
Account Operators (S-1-5-21-4276031234-832571036-2739979074-548) -> Account Operators
Server Operators (S-1-5-21-4276031234-832571036-2739979074-549) -> Server Operators
Print Operators (S-1-5-21-4276031234-832571036-2739979074-550) -> Print Operators
Backup Operators (S-1-5-21-4276031234-832571036-2739979074-551) -> Backup Operators
Replicator (S-1-5-21-4276031234-832571036-2739979074-552) -> Replicator
Domain Computers (S-1-5-21-4276031234-832571036-2739979074-553) -> Domain Computers
Everything seems to be fine, but when i try to join the domain using
# ../bin/net rpc join -U Administrator
Dec 9 10:44:07 ldap smbd[14294]: [2004/12/09 10:44:07, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
Dec 9 10:44:07 ldap smbd[14294]: [2004/12/09 10:44:07, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
Dec 9 10:44:07 ldap smbd[14294]: get_md4pw: Workstation LDAP$: no account in domain
Dec 9 10:44:07 ldap smbd[14294]: get_md4pw: Workstation LDAP$: no account in domain
Password:
Could not connect to server LDAP
The username or password was not correct.
I can use shares with users' passwords, but cant join the domain
I don't have pam nor nss, i've been trying and searching the net for a solution but failed.
Solutions were all with pam or nss, so maybe i'm missing something which should be done for openbsd spesifically.
Ps: If any information is missing, please letme know.
Any help will be greatly appreciated.
Thanks.
These are my conf files i used.
----- slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/qmail.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/samba.schema
#TLSCipherSuite MEDIUM TLSCertificateFile /etc/openldap/crt.pem TLSCertificateKeyFile /etc/openldap/key.pem
database ldbm
suffix "dc=myhost,dc=com"
rootdn "cn=admin,dc=myhost,dc=com"
rootpw "XXX" <-------------------------------------------- hashed with SSHA
directory /usr/local/var/openldap/myhost.com
cachesize 40000 dbcachesize 60000000 # # index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index objectClass pres,eq # old 2.x samba attrs index rid,primaryGroupID eq # index default sub
access to dn=".*dc=myhost,dc=com"
by self write
by * read----- end of slapd.conf
----- ldap.conf URI ldaps://ldap.myhost.com/ tls_checkpeer yes tls_cacert /etc/ssl/private/cacert.pem ----- end of ldap.conf
----- smb.conf
[global]
netbios name = ldap
server string = Samba %v on %L
workgroup = MYHOST
; SAMBA-LDAP declarations
passdb backend = ldapsam:ldap://ldap.myhost.com/
idmap backend = ldap:ldap://ldap.myhost.com/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=admin,dc=myhost,dc=com
ldap suffix = dc=myhost,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
ldap ssl = start tlsadd machine script = /usr/local/samba/smbldap-tools/smbldap-useradd -w "%u"
add user script = /usr/local/samba/smbldap-tools/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/samba/smbldap-tools/smbldap-userdel "%u"
add machine script = /usr/local/samba/smbldap-tools/smbldap-useradd -w "%u"
add group script = /usr/local/samba/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /usr/local/samba/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /usr/local/samba/smbldap-tools/smbldap-groupmod -m "% u" "%g"
delete user from group script = /usr/local/samba/smbldap-tools/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/samba/smbldap-tools/smbldap-usermod -g "%g" "%u"
os level = 65
prefered master = yes
domain master = yes
local master = yes
domain logons = yessocket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
time server = yes
security = user
guest ok = no
invalid users = bin deamon sys man postfix mail ftp
admin users = @wheelencrypt passwords = yes
logon path = \\%N\profiles\%u
; general logon script (in DOS format)
logon script = logon.bat[netlogon]
path = /usr/local/samba/netlogon
guest ok = Yes
Locking = Yes
public = no
writeable = no
browsable = no; share for storing user profiles
[profiles]
path = /usr/local/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browsable = no
--- end of smb.conf--- smbldap_conf.pm $UID_START = 2000; $GID_START = 2000;
$SID='S-1-5-21-4276031234-832571036-2739979074';
$slaveLDAP = "127.0.0.1"; $slavePort = "389";
$masterLDAP = "127.0.0.1"; $masterPort = "389";
$ldapSSL = "1";
$suffix = "dc=myhost,dc=com";
$usersou = q(People); $usersdn = "ou=$usersou,$suffix";
$computersou = q(People); $computersdn = "ou=$computersou,$suffix";
$groupsou = q(Groups); $groupsdn = "ou=$groupsou,$suffix";
$scope = "sub";
$hash_encrypt="SSHA";
$binddn = "cn=admin,$suffix";
$bindpasswd = "XXXX"; <--------------------------------------------------- My LDAP admin password
$slaveDN = $binddn; $slavePw = $bindpasswd; $masterDN = $binddn; $masterPw = $bindpasswd;
$_userLoginShell = q(/bin/sh);
$_userHomePrefix = q(/home/);
$_userGecos = q(System User);
$_defaultUserGid = 513;
$_defaultComputerGid = 553;
$_userSmbHome = q(\\\\LDAP\\homes);
$_userProfile = q(\\\\LDAP\\profiles\\);
$_userHomeDrive = q(U:);
$with_smbpasswd = 0; $smbpasswd = "/usr/bin/smbpasswd"; $mk_ntpasswd = "/sbin/mkntpwd";
$slaveURI = "ldap://$slaveLDAP:$slavePort";; $masterURI = "ldap://$masterLDAP:$masterPort";;
$ldap_path = "/usr/local/bin";
#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
1; ---- end of smbldap_conf.pm
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
