Re: Samba PDC with LDAP backend
On Fri, Sep 04, 2009 at 02:43:00PM +0700, Olivier Nicole typed: Hi Ruel, But, I have one question left.. How do you join the Windows xp client on the domain? Is there another tweak must be done? The same way a PC would join any samba domain. The PC joining Samba does not know that Samba is using LDAP or anything else for authentication, so the PC talks to Samba the way it always does/did. (I managed, with some effort, to replace one Samba server authenticating to Unix /etc/passwd, by a Samba server authenticating with LDAP, without the XP clients noticing, that is nothing at all to be done on XP). Yes, I have a script that does precisely this (read master.passwd, smbpasswd and group and create an LDIF to import into LDAP. This is now being used for the migration of 1200 samba servers from backend=smbpasswd to backend=ldapsam. Most important things is preserving the SID's (net getlocalsid) and group mappings (net groupmap list). Windows clients will not notice any difference. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 6:51 PM, Ruben de Groot mai...@bzerk.org wrote: On Mon, Jul 20, 2009 at 06:22:50PM +0800, Ruel Luchavez typed: But to some one out their who has an idea to this you are very much WELCOME:-) I think this was mentioned before, but did you have to edit /usr/local/etc/smbldap-tools/smbldap.conf and /usr/local/etc/smbldap-tools/smbldap_bind.conf Ruben Wew...after a long weeks of searching I finally solve my own problem.. Lucky for me.. But, I have one question left.. How do you join the Windows xp client on the domain? Is there another tweak must be done? -- Regards, rHueL Happy BSD user... Country:Philippines ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 12:53:40PM +0800, Ruel Luchavez typed: On Sat, Jul 18, 2009 at 11:43 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// / ldap://127.0.0.1/;' You try to start slapd with ssl/tls support (ldaps), but I didn't see any TLS parameters in the slapd.conf file you posted. Ruben Hey Ruben, Is it necessary to have ssl/tls support? My goal is to build a Samba PDC on FreeBSD with a ldap backend. This will not authenticate ssh users just a plain samba server for our windows clients. More ideas are very WELCOME... Thanks.:-) -- Rhuel FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 You do not need to add ssl/tls it is some extra security. But First try to make sure the ldap server start. 192.168.5.0 is nota n ipadres but a network, i do not know fors ure but i thougt it need an ipadres like 192.168.5.1 But try this one First and look i fit starts. slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' It will listen on all your ip's available on your system. If it does still not start then look at the configuration of your slapd.conf file Regards, Johan Hendriks (Sylhouette) No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.20/2249 - Release Date: 07/19/09 17:59:00 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 4:04 PM, Johan Hendriks jo...@double-l.nl wrote: On Sat, Jul 18, 2009 at 12:53:40PM +0800, Ruel Luchavez typed: On Sat, Jul 18, 2009 at 11:43 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// / ldap://127.0.0.1/;' You try to start slapd with ssl/tls support (ldaps), but I didn't see any TLS parameters in the slapd.conf file you posted. Ruben Hey Ruben, Is it necessary to have ssl/tls support? My goal is to build a Samba PDC on FreeBSD with a ldap backend. This will not authenticate ssh users just a plain samba server for our windows clients. More ideas are very WELCOME... Thanks.:-) -- Rhuel FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 You do not need to add ssl/tls it is some extra security. But First try to make sure the ldap server start. 192.168.5.0 is nota n ipadres but a network, i do not know fors ure but i thougt it need an ipadres like 192.168.5.1 But try this one First and look i fit starts. slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' It will listen on all your ip's available on your system. If it does still not start then look at the configuration of your slapd.conf file Regards, Johan Hendriks (Sylhouette) No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.20/2249 - Release Date: 07/19/09 17:59:00 Hey Mr. Johan (Sylhoutte) Thanks for your reply, are you the author of this link? because I posted a reply on your comment their http://forums.freebsd.org/showthread.php?t=770page=2 But anyway..Thanks for your time!!! Back to my problem I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l Does it means it is running OR not? and her's my slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/samba.schema loglevel 256 pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args #Additional config #access to attrs=userpPassword # by dn=uid=root,ou=People,dc=mydomain,dc=local write # by dn=cn=Manager,dc=mydomain,dc=local write # by anonymoud auth # by self write # by * none #access to dn.base=by * read #access to * # by dn=cn=Manager,dc=mydomain,dc=local write # by * read # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb ### # BDB database definitions ### databasebdb suffix dc=mydomain,dc=local rootdn cn=Manager,dc=mydomain,dc=local #rootpw = very-secure-password rootpw secret directory /usr/local/var/db/openldap-data # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub Hoping you have more ideas on this... Thanks for your immediate reply.. -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l I see no ldaps:// in the command, but one in the ps, that is strange! Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 4:35 PM, Olivier Nicole o...@cs.ait.ac.th wrote: I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l I see no ldaps:// in the command, but one in the ps, that is strange! Olivier Hey What do you mean you dont see no ldaps:// -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, 20 Jul 2009 16:50:48 +0800, Ruel Luchavez ruel.free...@gmail.com wrote: On Mon, Jul 20, 2009 at 4:35 PM, Olivier Nicole o...@cs.ait.ac.th wrote: I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l I see no ldaps:// in the command, but one in the ps, that is strange! Olivier Hey What do you mean you dont see no ldaps:// slapd_flags: f1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ f2 = ldap://0.0.0.0/ f3 = ldap://127.0.0.1/ ps output: p1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ p2 = ldaps://127.0.0.1/ p3 = ldap://192.168.5.200/ Compage f3 to p2: ldap://127.0.0.1/ vs. ldaps://127.0.0.1/ -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 4:55 PM, Polytropon free...@edvax.de wrote: On Mon, 20 Jul 2009 16:50:48 +0800, Ruel Luchavez ruel.free...@gmail.com wrote: On Mon, Jul 20, 2009 at 4:35 PM, Olivier Nicole o...@cs.ait.ac.th wrote: I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l I see no ldaps:// in the command, but one in the ps, that is strange! Olivier Hey What do you mean you dont see no ldaps:// slapd_flags: f1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ f2 = ldap://0.0.0.0/ f3 = ldap://127.0.0.1/ ps output: p1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ p2 = ldaps://127.0.0.1/ p3 = ldap://192.168.5.200/ Compage f3 to p2: ldap://127.0.0.1/ vs. ldaps://127.0.0.1/ -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... Thanks Polytropon I get the point.. H...where did i mess up... I'll try to triple check all the config.. -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 5:10 PM, Ruel Luchavez ruel.free...@gmail.comwrote: On Mon, Jul 20, 2009 at 4:55 PM, Polytropon free...@edvax.de wrote: On Mon, 20 Jul 2009 16:50:48 +0800, Ruel Luchavez ruel.free...@gmail.com wrote: On Mon, Jul 20, 2009 at 4:35 PM, Olivier Nicole o...@cs.ait.ac.th wrote: I know this is running slapd_flags='-h \ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldap://127.0.0.1/\;' as is issue a command ps -aux | grep slap, hers whats the box give to me #ps -aux | grep slap ldap 1273 0.0 6.6 341992 7816 ?? Is4:17PM 0:00.14 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://127.0.0.1/ ldap://192.168.5.200/ -u l I see no ldaps:// in the command, but one in the ps, that is strange! Olivier Hey What do you mean you dont see no ldaps:// slapd_flags: f1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ f2 = ldap://0.0.0.0/ f3 = ldap://127.0.0.1/ ps output: p1 = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ p2 = ldaps://127.0.0.1/ p3 = ldap://192.168.5.200/ Compage f3 to p2: ldap://127.0.0.1/ vs. ldaps://127.0.0.1/ -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... Thanks Polytropon I get the point.. H...where did i mess up... I'll try to triple check all the config.. -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 Hey guys... There is an improvement... this is my current /etc/rc.conf slapd_enable=YES slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/ldap:// 192.168.5.200/' slapd_sockets=/var/run/openldap/ldapi samba_enable=YES winbindd_enable=YES cupsd_enable=YES and this is the output of ps -aux | grep slap #ps -aux | grep slap ldap 1667 0.0 6.7 345832 7936 ?? Ss5:24PM 0:01.18 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap:// 127.0.0.1/ ldap://192.168.5.200/ -u ld root 1794 0.0 0.2 388 268 p0 R+5:32PM 0:00.00 grep slap Well regarding what Oliver said I see no ldaps:// in the command, but one in the ps, that is strange! I think it is solve now! Am I right? Then I populate the database, unfortunate there another error and I can't understand the code in smbldap_tools.pm! Her's the output of the box #smbldap-populate -u 1 -g 1 -r 1 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, DATA line 466. adding new entry: ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 12. adding new entry: ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 17. adding new entry: ou=Computers,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 22. adding new entry: ou=Idmap,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 27. adding new entry: uid=root,ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 58. adding new entry: uid=nobody,ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 101. adding new entry: cn=Domain Users,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 134. adding new entry: cn=Administrators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 179. adding new entry: cn=Account Operators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 201. adding new entry: cn=Print
RE: {Disarmed} Re: Samba PDC with LDAP backend
There is an improvement... this is my current /etc/rc.conf slapd_enable=YES slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://MailScanner warning: numerical links are often malicious: 127.0.0.1/ http://127.0.0.1/ ldap://MailScanner warning: numerical links are often malicious: 192.168.5.200/ http://192.168.5.200/ ' slapd_sockets=/var/run/openldap/ldapi samba_enable=YES winbindd_enable=YES cupsd_enable=YES and this is the output of ps -aux | grep slap #ps -aux | grep slap ldap 1667 0.0 6.7 345832 7936 ?? Ss5:24PM 0:01.18 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://MailScanner warning: numerical links are often malicious: 127.0.0.1/ http://127.0.0.1/ ldap://MailScanner warning: numerical links are often malicious: 192.168.5.200/ http://192.168.5.200/ -u ld root 1794 0.0 0.2 388 268 p0 R+5:32PM 0:00.00 grep slap Well regarding what Oliver said I see no ldaps:// in the command, but one in the ps, that is strange! I think it is solve now! Am I right? Then I populate the database, unfortunate there another error and I can't understand the code in smbldap_tools.pm! Her's the output of the box #smbldap-populate -u 1 -g 1 -r 1 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, DATA line 466. adding new entry: ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 12. adding new entry: ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 17. adding new entry: ou=Computers,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 22. adding new entry: ou=Idmap,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 27. adding new entry: uid=root,ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 58. adding new entry: uid=nobody,ou=People,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 89. adding new entry: cn=Domain Admins,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 101. adding new entry: cn=Domain Users,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 112. adding new entry: cn=Domain Guests,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 123. adding new entry: cn=Domain Computers,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 134. adding new entry: cn=Administrators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 179. adding new entry: cn=Account Operators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 201. adding new entry: cn=Print Operators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 212. adding new entry: cn=Backup Operators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 223. adding new entry: cn=Replicators,ou=Groups,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 234. adding new entry: sambaDomainName=MYDOMAIN,dc=mydomain,dc=local failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, GEN1 line 242. Please provide a password for the domain root: No such object at /usr/local/lib/perl5/site_perl/5.8.9/smbldap_tools.pm line 406, DATA line 466. # return (success, dn ) --and this is the line at 466 of smbldap_tools.pm What does it mean?? I can't type the password for the domain root cause it ends up there... You guys are great...FreeBSD Rock Thanks... -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 Ok did you do these steps of my howto. Configuration
Re: Samba PDC with LDAP backend
#smbldap-populate -u 1 -g 1 -r 1 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=mydomain,dc=local failed to add entry: modifications require authentication at In fact the script smbldap-populate hangs here, see, it mentions the authentication error at the begining. I never used smbldap-populate, but I beleive that to have it wiork, you must configure/edit that script and define a password somewhere. I beleive you would also have to configure the domain name, unless you want to keep MYDOMAIN (see line number two). As I suggested few days ago, you should try to do a ldapsearch and get a result from it first. Samba is not something simple to configure. LDAP neither, so you better go step by step. Good luck, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 6:17 PM, Olivier Nicole o...@cs.ait.ac.th wrote: #smbldap-populate -u 1 -g 1 -r 1 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=mydomain,dc=local failed to add entry: modifications require authentication at In fact the script smbldap-populate hangs here, see, it mentions the authentication error at the begining. I never used smbldap-populate, but I beleive that to have it wiork, you must configure/edit that script and define a password somewhere. I beleive you would also have to configure the domain name, unless you want to keep MYDOMAIN (see line number two). As I suggested few days ago, you should try to do a ldapsearch and get a result from it first. Samba is not something simple to configure. LDAP neither, so you better go step by step. Good luck, Olivier Well Thanks for your insight Oliver! I think your right that Samba is not something simple to configure neither LDAP too.. Wheeew.. I'll try my luck here because I started this already.. Anyway...Thanks.. -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 6:21 PM, Ruel Luchavez ruel.free...@gmail.comwrote: On Mon, Jul 20, 2009 at 6:17 PM, Olivier Nicole o...@cs.ait.ac.th wrote: #smbldap-populate -u 1 -g 1 -r 1 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=mydomain,dc=local failed to add entry: modifications require authentication at In fact the script smbldap-populate hangs here, see, it mentions the authentication error at the begining. I never used smbldap-populate, but I beleive that to have it wiork, you must configure/edit that script and define a password somewhere. I beleive you would also have to configure the domain name, unless you want to keep MYDOMAIN (see line number two). As I suggested few days ago, you should try to do a ldapsearch and get a result from it first. Samba is not something simple to configure. LDAP neither, so you better go step by step. Good luck, Olivier Well Thanks for your insight Oliver! I think your right that Samba is not something simple to configure neither LDAP too.. Wheeew.. I'll try my luck here because I started this already.. Anyway...Thanks.. -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 But to some one out their who has an idea to this you are very much WELCOME:-) -- rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Mon, Jul 20, 2009 at 06:22:50PM +0800, Ruel Luchavez typed: But to some one out their who has an idea to this you are very much WELCOME:-) I think this was mentioned before, but did you have to edit /usr/local/etc/smbldap-tools/smbldap.conf and /usr/local/etc/smbldap-tools/smbldap_bind.conf Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 12:53:40PM +0800, Ruel Luchavez typed: On Sat, Jul 18, 2009 at 11:43 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.168.5.0/ ldap://127.0.0.1/;' You try to start slapd with ssl/tls support (ldaps), but I didn't see any TLS parameters in the slapd.conf file you posted. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sun, Jul 19, 2009 at 7:28 PM, Ruben de Groot mai...@bzerk.org wrote: On Sat, Jul 18, 2009 at 12:53:40PM +0800, Ruel Luchavez typed: On Sat, Jul 18, 2009 at 11:43 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.168.5.0/ ldap://127.0.0.1/;' You try to start slapd with ssl/tls support (ldaps), but I didn't see any TLS parameters in the slapd.conf file you posted. Ruben Hey Ruben, Is it necessary to have ssl/tls support? My goal is to build a Samba PDC on FreeBSD with a ldap backend. This will not authenticate ssh users just a plain samba server for our windows clients. More ideas are very WELCOME... Thanks.:-) -- Rhuel FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
Rhuel, In your starting command you have: ldaps://192.168.5.0/ ldap://127.0.0.1/;' This means TLS/SSL. If you don't want it, remove it from your command. Is it necessary to have ssl/tls support? It is up to you. TLS/SSL will bring some extra security. It may be important if the network between your LDAP and your samba servers is unsecure. Bests, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
Hi, when I look at the smblap_tools.pm at line 322 this is what it look likes and sorry I cant understand the code: else { $ldap_master = Net::LDAP-new( --This is line 322 $config{masterLDAP}, port= $config{masterPort}, version = 3, timeout = 60, Are you sure about your configuration of smbldap? Are you sure ldap is running? Have you tried a manual access through ldapsearch(1)? Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 10:07 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Hi, when I look at the smblap_tools.pm at line 322 this is what it look likes and sorry I cant understand the code: else { $ldap_master = Net::LDAP-new( --This is line 322 $config{masterLDAP}, port= $config{masterPort}, version = 3, timeout = 60, Are you sure about your configuration of smbldap? Are you sure ldap is running? Have you tried a manual access through ldapsearch(1)? Olivier Hello, Im sure with my smblap..why?Is there something wrong with my config? And yes ldap is running #ps -aux | grep slap ldap 1522 0.0 6.6 341992 7756 ?? Is 10:15AM 0:00.08 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ldap:// 0.0.0.0/ldap://192.168.5.0/ldap://127.0 root 1678 0.0 0.2 388 268 p0 R+ 10:20AM 0:00.00 grep slap Its running right? I also tried the ldapsearch and it says it cant contact the ldap server #ldapsearch ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) any more ideas? thanks for your reply -- Ruel Luchavez FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
Ruel, And yes ldap is running #ps -aux | grep slap That the process slapd is running does not mean you can access it. That: /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ldap:// 0.0.0.0/ldap://192.168.5.0/ldap://127.0 looks strange to me, I am used to someting like: /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://192.41.170.6/ ldap://192.41.170.6/ -u ldap -g ldap with space between each URL on the command line. You should first assert that LDAP is running the way you want, if it is, you should be able to find a set of options to use with ldapsearch to be able to access your LDAP server. Basically, these options will have to be transposed into smbldap configuration. Good luck, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 10:25 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Ruel, And yes ldap is running #ps -aux | grep slap That the process slapd is running does not mean you can access it. That: /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ldap:// 0.0.0.0/ldap://192.168.5.0/ldap://127.0 looks strange to me, I am used to someting like: /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://192.41.170.6/ ldap://192.41.170.6/ -u ldap -g ldap with space between each URL on the command line. You should first assert that LDAP is running the way you want, if it is, you should be able to find a set of options to use with ldapsearch to be able to access your LDAP server. Basically, these options will have to be transposed into smbldap configuration. Good luck, Olivier Hey, I tried you idea with NO SPACE between each URL but when i restart the LDAP it does not start anymore...hmmm what did i mess here!!?? Anyway thanks for your immediate responds..maybe i try to dig more to solve this. Those who have more idea, you are welcome to comment... -- Ruel Luchavez FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
Ruel, I tried you idea with NO SPACE between each URL but when i restart the LDAP it does not start anymore...hmmm what did i mess here!!?? in /etc/rc.conf I have: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps://192.41.170.6/ ldap://192.41.170.6/;' see the specific use of quotes. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 11:11 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Ruel, I tried you idea with NO SPACE between each URL but when i restart the LDAP it does not start anymore...hmmm what did i mess here!!?? in /etc/rc.conf I have: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.41.170.6/ ldap://192.41.170.6/;' see the specific use of quotes. Olivier Hey Oliver, Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.168.5.0/ ldap://127.0.0.1/;' I still have no LUCK...:-( Thanks -- RhueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.168.5.0/ ldap://127.0.0.1/;' At this point it would be usefull that you have a look in the logs at /var/log and see what is wrong in your command line. It may also be usefull to set rc_debug=YES in /etc/rc.conf, so you can see the exact command line that is tried when you start ldap server with /usr/local/etc/rc.d/slapd start Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Samba PDC with LDAP backend
On Sat, Jul 18, 2009 at 11:43 AM, Olivier Nicole o...@cs.ait.ac.th wrote: Still it does not start the LDAP, hers my /etc/rc.conf: slapd_flags='-h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldaps:// 192.168.5.0/ ldap://127.0.0.1/;' At this point it would be usefull that you have a look in the logs at /var/log and see what is wrong in your command line. It may also be usefull to set rc_debug=YES in /etc/rc.conf, so you can see the exact command line that is tried when you start ldap server with /usr/local/etc/rc.d/slapd start Olivier Thanks... I'll try your idea..I'll be back -- Ruel Luchavez FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org