Hi, I have been trying to work this out on my own now for about a week and feel like I am so close..haha. I have samba setup as a PDC and in theory authenticating users through openLDAP with the use of smbldap-tools by IDEALX. I have checked the windows registry fix, but still no luck. When I try to join the domain as root, I get the error: "Username could not be found"
Any help would be greatly, greatly appreciated as I am at the end of my time to get this job done. I don't need encryption and don't mind if everything is plain text..(security not issue yet) I have included all configs i believe are important (minus the comments to make them shorter) please let me know if I can provide anything else! Thank you in advance for your time, Ryan Taylor [EMAIL PROTECTED] ****************************** ******************* /ETC/SAMBA/SMB.CONF ************************************************** #======================= Global Settings ===================================== [global] workgroup = BEEFY-NT netbios name = PDC-SRV #enable privileges = yes interfaces = 192.168.0.69 <http://192.168.0.69/> username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 2 syslog = 2 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.beefylinux.com"; <ldap://slave.beefylinux.com%22> # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=beefylinux,dc=com ldap suffix = dc=beefylinux,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start_tls add user script = /usr/local/sbin/smbldap-useradd =m "%u" ldap delete dn = Yes #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" # printers configuration printer admin = @"Print Operators" load printers = Yes create mask = 0640 directory mask = 0750 nt acl support = No printing = cups printcap name = cups deadtime = 10 guest account = nobody map to guest = Bad User dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd show add printer wizard = yes ; to maintain capital letters in shortcuts in any of the profile folders: preserve case = yes short preserve case = yes case sensitive = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = repertoire de %U, %u read only = No create mask = 0644 directory mask = 0775 browseable = no [netlogon] path = /home/netlogon/ browseable = No read only = yes [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" [printers] comment = Network Printers printer admin = @"Print Operators" guest ok = yes printable = yes path = /home/spool/ browseable = No read only = Yes printable = Yes print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [print$] path = /home/printers printer admin = @"Print Operators" guest ok = yes browseable = Yes read only = Yes valid users = @"Printer Operators" write list = @"Print Operators" create mask = 0664 directory mask = 0775 [public] comment = Repertoire public path = /home/public browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0664 ************************************************* /etc/LDAP.CONF ************************************************* # @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $ # # This is the configuration file for the LDAP nameservice # switch library and the LDAP PAM module. # # PADL Software # http://www.padl.com # host 127.0.0.1 <http://127.0.0.1/> base dc=beefylinux,dc=com rootbinddn cn=manager,ou=DSA,dc=beefylinux,dc=com nss_base_passwd ou=Users,dc=beefylinux,dc=com?one nss_base_passwd ou=Computers,dc=beefylinux,dc=com?one nss_base_shadow ou=Users,dc=beefylinux,dc=com?one nss_base_group ou=Groups,dc=beefylinux,dc=com?one ssl no pam_password md5 ******************************************************* /etc/openldap/ldap.conf ******************************************************* HOST 127.0.0.1 <http://127.0.0.1/> BASE dc=beefylinux,dc=com TLS_REQCERT allow /etc/openldap/slapd.conf # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read database bdb suffix "dc=beefylinux,dc=com" rootdn "cn=Manager,dc=beefylinux,dc=com" rootpw jomomma2 directory /var/lib/ldap # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub *************************************************************** /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf *************************************************************** slaveDN="cn=Manager,dc=beefylinux,dc=com" slavePw="jomomma2" masterDN="cn=Manager,dc=beefylinux,dc=com" masterPw="jomomma2" *************************************************************** /etc/opt/IDEALX/smbldap-tools/smbldap.conf *************************************************************** SID="S-1-5-21-1950905915-4285831572-4043287157" sambaDomain="BEEFY-NT" slaveLDAP="127.0.0.1 <http://127.0.0.1/>" slavePort="389" masterLDAP="127.0.0.1 <http://127.0.0.1/>" masterPort="389" ldapTLS="0" verify="optional" #cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem" # certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem" # key certificate to use to connect to the ldap server # see "man Net::LDAP" in start_tls section for more details #clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key" suffix="dc=beefylinux,dc=com" usersdn="ou=Users,${suffix}" # Where are stored Computers # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for computersdn computersdn="ou=Computers,${suffix}" # Where are stored Groups # Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for groupsdn groupsdn="ou=Groups,${suffix}" # Where are stored Idmap entries (used if samba is a domain member server) # Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG" # Warning: if 'suffix' is not set here, you must set the full dn for idmapdn idmapdn="ou=Users,${suffix}" # Where to store next uidNumber and gidNumber available for new users and groups # If not defined, entries are stored in sambaDomainName object. # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}" # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" sambaUnixIdPooldn="sambaDomainName=BEEFY-NT,${suffix}" # Default scope Used scope="sub" # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="MD5" # if hash_encrypt is set to CRYPT, you may set a salt format. # default is "%s", but many systems will generate MD5 hashed # passwords if you use "$1$%.8s". This parameter is optional! crypt_salt_format="%s" ############################################################################## # # Unix Accounts Configuration # ############################################################################## # Login defs # Default Login Shell # Ex: userLoginShell="/bin/bash" userLoginShell="/bin/bash" # Home directory # Ex: userHome="/home/%U" userHome="/home/%U" # Default mode used for user homeDirectory userHomeDirectoryMode="700" # Gecos userGecos="System User" # Default User (POSIX and Samba) GID defaultUserGid="513" # Default Computer (Samba) GID defaultComputerGid="515" # Skel dir skeletonDir="/etc/skel" # Default password validation time (time in days) Comment the next line if # you don't want password to be enable for defaultMaxPasswordAge days (be # careful to the sambaPwdMustChange attribute's value) defaultMaxPasswordAge="45" ############################################################################## # # SAMBA Configuration # ############################################################################## # The UNC path to home drives location (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon home' # directive and/or disable roaming profiles # Ex: userSmbHome="\\PDC-SMB3\%U" userSmbHome="\\PDC-SRV\%U" # The UNC path to profiles locations (%U username substitution) # Just set it to a null string if you want to use the smb.conf 'logon path' # directive and/or disable roaming profiles # Ex: userProfile="\\PDC-SMB3\profiles\%U" userProfile="\\PDC-SRV\profiles\%U" # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: userHomeDrive="H:" userHomeDrive="H:" # The default user netlogon script name (%U username substitution) # if not used, will be automatically username.cmd # make sure script file is edited under dos # Ex: userScript="startup.cmd" # make sure script file is edited under dos userScript="logon.bat" # Domain appended to the users "mail"-attribute # when smbldap-useradd -M is used # Ex: mailDomain="idealx.com <http://idealx.com/>" mailDomain="beefylinux.com <http://beefylinux.com/>" ############################################################################## # # SMBLDAP-TOOLS Configuration (default are ok for a RedHat) # ############################################################################## # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but # prefer Crypt::SmbHash library with_smbpasswd="0" #smbpasswd="/opt/IDEALX/sbin/smbldap-passwd" smbpasswd="/usr/bin/smbpasswd" # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) # but prefer Crypt:: libraries with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner # no_banner="1" ************************************************************* OTHER IMPORTANT INFORMATION ************************************************************* [EMAIL PROTECTED] certs]# vi /etc/nsswitch.conf [EMAIL PROTECTED] certs]# net getlocalsid SID for domain PDC-SRV is: S-1-5-21-1950905915-4285831572-4043287157 [EMAIL PROTECTED] certs]# ldapsearch -x "uid=root" # extended LDIF # # LDAPv3 # base <> with scope sub # filter: uid=root # requesting: ALL # # root, Users, beefylinux.com <http://beefylinux.com/> dn: uid=root,ou=Users,dc=beefylinux,dc=com cn: root sn: root objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: root uidNumber: 0 homeDirectory: /home/root sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaHomePath: \\PDC-SRV\root sambaHomeDrive: H: sambaProfilePath: \\PDC-SRV\profiles\root sambaPrimaryGroupSID: S-1-5-21-1950905915-4285831572-4043287157-512 sambaSID: S-1-5-21-1950905915-4285831572-4043287157-500 loginShell: /bin/false gecos: Netbios Domain Administrator sambaPwdCanChange: 1128448503 sambaPwdMustChange: 2147483647 sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 00000000 sambaPwdLastSet: 1128448503 sambaAcctFlags: [U ] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [EMAIL PROTECTED] certs]# net groupmap list Domain Admins (S-1-5-21-1950905915-4285831572-4043287157-512) -> 512 Domain Users (S-1-5-21-1950905915-4285831572-4043287157-513) -> 513 Domain Guests (S-1-5-21-1950905915-4285831572-4043287157-514) -> 514 Domain Computers (S-1-5-21-1950905915-4285831572-4043287157-515) -> 515 Administrators (S-1-5-32-544) -> 544 Account Operators (S-1-5-32-548) -> 548 Print Operators (S-1-5-32-550) -> 550 Backup Operators (S-1-5-32-551) -> 551 Replicators (S-1-5-32-552) -> 552 ***************************************************************** Sorry for the long message, but again any help?? Thankyou! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
