Eduard Witteveen wrote:
Error: modifications require authentication at
/usr/share/perl5/smbldap_tools.pm line 891, <DATA> line 283.
[2005/08/11 16:46:54, 0]
rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"eduard-laptop$"' gave 127
I didnt read the log file completely, before this message there were
also some other messages:
[EMAIL PROTECTED]:/var/log/samba# cat log.eduard-laptop
[2005/08/12 15:15:26, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2005/08/12 15:15:26, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection
reset by peer
[2005/08/12 15:15:26, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/08/12 15:15:28, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2005/08/12 15:15:28, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection
reset by peer
[2005/08/12 15:15:28, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
Error: modifications require authentication at
/usr/share/perl5/smbldap_tools.pm line 891, <DATA> line 283.
[2005/08/12 15:15:38, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
"eduard-laptop$"' gave 127
[EMAIL PROTECTED]:/var/log/samba#
I assume that this means that the smbldap_tools.pm script cannot connect
to the ldap server. Therefore i opened the file and found the following
code:
sub get_next_id($$) {
my $ldap_base_dn = shift;
my $attribute = shift;
my $tries = 0;
my $found=0;
my $next_uid_mesg;
my $nextuid;
if ($ldap_base_dn =~ m/$config{usersdn}/i) {
# when adding a new user, we'll check if the uidNumber available
is not
# already used for a computer's account
$ldap_base_dn=$config{suffix}
}
do {
$next_uid_mesg = $ldap->search(
base =>
$config{sambaUnixIdPooldn},
filter =>
"(objectClass=sambaUnixIdPool)",
scope => "base"
);
$next_uid_mesg->code && die "Error looking for next uid";
if ($next_uid_mesg->count != 1) {
die "Could not find base dn, to get next $attribute";
}
my $entry = $next_uid_mesg->entry(0);
$nextuid = $entry->get_value($attribute);
my $modify=$ldap->modify( "$config{sambaUnixIdPooldn}",
changes => [
replace => [
$attribute => $nextuid + 1 ]
]
);
$modify->code && die "Error: ", $modify->error;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# let's check if the id found is really free (in ou=Groups or
ou=Users)...
my $check_uid_mesg = $ldap->search(
base => $ldap_base_dn,
filter =>
"($attribute=$nextuid)",
);
$check_uid_mesg->code && die "Cannot confirm $attribute $nextuid
is free";
if ($check_uid_mesg->count == 0) {
$found=1;
return $nextuid;
}
$tries++;
print "Cannot confirm $attribute $nextuid is free: checking for
the next one\n"
} while ($found != 1);
die "Could not allocate $attribute!";
}
This means that the variable $config{sambaUnixIdPooldn} contains
something we dont like. I assume that this came from the file
/etc/smbldap-tools/smbldap.conf
This contains the value:
sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
(i checked this one and it exists in ldap)
Also:
suffix="dc=hawarit,dc=com"
I've read the other documentation, but it doesnt give me any clue's
Joachim told me to store the machines in the Users organisation-unit.
Could somebody please give me some more pointers?
--
Eduard Witteveen
+31 (0)6 414 789 23
nl_NL fy_NL en_US
# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.15 2004/10/14 09:53:14 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
# Purpose :
# . be the configuration file for all smbldap-tools scripts
##############################################################################
#
# General Configuration
#
##############################################################################
# Put your own SID
# to obtain this number do: net getlocalsid
#SID="S-1-5-21-1911238739-97561441-2706018148"
SID="S-1-5-21-183558713-2656141884-2480778994"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)
# Ex: slaveLDAP=127.0.0.1
slaveLDAP="127.0.0.1"
slavePort="389"
# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="127.0.0.1"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="0"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/smbldap-tools/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=hawarit,dc=com"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=Users,${suffix}"
# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=Computers,${suffix}"
# Where are stored Groups
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server)
# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
idmapdn="ou=Idmap,${suffix}"
# Where to store next uidNumber and gidNumber available
sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
# Default scope Used
scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
hash_encrypt="SSHA"
# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"
# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="513"
# Default Computer (Samba) GID
defaultComputerGid="515"
# Skel dir
skeletonDir="/etc/skel"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="99"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
# The UNC path to home drives location (%U username substitution)
# Ex: \\My-PDC-netbios-name\homes\%U
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
userSmbHome="\\pdc\homes\%U"
# The UNC path to profiles locations (%U username substitution)
# Ex: \\My-PDC-netbios-name\profiles\%U
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
userProfile="\\pdc\profiles\%U"
# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: H: for H:
userHomeDrive="H:"
# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: %U.cmd
# userScript="startup.cmd" # make sure script file is edited under dos
userScript="%U.cmd"
# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
mailDomain="hawarit.com"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN="cn=manager,dc=hawarit,dc=com"
slavePw="password"
masterDN="cn=manager,dc=hawarit,dc=com"
masterPw="password"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
