Samba/LDAP PDC problem
Hi I want to run a Samba PDC with LDAP backend on a FreeBSD 6.2 for Sparc64. And off course, if I send this mail, it is not working ! :-( I have this error message when using smbclient on the PDC itself. The command line is: smbclient -L janus -Uadministrator%toto The result is: session setup failed: Call returned zero bytes (EOF) I've tested on 2 differents FreeBSD6.2 Sparc64, I have the same problem. But i've also tested on a FreeBSD 6.2 i386 with exactly the same configuration, it is working very well. And it is also working on a Debian Etch for Sparc64 ! The version of Samba is always up to date Thanks for any help. I put here my config file for Samba: --- # General parameters netbios name = janus work group = tatooine server string = janus (Centile PDC Server) dns proxy = no wins support = yes name resolve order = wins lmhosts host bcast time server = yes #socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 # Logging log file = /var/log/samba/log.%m syslog = 0 log level = 10 max log size = 1000 # This server is the PDC domain logons = yes os level = 35 local master = yes prefered master = yes domain master = yes security = user encrypt passwords = yes # Admin groups admin users = @administrators # Profils logon path = logon home = logon drive = u: logon script = %U.bat # LDAP parameters passdb backend = ldapsam:ldaps://ldap1.centile.com/ ldap ssl = on ldap suffix = ou=internal,o=centile,dc=com ldap admin dn = cn=manager,o=centile,dc=com ldap machine suffix = ou=computers ldap user suffix = ou=users ldap group suffix = ou=groups #ldap idmap suffix = ou=users ldap passwd sync = yes # Netlogon #[netlogon] # comment = Repertoire Netlogon # path = /var/db/samba/netlogon # browsable = yes # read only = no # write list = @administrateurs # create mask = 0644 --- And here is the corresponding log file at level 10: --- [2007/01/29 10:17:26, 6] param/loadparm.c:lp_file_list_changed(2998) lp_file_list_changed() file /usr/local/etc/smb.conf - /usr/local/etc/smb.conf last mod_time: Mon Jan 29 10:06:43 2007 [2007/01/29 10:17:26, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [TATOOINE]\[administrator] from workstation [JANUS] [2007/01/29 10:17:26, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/29 10:17:26, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/29 10:17:26, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/29 10:17:26, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/01/29 10:17:26, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/01/29 10:17:26, 5] auth/auth_util.c:is_trusted_domain(2020) is_trusted_domain: Checking for domain trust with [TATOOINE] [2007/01/29 10:17:26, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2007/01/29 10:17:26, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/01/29 10:17:26, 10] lib/gencache.c:gencache_get(329) Cache entry with key = TDOM/TATOOINE couldn't be found [2007/01/29 10:17:26, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184) no entry for trusted domain TATOOINE found. [2007/01/29 10:17:26, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for administrator (administrator) [2007/01/29 10:17:26, 5] auth/auth_util.c:make_user_info(85) making strings for administrator's user_info struct [2007/01/29 10:17:26, 5] auth/auth_util.c:make_user_info(117) making blobs for administrator's user_info struct [2007/01/29 10:17:26, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for administrator (administrator) [2007/01/29 10:17:26, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2007/01/29 10:17:26, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2007/01/29 10:17:26, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/01/29 10:17:26, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2007/01/29 10:17:26, 5] lib/util.c:dump_data() [000] 56 D3 03 25 4A 00 8D 86 V..%J... [2007/01/29 10:17:26, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/01/29 10:17:26, 8] lib/util.c:is_myname(2043) is_myname(TATOOINE) returns 0 [2007/01/29 10:17:26, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2007/01/29 10:17:26, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2007/01/29 10:17:26, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/01/29 10:17:26, 5]
Re: samba ldap
Disabled by default? Sorry, but I've never specified any ldap options in my smb.conf but the server always tries to authentificate the users with an ldap server. Florian Joerg Pulz [EMAIL PROTECTED] schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 27 Feb 2005, Florian Hengstberger wrote: Hi list! I'm still using 5.2.1 and samba from /usr/ports/net/samba. Is there a way to disable ldap, it seems that it is compiled into the binary. Do i have to recompile (which switch?) or is there a simpler way. Hi, after a quick look in the Makefile for net/samba it seems that LDAP support is disabled by default. it can be enabled at compile time by specifying WITH_LDAP=yes. so, if you recompile net/samba without specifying WITH_LDAP on the command line or in /etc/make.conf, you should get a binary without LDAP support. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIsUfSPOsGF+KA+MRAmRBAJwNK6kyKtniLe8ctZyvYvXBQB7knwCeOTn1 9XR2th3Qf7eqWoSZ4mIFexs= =NMF3 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba ldap
On Mon, Feb 28, 2005 at 11:56:49AM +0100, Florian Hengstberger wrote: Disabled by default? Sorry, but I've never specified any ldap options in my smb.conf but the server always tries to authentificate the users with an ldap server. With or without LDAP compiled in, Samba shouldn't be asking for LDAP unless you specified it in smb.conf. Look in smb.conf and post the passdb backend setting. I played with LDAP for a while, so I have ; passdb backend = ldapsam The semicolon makes the line inactive. My installation uses tdbsam by default. HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Feb 2005, Bob Hall wrote: On Mon, Feb 28, 2005 at 11:56:49AM +0100, Florian Hengstberger wrote: Disabled by default? Sorry, but I've never specified any ldap options in my smb.conf but the server always tries to authentificate the users with an ldap server. With or without LDAP compiled in, Samba shouldn't be asking for LDAP unless you specified it in smb.conf. Look in smb.conf and post the passdb backend setting. I played with LDAP for a while, so I have ; passdb backend = ldapsam The semicolon makes the line inactive. My installation uses tdbsam by default. Hi, this is completely true for net/samba3. but as he's using net/samba which is currently samba-2.2.12 this is wrong. in the samba-2.2.xx series the ldapsam backend is a compile time option, so you can either have tdbsam OR smbpasswd OR ldapsam. this behavior was changed when switching over to samba-3.x where one can specify a different passdb backend in the smb.conf file if it was built. this offers the possibility to build a passdb backend chain. anyway, please make sure that the /etc/make.conf ! not smb.conf file contains NO WITH_LDAP=yes line and recompile net/samba WITHOUT specifying WITH_LDAP=yes on the command line. the resulting smbd should not be linked against libldap or liblber. if it is still linked against these two lib's there must be something wrong in the port. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIzJOSPOsGF+KA+MRAsrHAKCg1l5J0840dWvvBvnRe+RDQjMwgwCeKUSa NyLHxI2FXw2hypJjKAs0EHc= =iIUf -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
samba ldap
Hi list! I'm still using 5.2.1 and samba from /usr/ports/net/samba. Is there a way to disable ldap, it seems that it is compiled into the binary. Do i have to recompile (which switch?) or is there a simpler way. Thanks Florian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: samba ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 27 Feb 2005, Florian Hengstberger wrote: Hi list! I'm still using 5.2.1 and samba from /usr/ports/net/samba. Is there a way to disable ldap, it seems that it is compiled into the binary. Do i have to recompile (which switch?) or is there a simpler way. Hi, after a quick look in the Makefile for net/samba it seems that LDAP support is disabled by default. it can be enabled at compile time by specifying WITH_LDAP=yes. so, if you recompile net/samba without specifying WITH_LDAP on the command line or in /etc/make.conf, you should get a binary without LDAP support. regards Joerg - -- The beginning is the most important part of the work. -Plato -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCIsUfSPOsGF+KA+MRAmRBAJwNK6kyKtniLe8ctZyvYvXBQB7knwCeOTn1 9XR2th3Qf7eqWoSZ4mIFexs= =NMF3 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
samba+ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi ! Is there anyone using samba+ldap as a PDC for a Windows domain ? I'm looking for help: I'm trying to sync WIndows and Unix passwords using ldapchpasswd or ldapsync.pl (in the Samba contrib section), but it just does not work. I'm looking for someone with a similar setup who could give me a hand. Thanks. - -- Antoine Jacoutot [EMAIL PROTECTED] http://www.lphp.org PGP/GnuPG key: http://www.lphp.org/ressources/ajacoutot.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/WuDOY3Hnhkr+5cQRArzRAJ0cRGP2NNAB2jxpsTy/etm+R8G7kQCgh6Sz sR6oTtKl6OFyleLBuCXHw2I= =mT1u -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
samba ldap+unix password sync
Hi ! I know this question isn't FreeBSD specific, but all the scripts I tried to achieve what I need only seem to work under Linux. I have a FreeBSD-5.1-p2+pam_ldap+nss_ldap+openldap+samba (with ldap support). Ldap authentication works for both unix and samba accounts. What I need is a way of syncing samba password with unix password, both stored in ldap (as ntPassword, lmPassword and userPassword). I'm sure it is doable with samba, but the scripts like ldapsync, ldapchgpasswd... don't work. I'm looking for someone who succeeded in making this work, I'm really out of ideas, and the samba list isn't very helping. Thanks. Antoine ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]