Step 8: Add an LDAP user to the system Problem [Stuck]

oalkatib · Jan 11, 2008

Hi Guys,
I got to this step, and now I'm really stuck, what did I miss, or what did I do wrong, please help me, I'm a linux n00b, and I'm very thankful that I found an LDAP solution, just need some help
here is what I'm inputing, and the error I'm getting

:~# smbldap-useradd -a -m -M test -c "TEST MAN" test
Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line 1044.

falko · Jan 12, 2008

This is what I've found: http://lists.samba.org/archive/samba/2006-July/122599.html

oalkatib · Jan 12, 2008

Super n00b at this

I read it, but I dont kow how to fix it, I'm a huge n00b, can you plez give some more guidence

Hi,

You need something like this in your tree to store the next free uid and
gid:

dn: cn=NextFreeUnixId,o=youro
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
cn: NextFreeUnixId
sn: NextFreeUnixId
structuralObjectClass: inetOrgPerson
uidNumber: 29205
gidNumber: 1426

Take a look at smbldap-tools documentation.

Albert

El dj 06 de 07 del 2006 a les 22:51 +0200, en/na Mario Ohnewald va
escriure:
> anyone?
>
> On Thu, 2006-07-06 at 17:05 +0200, Mario Ohnewald wrote:
> > Hello List,
> >
> > i am using Ubuntu Dapper with:
> >
> > ldap-account-manager 0.5.1-1
> > samba 3.0.22-1ubuntu3
> > samba-common 3.0.22-1ubuntu3
> > debian-edu-config 0.399
> > slapd 2.2.26-5ubuntu2.1
> > smbldap-tools 0.9.2-3
> >
> >
> > When i try to join a domain i get this error:
> >
> > Could not find base dn, to get next uidNumber
> > at /usr/share/perl5/smbldap_tools.pm line 1046.
> > [2006/07/06 16:54:44, 0]
> > rpc_server/srv_samr_nt.c:_samr_create_user(2415)
> > _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
> > "na$"' gave 127
> >
> >
> > I am using /etc/ldap/schema/samba.schema from debian-edu-config.
> >
> > Where does it look for the base dn which it cant find?
> >
> > Cheers, Mario
> >
> >
> >
>
--
Click to expand...

o.meyer · Jan 12, 2008

Hi,

please give me some information about your smbldap-tools configuration.

cat /etc/smbldap-tools/smbldap_bind.conf

and

cat /etc/smbldap-tools/smbldap.conf

Be sure that you put the samba.schema in the right place and configured the slapd.conf & smb.conf properly.

Best regards,

Olli

oalkatib · Jan 12, 2008

The configurations

I'm using the configurations from the this link: http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10

and this is what I'm stuck on the 8th step, which is on the second page of the guid:
http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10

I have followed the guid to the dot.
So what I'm I doing wrong.....

o.meyer · Jan 14, 2008

Please paste the output of

cat /etc/smbldap-tools/smbldap.conf

here. I think there's an error in your configuration or it's not complete.

Best regards,

Olli

oalkatib · Jan 14, 2008

config file

Hi, this is what I have for the config file:

# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.

# Purpose :
# . be the configuration file for all smbldap-tools scripts

##############################################################################
#
# General Configuration
#
##############################################################################

# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-3278692326-2207112801-3614777453"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
sambaDomain="TEST"

##############################################################################
#
# LDAP Configuration
#
##############################################################################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
slaveLDAP="127.0.0.1"

# Slave LDAP port
# If not defined, parameter is set to "389"
slavePort="389"

# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP="127.0.0.1"

# Master LDAP port
# If not defined, parameter is set to "389"
masterPort="389"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to "1"
ldapTLS="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.pem"

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.key"

# LDAP Suffix
# Ex: suffix=dc=test,dc=local
suffix="dc=test,dc=local"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=EXAMPLE,${suffix}"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="SSHA"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"

##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

##############################################################################
#
# SAMBA Configuration
#
##############################################################################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome=

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile=

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive=

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript=

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain=

##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"
Click to expand...

o.meyer · Jan 15, 2008

Hi oalkatib,

I found some errors in your configuration.

Please use the following configuration. Replace %your_sid% with the SID from your system (getlocalsid) and %samba_netbios_name% with the netbios name that you configured in samba configuration file (/etc/samba/smb.conf):

Code:

SID="%your_sid%"
sambaDomain="EXAMPLE"
ldapTLS="0"
suffix="dc=example,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=EXAMPLE,${suffix}"
scope="sub"
hash_encrypt="SSHA"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="\\%samba_netbios_name%\%U"
userProfile="\\%samba_netbios_name%\profiles\%U"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="example.local"
smbpasswd="/usr/bin/smbpasswd"
slappasswd="/usr/sbin/slappasswd"

oalkatib · Jan 15, 2008

Ok so, just completly replace the cfg file, with the one you pased, awsome. THANK YOU!!, I'm going to try it once I get back home

agarcia71 · Jan 16, 2008

Step 13: Add a workstation account to LDAP

Hi Fellows:

I follow every step from this howto: OpenLDAP + Samba Domain Controller On Ubuntu 7.10

My work stations is configured just like said the howto, its have the ldap-server IP for DNS.

But when i try to connect a workstation to the server, its doesn't work

I got this message:

DNS query refused:
And domain server can't found it.

Any Help !!!

thanks in advance

oalkatib · Jan 16, 2008

netbios name

I cant seem to find the netbios name in the samba.cfg file, here is what I have in the file:

[global]

workgroup = test

server string = %h server (Samba, Ubuntu)

; wins support = no

; wins server = w.x.y.z

dns proxy = no

; name resolve order = lmhosts host wins bcast

#### Networking ####

; interfaces = 127.0.0.0/8 eth0

; bind interfaces only = true

#### Debugging/Accounting ####

log file = /var/log/samba/log.%m

max log size = 1000
; syslog only = no

syslog = 0

panic action = /usr/share/samba/panic-action %d

####### Authentication #######

; security = user

encrypt passwords = true

passdb backend = ldapsam:ldap://localhost/

obey pam restrictions = no
# Begin: Custom LDAP Entries
#
ldap admin dn = cn=admin,dc=test,dc=local
ldap suffix = dc=test, dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
#
# End: Custom LDAP Entries

; guest account = nobody
# invalid users = root
logon path =

; unix password sync = no

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<[email protected]> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd:*password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no

########## Domains ###########

; domain logons = yes

; logon path = \\%N\profiles\%U

; logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
; logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

########## Printing ##########

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap

# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups

# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @lpadmin

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
;
; The following was the default behaviour in sarge
; but samba upstream reverted the default because it might induce
; performance issues in large organizations
; See #368251 for some of the consequences of *not* having
; this setting and smb.conf(5) for all details
;
; winbind enum groups = yes
; winbind enum users = yes

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
; comment = Home Directories
; browseable = no

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# This might need tweaking when using external authentication schemes
; valid users = %S

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
; writable = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
; create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
; directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin

# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
Click to expand...

o.meyer · Jan 16, 2008

Oalkatib,

add the following line to the section [global]:
Code:
netbiosname = PDC-SRV-EXAMPLE
Btw, most parts of your smb.conf are misconfigured - please follow the steps in the howto exact. I haven't tested the howto - so I hope the author did a good job The best solution would be to to start at the scratch on a fresh system.

Best regards,

Olli

oalkatib · Jan 16, 2008

yes, thats what I have done is followed the guid, and did start from scratch, the guide doesnt give you the complet cfg files, it only tells you to change some lines in the file

oalkatib · Jan 16, 2008

smbldap

alright, this is how the smbldap .conf file looks like now:

SID="S-1-5-21-3278692326-2207112801-3614777453"
sambaDomain="TEST"
ldapTLS="0"
suffix="dc=test,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=TEST,${suffix}"
scope="sub"
hash_encrypt="SSHA"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
userSmbHome="PDC-SRV-EXAMPLE"
userProfile="PDC-SRV-EXAMPLE\profiles\"
userHomeDrive="H:"
userScript="logon.bat"
mailDomain="test.local"
smbpasswd="/usr/bin/smbpasswd"
slappasswd="/usr/sbin/slappasswd"
Click to expand...

oalkatib · Jan 16, 2008

still same error

I'm still getting the same error when inputing this information :

:~$ smbldap-useradd -a -m -M ricky -c "Richard M" ricky
Could not find base dn, to get next uidNumber at /usr/share/perl5/smbldap_tools.pm line 1046.
Click to expand...

o.meyer · Jan 16, 2008

There are again errors in your smbldap.conf - have a look at "userSmbHome" and "userProfile". Re-populate your LDAP directory with the new configuration before you try to add a user - otherwise it won't work.

Because the usage of the smbldap-tools goes hand in hand with the samba schema and the LDAP server configuration there can be additionally errors - please paste the output of the following commands:
Code:
ls /etc/ldap/schema/
Code:
cat /etc/ldap/slapd.conf | grep ^include
Code:
cat /etc/ldap/slapd.conf | grep ^root
Code:
cat /etc/ldap/slapd.conf | grep ^index
Code:
cat /etc/ldap/slapd.conf | grep ^access
Best regards,

Olli

nyasaland · Jan 17, 2008

i had the exact problem

sudo smbldap-populate -u 30000 -g 30000
produces some out put with alternating "adding..." then "failed to add..." and
ending with:
"Please provide a password for the domain root:
/usr/sbin/smbldap-passwd: user root doesn't exist"

"ls /etc/ldap/schema" produces:
corba.schema cosine.schema java.schema openldap.ldif README
core.ldif dyngroup.schema misc.schema openldap.schema samba.schema
core.schema inetorgperson.schema nis.schema ppolicy.schema

"sudo cat /etc/ldap/slapd.conf | grep ^include" produces:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema

"sudo cat /etc/ldap/slapd.conf | grep ^root" produces:
no result/nothing

"sudo cat /etc/ldap/slapd.conf | grep ^index" produces:
index objectClass eq

"sudo cat /etc/ldap/slapd.conf | grep ^access" produces:
access to atts=userPassword,sambaNTPassword,sambaLMPassword,shadowLastChane
access to dn.base="" by * read
access to *

o.meyer · Jan 17, 2008

Hi nyasaland,

please use the configuration for the smbldap-tools (smbldap.conf) that I posted further up.

After that open the slapd.conf - search for this line, comment it out and edit it that it fits to your domain:
Code:
# rootdn          "cn=admin,dc=example,dc=com"
Insert the following line straight below (you have to insert your encrypted LDAP admin password - inclusive the leading {SSH2}):
Code:
rootpw          %encrypted_ldap_admin_password%
Note: slappasswd -s %ldap_admin_password% will return the password in encrypted form (SSH2).

Now search the following line:
Code:
# Indexing options for database #1
Remove the line straight below ...
Code:
index		objectClass eq
... and insert the following lines:
Code:
index      objectClass,uidNumber,gidNumber                  eq
index      cn,sn,uid,displayName                            pres,sub,eq
index      memberUid,mail,givenname                 	    eq,subinitial
index      sambaSID,sambaPrimaryGroupSID,sambaDomainName    eq
index 	   zoneName,relativeDomainName 			    eq 
index 	   dhcpHWAddress,dhcpClassData 			    eq
Now search the line that begins with "access to attrs" - in your case:
Code:
access to atts=userPassword,sambaNTPassword,sambaLMPassword, shadowLastChane
Replace the line with:
Code:
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
Now restart the LDAP server...

/etc/init.d/slapd restart

... and populate your LDAP directory.

smbldap-populate -m512 -a administrator

Note: This will also create an account for the domain-administrator with the username "administrator".

Best regards,

Olli

oalkatib · Feb 23, 2008

o.meyer said:
There are again errors in your smbldap.conf - have a look at "userSmbHome" and "userProfile". Re-populate your LDAP directory with the new configuration before you try to add a user - otherwise it won't work.

Because the usage of the smbldap-tools goes hand in hand with the samba schema and the LDAP server configuration there can be additionally errors - please paste the output of the following commands:
Code:
ls /etc/ldap/schema/
Here is the output for that:
oalkatibr:~$ ls /etc/ldap/schema/
corba.schema dyngroup.schema nis.schema README
core.ldif inetorgperson.schema openldap.ldif samba.schema
core.schema java.schema openldap.schema samba.schema.gz
cosine.schema misc.schema ppolicy.schema
Code:
cat /etc/ldap/slapd.conf | grep ^include
here is the output for that:

oalkatib:/$ sudo cat /etc/ldap/slapd.conf | grep ^include
[sudo] password for oalkatib:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/misc.schema
Code:
cat /etc/ldap/slapd.conf | grep ^root
no output
Code:
cat /etc/ldap/slapd.conf | grep ^index
output:
root:/# cat /etc/ldap/slapd.conf | grep ^index
index objectClass eq
Code:
cat /etc/ldap/slapd.conf | grep ^access
output
root:/# cat /etc/ldap/slapd.conf | grep ^access
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
access to dn.base="" by * read
access to *

Best regards,

Olli
Click to expand...
Thanks alot for the quick responses Olli, I got swamped with other projects, and skool, and I wasnt able to resume work on LDAP until now, i'm still stuck at the same point, please guide, I tried to provide the output for each othe commands you provided
Thanks!

o.meyer · Feb 26, 2008

Hi oalkatib,

sorry, but I have not the time to test this setup. Please have a look at my MDS-howto -> http://www.howtoforge.com/mandriva-directory-server-on-debian-etch.

It works well - if you follow the howto line by line you won't get problems.

Best regards,

Olli

Log in or Sign up

Step 8: Add an LDAP user to the system Problem [Stuck]

oalkatib New Member

falko Super Moderator Howtoforge Staff

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

agarcia71 Member

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

oalkatib New Member

oalkatib New Member

o.meyer New Member Moderator

nyasaland New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

Share This Page

Log in or Sign up

Step 8: Add an LDAP user to the system Problem [Stuck]

oalkatib New Member

falko Super Moderator Howtoforge Staff

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

agarcia71 Member

oalkatib New Member

o.meyer New Member Moderator

oalkatib New Member

oalkatib New Member

oalkatib New Member

o.meyer New Member Moderator

nyasaland New Member

o.meyer New Member Moderator

oalkatib New Member

o.meyer New Member Moderator

Share This Page

Useful Searches