Re: [Samba] Samba + LDAP problem for find user name

2009-10-28 Thread Jamrock 

"Bruno Steven"  wrote in message
news:c6bf33680910270225n6b5423e5te193e27399144...@mail.gmail.com...
I have samba integrated with openldap , all process are up and I am trying
add one machine Windows XP with SP3 in domain Samba , but windows show this
message  Error while the attempt  of entry in domain "amblivre.com"  Is not
possible find user name

I am tired because I don´t found any solution about this problem , I need
some idea ..

Thanks ...

Have you set up nss ldap?

When you type "getent passwd" do you see the users created in ldap as well
as those in the /etc/passwd file?

When you type "getent group" do you see the groups created in ldap as well
as those in the /etc/group file?




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem for find user name

2009-10-27 Thread Bruno Steven 
Hi .. guy or girls ... until now I did´t found any information that resolv
my problem , there is somebody in this list that made Samba more Openldap
together work ?



On Tue, Oct 27, 2009 at 7:25 AM, Bruno Steven  wrote:

> I have samba integrated with openldap , all process are up and I am trying
> add one machine Windows XP with SP3 in domain Samba , but windows show this
> message  Error while the attempt  of entry in domain "amblivre.com"  Is
> not possible find user name
>
> I am tired because I don´t found any solution about this problem , I need
> some idea ..
>
> Thanks ...
>
> --
> Bruno Steven - Administrador de sistemas.
> LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
> https://www.lpi.org/caf/Xamman/certification
>
> MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
> https://mcp.microsoft.com/authenticate/validatemcp.aspx
>
>
> P Antes de imprimir pense em sua responsabilidade e comprometimento com o
> Meio Ambiente. Before printing this message, think about your ecologic
> responsability and environment commitment.
>



-- 
Bruno Steven - Administrador de sistemas.
LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4
https://www.lpi.org/caf/Xamman/certification

MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100
https://mcp.microsoft.com/authenticate/validatemcp.aspx


P Antes de imprimir pense em sua responsabilidade e comprometimento com o
Meio Ambiente. Before printing this message, think about your ecologic
responsability and environment commitment.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Johan Hendriks 


 Hi,

 we had this setup working for quite some time but after upgrading  
 the
 samba package things look different:

 we now have the following samba/ldap setup:

 samba-3.0.34p1-cups-ldap
 openldap-server-2.3.43

 the samba-ldap configuration is:
 doing parameter ldap suffix = dc=foo,dc=ch
 doing parameter ldap machine suffix =  
 ou=Computers,ou=Samba,ou=system
 snip
>>
 in this state we don't see any packets going to the ldap server
 anymore.
 Have you seen this behaviour or do you have any hints how we could
 debug
 this better?

>>
>>
>>> Very strange is also teh fact, that the first connection works, but
>>> gets interrupted in the middle somehow and then all subsequent
>>> attempts using smbclient fail:
>>
>>> root:13# pgrep smbd
>>> 4268
>>> 30945
>>> root:14# smbclient -U mbalmer -L tesla
>>> Password:
>>> Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
>>> snip ..
>>
>>> This is on OpenBSD 4.4/i386, btw.
>>
>>> - Marc
>>
>> Did you copy the new samba schema file from the new samba version to

>> the
>> openldap scheme directory?
>> I had some strange problems once after a update and that was the  
>> case in
>> my situation.

>Yes I did that, but of course the additional fields in the SambaDomain

>object are empty.  Do I need to full them with some values?

>- Marc

As far as i know not, in my case the copy of schema file was enough, i
could not imagine why it needs altering.
I mean this file (On FreeBSD).
/usr/local/share/examples/samba/LDAP/samba.schema

And that needs to be copied to the loaction mentioned in your slapd.conf
file:
in my case:
include /usr/local/etc/openldap/schema/samba.schema

regards,
Johan

Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Marc Balmer 


Am 17.07.2009 um 13:55 schrieb Johan Hendriks:


Hi,

we had this setup working for quite some time but after upgrading  
the

samba package things look different:

we now have the following samba/ldap setup:

samba-3.0.34p1-cups-ldap
openldap-server-2.3.43

the samba-ldap configuration is:
doing parameter ldap suffix = dc=foo,dc=ch
doing parameter ldap machine suffix =  
ou=Computers,ou=Samba,ou=system

snip



in this state we don't see any packets going to the ldap server
anymore.
Have you seen this behaviour or do you have any hints how we could
debug
this better?





Very strange is also teh fact, that the first connection works, but
gets interrupted in the middle somehow and then all subsequent
attempts using smbclient fail:



root:13# pgrep smbd
4268
30945
root:14# smbclient -U mbalmer -L tesla
Password:
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
snip ..



This is on OpenBSD 4.4/i386, btw.



- Marc


Did you copy the new samba schema file from the new samba version to  
the

openldap scheme directory?
I had some strange problems once after a update and that was the  
case in

my situation.


Yes I did that, but of course the additional fields in the SambaDomain  
object are empty.  Do I need to full them with some values?


- Marc



Regards,
Johan


Checked by AVG - www.avg.com
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Johan Hendriks 
>> Hi,
>>
>> we had this setup working for quite some time but after upgrading the
>> samba package things look different:
>>
>> we now have the following samba/ldap setup:
>>
>> samba-3.0.34p1-cups-ldap
>> openldap-server-2.3.43
>>
>> the samba-ldap configuration is:
>> doing parameter ldap suffix = dc=foo,dc=ch
>> doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system
>>snip

>> in this state we don't see any packets going to the ldap server  
>> anymore.
>> Have you seen this behaviour or do you have any hints how we could  
>> debug
>> this better?
>>


>Very strange is also teh fact, that the first connection works, but  
>gets interrupted in the middle somehow and then all subsequent  
>attempts using smbclient fail:

>root:13# pgrep smbd
>4268
>30945
>root:14# smbclient -U mbalmer -L tesla
>Password:
>Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]
> snip ..

>This is on OpenBSD 4.4/i386, btw.

>- Marc

Did you copy the new samba schema file from the new samba version to the
openldap scheme directory?
I had some strange problems once after a update and that was the case in
my situation.

Regards,
Johan


Checked by AVG - www.avg.com 
Version: 8.5.387 / Virus Database: 270.13.16/2240 - Release Date:
07/16/09 18:00:00
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba ldap problem

2009-07-17 Thread Marc Balmer 


Am 16.07.2009 um 18:01 schrieb Mischa Diehm:


Hi,

we had this setup working for quite some time but after upgrading the
samba package things look different:

we now have the following samba/ldap setup:

samba-3.0.34p1-cups-ldap
openldap-server-2.3.43

the samba-ldap configuration is:
doing parameter ldap suffix = dc=foo,dc=ch
doing parameter ldap machine suffix = ou=Computers,ou=Samba,ou=system
doing parameter ldap user suffix = ou=Users,ou=Samba,ou=system
doing parameter ldap group suffix = ou=Groups,ou=Samba,ou=system
doing parameter ldap admin dn =
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=foo,dc=ch"
doing parameter ldap delete dn = no
doing parameter ldap passwd sync = no
doing parameter ldap replication sleep = 6000
doing parameter ldap timeout = 120
doing parameter ldap ssl = No

when starting the smbd things look ok:
Attempting to find an passdb backend to match ldapsam:ldap:// 
localhost/

(ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))]
smbldap_search_ext: base => [dc=edubs,dc=ch], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=EDUBS))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost/ as
"cn=SambaAdmin,ou=Users,ou=OpenLDAP,ou=system,dc=edubs,dc=ch"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
smbldap_get_single_attribute: [sambaAlgorithmicRidBase] = []
pdb backend ldapsam:ldap://localhost/ has a valid init


it seems the first connection works:
root:195# smbclient -L localhost -U foo.bar
Password:
Anonymous login successful
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]

   Sharename   Type  Comment
   -     ---
   IPC$IPC   IPC Service (ICT Fileserver)
read_socket_with_timeout: timeout read. read error = Connection  
reset by peer.

Receiving SMB: Server stopped responding
session request to LOCALHOST failed (Read error: Connection reset by  
peer)

Error connecting to 127.0.0.1 (Connection refused)
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
NetBIOS over TCP disabled -- no workgroup available


but any connection afterwards fails with this:
root:199# smbclient -L localhost -U foo.bar
Password:
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes

in this state we don't see any packets going to the ldap server  
anymore.
Have you seen this behaviour or do you have any hints how we could  
debug

this better?




Very strange is also teh fact, that the first connection works, but  
gets interrupted in the middle somehow and then all subsequent  
attempts using smbclient fail:


root:13# pgrep smbd
4268
30945
root:14# smbclient -U mbalmer -L tesla
Password:
Domain=[EDUBS] OS=[Unix] Server=[Samba 3.0.34]

Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (ICT Fileserver)
mbalmer Disk  Home Directories
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)
NetBIOS over TCP disabled -- no workgroup available
root:15# smbclient -U mbalmer -L tesla
Password:
Receiving SMB: Server stopped responding
session setup failed: Call returned zero bytes (EOF)


This is on OpenBSD 4.4/i386, btw.

- Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-05 Thread plug bert 
Ran into the same problem too. what i did was 

1, create a generic barebones smb.conf(i.e. no ldap backend and such), 
2. started up samba
3. shut down samba
4. edited smb.conf to support ldap backend
5. started up samba

it may have something to do with samba not generating an SID when configured to 
support LDAP at the onset.


*or*, just do the setlocalsid thing as Mr. Björn Jacke has suggested



--- On Wed, 2/4/09, Agustin Eguia  wrote:

> From: Agustin Eguia 
> Subject: [Samba] Samba + LDAP problem
> To: samba@lists.samba.org
> Date: Wednesday, February 4, 2009, 5:44 AM
> Hello everyone, I have a question here that has been giving
> me troubles :
> 
> I installed my PDC with samba + LDAP... everything seems to
> work just fine (user creation, population, groups, users and
> machines connecting to the domain)... but one thing keeps
> not working : net getlocalsid... I keep getting this message
> : Can't fetch domain SID for name: MACHINENAME
> 
> 
> I searched the internet like crazy even asked in IRC
> channels but no luck... can anyone enlight me on this one ?
> 
> 
> Thanks,
> 
> 
> A.
> -- To unsubscribe from this list go to the following URL
> and read the
> instructions: 
> https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-04 Thread Björn Jacke 
On 2009-02-03 at 17:44 +0100 Agustin Eguia sent off:
> Hello everyone, I have a question here that has been giving me troubles :
>
> I installed my PDC with samba + LDAP... everything seems to work just fine 
> (user creation, population, groups, users and machines connecting to the 
> domain)... but one thing keeps not working : net getlocalsid... I keep 
> getting this message : Can't fetch domain SID for name: MACHINENAME
>
>
> I searched the internet like crazy even asked in IRC channels but no 
> luck... can anyone enlight me on this one ?

I saw something like that, looks like the localsid initialization logic broken.
Take a look at https://bugzilla.samba.org/show_bug.cgi?id=6033 for description
and workaround.

Cheers
Björn
-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + LDAP problem

2009-02-03 Thread Adam Williams 
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-massive

 Samba-3 generates a Windows Security Identifier (SID) only when smbd  has
been started. For this reason, you start Samba. After a few seconds
delay, execute:

root#  smbclient -L localhost -U%
root#  net getlocalsid

A report such as the following means that the domain SID has not yet been
written to the secrets.tdb or to the LDAP backend:

[2005/03/03 23:19:34, 0] lib/smbldap.c:smbldap_connect_system(852)
  failed to bind to server ldap://massive.abmas.biz
with dn="cn=Manager,dc=abmas,dc=biz" Error: Can't contact LDAP server
(unknown)
[2005/03/03 23:19:48, 0] lib/smbldap.c:smbldap_search_suffix(1169)
  smbldap_search_suffix: Problem during the LDAP search:
(unknown) (Timed out)

The attempt to read the SID will cause and attempted bind to the LDAP
server. Because the LDAP server is not running, this operation will fail
by way of a timeout, as shown previously. This is normal output; do not
worry about this error message. When the domain has been created and
written to the secrets.tdb file, the output should look like this:

SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765

If, after a short delay (a few seconds), the domain SID has still not been
written to the secrets.tdb file, it is necessary to investigate what may
be misconfigured. In this case, carefully check the smb.conf file for
typographical errors (the most common problem). The use of the testparm is
highly recommended to validate the contents of this file.

> Hello everyone, I have a question here that has been giving me troubles :
>
> I installed my PDC with samba + LDAP... everything seems to work just
> fine (user creation, population, groups, users and machines connecting
> to the domain)... but one thing keeps not working : net getlocalsid... I
> keep getting this message : Can't fetch domain SID for name: MACHINENAME
>
>
> I searched the internet like crazy even asked in IRC channels but no
> luck... can anyone enlight me on this one ?
>
>
> Thanks,
>
>
> A.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba / ldap problem with cpu load

2009-01-14 Thread Harry Jede 
Am Freitag, 9. Januar 2009 23:57 schrieb franck molle:
> First of all, I am french. My english is not very good and i am sorry
> for this ;).
>
> One month ago, I have upgrade my server in debian Etch (it was in
> debian sarge). So now, samba is in 3.0.24 version. My server use
> samba and ldap.
>
> Since this upgrade, i have some problems with cpu loading when the
> users log on the samba domain (smbd and slapd services).
>
> I have take a look at samba log but i don't see anything. After that,
> i have take a look on the ldap logs in debug level 256.
>
> I can see the problem in the logs but i can't explain it, i hope you
> can help me about it.
> In the log file, i have this entry thousand of time (2 entry)
> base="ou=Groups,ou=clg-hugo-gisors,ou=ac-rouen,ou=education,o=gouv,c=
>fr" scope=2 deref=0
> filter="(&(objectClass=sambaGroupMapping)(gidNumber=0))"
Reconfigure the package libnss-ldap, so that libnss use an anonymous 
bind.

Or manually disable the rootdn statement in /etc/libnss-ldap.conf and 
restart nscd.

Maybe, you must invalidate the cache with
nscd -i group
nscd -i passwd

> thanks for your help, bye
>
> --
> ~~
>   Franck MOLLE
>   Animateur de Secteur
>   Relais assistance Tice, Louviers-Vernon
> ~~

-- 

Gruss
Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE [Samba] samba ldap problem

2005-06-10 Thread Laradji nacer 

[EMAIL PROTECTED] wrote:

What is your guest user in smb.conf ?

check if is not nobody, the guest acoutn is used by samba for first
connection.


Yes it s nobody user .

I have modify this with guest user in ldap directory .

--
Laradji nacer 
   ovea http://www.ovea.com
Tél : +33 4 6767    Gsm : +33 6 1059 6883
1024D/DFCF1726 : 33A5 7162 4370 9C30 E22C 0721 DBA7 CBEE DFCF 1726

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] samba ldap problem

2005-06-10 Thread spu 

What is your guest user in smb.conf ?

check if is not nobody, the guest acoutn is used by samba for first
connection.

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur
10/06/2005 16:20:56 :

> I have tried to create a samba domain with a ldap backend.
>
> This is how my ldap structure looks like.
>
> # example.com
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> o: example
> dc: example
>
> # groups, example.com
> dn: ou=groups,dc=example,dc=com
> objectClass: organizationalUnit
> ou: groups
>
> # Domain Admins, groups, example.com
> dn: cn=Domain Admins,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 512
> cn: Domain Admins
> memberUid: root
> description: Netbios Domain Administrators
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512
> sambaGroupType: 2
> displayName: Domain Admins
>
> # Domain Users, groups, example.com
> dn: cn=Domain Users,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 513
> cn: Domain Users
> description: Netbios Domain Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513
> sambaGroupType: 2
> displayName: Domain Users
>
> # Domain Guests, groups, example.com
> dn: cn=Domain Guests,ou=groups,dc=example,dc=com
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> gidNumber: 514
> cn: Domain Guests
> description: Netbios Domain Guests Users
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514
> sambaGroupType: 2
> displayName: Domain Guests
>
> # computers, example.com
> dn: ou=computers,dc=example,dc=com
> objectClass: organizationalUnit
> ou: computers
>
> # PDC, example.com
> dn: sambaDomainName=PDC,dc=example,dc=com
> objectClass: sambaDomain
> sambaDomainName: PDC
> sambaNextGroupRid: 9
> sambaNextUserRid: 9
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987
> sambaNextRid: 9
>
> # people, example.com
> dn: ou=people,dc=example,dc=com
> objectClass: organizationalUnit
> ou: people
>
> # root, people, example.com
> dn: uid=root,ou=people,dc=example,dc=com
> uid: root
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512
> displayName: root
> sambaAcctFlags: [U  ]
> objectClass: account
> objectClass: sambaSamAccount
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 63D2114DE42F744B30A84C4AFE5A
> sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B
> sambaPasswordHistory:

>  
> sambaPwdCanChange: 1118395221
> sambaPwdLastSet: 1118395221
>
> # win2k$, Computers, example.com
> dn: uid=win2k$,ou=Computers,dc=example,dc=com
> uid: win2k$
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201
> objectClass: sambaSamAccount
> objectClass: account
> displayName: win2k$
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W  ]
> sambaPwdCanChange: 1118395893
> sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED
> sambaPwdLastSet: 1118395893
>
> # Martin Hallgren, people, example.com
> dn: cn=Martin Hallgren,ou=people,dc=example,dc=com
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: top
> objectClass: krb5Principal
> objectClass: krb5KDCEntry
> objectClass: sambaSamAccount
> krb5PrincipalName: [EMAIL PROTECTED]
> krb5KeyVersionNumber: 1
> krb5MaxLife: 86400
> krb5MaxRenew: 604800
> krb5KDCFlags: 126
> cn: Martin Hallgren
> givenName: Martin
> mail: [EMAIL PROTECTED]
> sn: Hallgren
> uid: martin
> uidNumber: 1050
> gidNumber: 100
> homeDirectory: /home/martin
> loginShell: /bin/bash
> sambaAcctFlags: [U  ]
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250
> sambaPwdCanChange: 1118395383
> sambaPwdMustChange: 2147483647
> sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
> sambaNTPassword: 0CB6948805F797BF2A82807973B89537
> sambaPasswordHistory:

>  
> sambaPwdLastSet: 1118395383
>
> # nobody, people, example.com
> dn: uid=nobody,ou=people,dc=example,dc=com
> objectClass: account
> objectClass: sambaSamAccount
> objectClass: posixAccount
> uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA=
> sambaPwdLastSet: 0
> sambaLogonTime: 2147483647
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 2147483647
> sambaPwdMustChange: 2147483648
> displayName: Nobody
> cn: Nobody
> sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
> sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514
> gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA==
> homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA==
> loginShell:: L2Rldi9udWxsICAgICA=
> uidNumber: 65534
> gidNumber: 65534
> samba

RE: [Samba] Samba LDAP Problem

2004-07-15 Thread Mohammad Reza 
Dear List
thank for attention

#smbpasswd -a administrator
with same result, still cant join domain.
#tail -f /var/log/samba/172.16.0.22
2004/07/16 08:59:33, 3] smbd/oplock.c:init_oplocks(1226)
  open_oplock_ipc: opening loopback UDP socket.
[2004/07/16 08:59:33, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
  Linux kernel oplocks enabled
[2004/07/16 08:59:33, 3] smbd/oplock.c:init_oplocks(1257)
  open_oplock ipc: pid = 14532, global_oplock_port = 32923
[2004/07/16 08:59:33, 4] lib/time.c:get_serverzone(122)
  Serverzone is -25200
[2004/07/16 08:59:33, 3] smbd/process.c:process_smb(890)
  Transaction 0 of length 72
[2004/07/16 08:59:33, 2] smbd/reply.c:reply_special(199)
  netbios connect: name1=SMB3name2=BACKUP
[2004/07/16 08:59:33, 2] smbd/reply.c:reply_special(206)
  netbios connect: local=smb3 remote=backup, name type = 0



-Original Message-
From:   Federico Renzetti [mailto:[EMAIL PROTECTED]
Sent:   Thu 7/15/2004 9:18 PM
To: Mohammad Reza
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject:Re: [Samba] Samba LDAP Problem
Did you set samba ldap-passwd with smbpasswd?
What machine-logs you try to add say?

Il gio, 2004-07-15 alle 14:23, Mohammad Reza ha scritto:
> Dear Lists, 
> 
> I try to configure Samba as PDC  LDAP backend with Linux-Suse-9.1 and smbldap-tools 
> form www.idealx.org,
> I follow guide from SMB-3 by Example book.
> Step by step installation and configuration came with no error.
> except i couldnt join w2k workstation to the new domain with administrator account.
> 
> # /var/lib/samba/sbin/smbldap-usershow administrator
> dn: uid=Administrator,ou=People,dc=mragroup,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 0
> homeDirectory: /home/
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaHomeDrive: H:
> sambaPrimaryGroupSID: S-1-5-21-1557978329-216335016-4217907674-512
> sambaSID: S-1-5-21-1557978329-216335016-4217907674-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> sambaPwdCanChange: 1089891115
> sambaLMPassword: BBBDA461DC390736B8FCC6137C839435
> sambaAcctFlags: [U]
> sambaNTPassword: 490F588B2F94E97F07A4F952DAACBF7F
> sambaPwdLastSet: 1089891324
> sambaPwdMustChange: 1094643324
> userPassword: {SSHA}23S45Jt6Fx3ET1nhXONtAadA43dKZn4n
> # /var/lib/samba/sbin/smbldap-passwd administrator
> Changing password for administrator
> New password :
> Retype new password :
>  # net join rpc -U administrator%password
> Could not connect to server SMB3
> The username or password was not correct.
> 
> When i try to join my w2k ws to new samba domain, with administrator account and  
> password , "Logon failure : unknown username and password" .
> No error log in samba log (level 5).
> Did i missed something ? please help me..
> 
> regards
> reza
> om beast dan pak wis tolongin dong..
-- 
Renzetti Federico

System/Network Administrator
RedHat Certified Engineer

Fabaris S.r.l.
Tel. +39 0765 22181 -  Fax +39 0765 410100
Via G. Mameli, 90 02047 Poggio Mirteto (RI)
Filiale: Viale dell'Università, 25  00185 Roma (RM)

www.fabaris.it





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP Problem

2004-07-15 Thread Federico Renzetti 
Did you set samba ldap-passwd with smbpasswd?
What machine-logs you try to add say?

Il gio, 2004-07-15 alle 14:23, Mohammad Reza ha scritto:
> Dear Lists, 
> 
> I try to configure Samba as PDC  LDAP backend with Linux-Suse-9.1 and smbldap-tools 
> form www.idealx.org,
> I follow guide from SMB-3 by Example book.
> Step by step installation and configuration came with no error.
> except i couldnt join w2k workstation to the new domain with administrator account.
> 
> # /var/lib/samba/sbin/smbldap-usershow administrator
> dn: uid=Administrator,ou=People,dc=mragroup,dc=net
> cn: Administrator
> sn: Administrator
> objectClass: inetOrgPerson,sambaSamAccount,posixAccount,shadowAccount
> gidNumber: 512
> uid: Administrator
> uidNumber: 0
> homeDirectory: /home/
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaHomeDrive: H:
> sambaPrimaryGroupSID: S-1-5-21-1557978329-216335016-4217907674-512
> sambaSID: S-1-5-21-1557978329-216335016-4217907674-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> sambaPwdCanChange: 1089891115
> sambaLMPassword: BBBDA461DC390736B8FCC6137C839435
> sambaAcctFlags: [U]
> sambaNTPassword: 490F588B2F94E97F07A4F952DAACBF7F
> sambaPwdLastSet: 1089891324
> sambaPwdMustChange: 1094643324
> userPassword: {SSHA}23S45Jt6Fx3ET1nhXONtAadA43dKZn4n
> # /var/lib/samba/sbin/smbldap-passwd administrator
> Changing password for administrator
> New password :
> Retype new password :
>  # net join rpc -U administrator%password
> Could not connect to server SMB3
> The username or password was not correct.
> 
> When i try to join my w2k ws to new samba domain, with administrator account and  
> password , "Logon failure : unknown username and password" .
> No error log in samba log (level 5).
> Did i missed something ? please help me..
> 
> regards
> reza
> om beast dan pak wis tolongin dong..
-- 
Renzetti Federico

System/Network Administrator
RedHat Certified Engineer

Fabaris S.r.l.
Tel. +39 0765 22181 -  Fax +39 0765 410100
Via G. Mameli, 90 02047 Poggio Mirteto (RI)
Filiale: Viale dell'UniversitÃ, 25  00185 Roma (RM)

www.fabaris.it


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + LDAP problem...SOLVED

2003-06-13 Thread Collins, Kevin 
Bruno,

As it turns out, all I had to do was enter this as my username when asked
for it during the join-domain process:

"nesbitt.local\administrator"

Up until now, I had just been using "administrator".   GEEESH, How
simplistic can it be?  Something that small caused me days, no a WEEK of
grief!

Thanks again for your help.  Everything you offered was great advice, and it
helped me make certain I had things right.

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP problem...

2003-06-13 Thread Bruno Gimenes Pereti 

> I did have these set, as I used 'authconfig' to generate the PAM/LDAP
> integration.
>
> What I didn't have (but do now) is some settings in /etc/ldap.conf.  Those
> that look like nns_base_passwd, nss_base_shadow, and nss_base_group or
very
> similar.  I have those set now, and the error message that I'm getting is
> different.
>
> On the Windows 2000 machine when I join the domain, I get:
>
> "The account used is a computer account.  Use your global user account, or
> local user account to access this server."
>
> It almost sounds like the "administrator" account is misconfigured and is
> appearing to Windows as a computer account instead of a user account.
Have
> you heard of this happening before?
>
> I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
> "administrator" account after I had LDAP up and running.

Don´t know if this occurs when using LDAP but I used to get this error when
trying to join a machine to the domain with a user different then root or
when my "add user script" was misconfigured and samba couldn´t create the
machine account.
Verify if you can run "/usr/local/sbin/smbldap-useradd.pl -w "
from a directory different than /usr/local/bin, if not you need to configure
perl to locate your smbldap_tools.pm.
If the machine account was created try to change the uid and gid from the
administrator to 0 or run "smbpasswd -a root" and use the user root to join
the machine to the domain.

Hope this helps.

Bruno Pereti.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + LDAP problem...

2003-06-13 Thread Collins, Kevin 
On Friday, June 13, 2003 1:44 PM, Bruno Gimenes Pereti wrote:
> Hi Kevin,

Hi Bruno, and thanks for responding...

 
> 
> > Below are some files that I think are pertinent.  The
> > /etc/openldap/ldap.conf, /etc/openldap/slapd.conf 
> /etc/samba/smb.conf, the
> > base.ldif that is from the IDEALX.org HOWTO.
> >
> > I'm hoping that someone with much more experience than me 
> will be able to
> > help me.
> 
> I´m not so experience but I think you forgot one thing. Do 
> you have this:
> 
> passwd: files ldap
> shadow: files ldap
> group:  files ldap
> 
> in your /etc/nsswitch.conf and this:
> 
> authrequired  /lib/security/pam_env.so
> authsufficient/lib/security/pam_unix.so likeauth nullok
> authsufficient use_first_pass
> authrequired  /lib/security/pam_deny.so
> account sufficient /lib/security/pam_ldap.so
> account required  /lib/security/pam_unix.so
> passwordrequired  /lib/security/pam_cracklib.so retry=3
> passwordsufficient/lib/security/pam_unix.so nullok 
> use_authtok md5
> shadow
> passwordsufficient /lib/security/pam_ldap.so
> passwordrequired  /lib/security/pam_deny.so
> session required  /lib/security/pam_limits.so
> session sufficient  /lib/security/pam_ldap.so
> session required  /lib/security/pam_unix.so
> 
> in /etc/pam.d/system-auth?
> 
> In redhat you can do this with authconfig.
> 

I did have these set, as I used 'authconfig' to generate the PAM/LDAP
integration.

What I didn't have (but do now) is some settings in /etc/ldap.conf.  Those
that look like nns_base_passwd, nss_base_shadow, and nss_base_group or very
similar.  I have those set now, and the error message that I'm getting is
different.

On the Windows 2000 machine when I join the domain, I get:

"The account used is a computer account.  Use your global user account, or
local user account to access this server."

It almost sounds like the "administrator" account is misconfigured and is
appearing to Windows as a computer account instead of a user account.  Have
you heard of this happening before?

I used 'smbldap-useradd.pl -a -m -g 200 administrator' to add the
"administrator" account after I had LDAP up and running.

Thanks again for your input.

--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP problem...

2003-06-13 Thread Bruno Gimenes Pereti 
Hi Kevin,


> Below are some files that I think are pertinent.  The
> /etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the
> base.ldif that is from the IDEALX.org HOWTO.
>
> I'm hoping that someone with much more experience than me will be able to
> help me.

I´m not so experience but I think you forgot one thing. Do you have this:

passwd: files ldap
shadow: files ldap
group:  files ldap

in your /etc/nsswitch.conf and this:

authrequired  /lib/security/pam_env.so
authsufficient/lib/security/pam_unix.so likeauth nullok
authsufficient use_first_pass
authrequired  /lib/security/pam_deny.so
account sufficient /lib/security/pam_ldap.so
account required  /lib/security/pam_unix.so
passwordrequired  /lib/security/pam_cracklib.so retry=3
passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5
shadow
passwordsufficient /lib/security/pam_ldap.so
passwordrequired  /lib/security/pam_deny.so
session required  /lib/security/pam_limits.so
session sufficient  /lib/security/pam_ldap.so
session required  /lib/security/pam_unix.so

in /etc/pam.d/system-auth?

In redhat you can do this with authconfig.

hope this helps.

Bruno Pereti.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba