Mandriva Directory Server

Why? I want too translate this howto

 

The problem is that if there's a bug in Olli's tutorial and he updates it, your translated version will still contain the bug, and people who read your translation will start to contact Olli although the bug has already been fixed in the original version. That's why he doesn't want you to translate it.

 

It seems long time - no update.
Olli, When will you update your guide?

 

Hi,

I need a second head and additional arms

I'll try to update the howto next weekend.

Best regards,

Olli

 

Hello, Olli

If you will have more free time can you add also ntlm auth to squid?
and try to adding linux comps to domain

 

thanks for this great howto, I really would love to utilize this, but I am having a problem logging into the system. I am stuck at the end of step six... where you
reboot
then your supposed to
net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege
but I cannot even log into the system anymore to issue this command... No matter if I use
root account or my own account (houms).... It keeps telling me that the password is incorrect...?
Any suggestions would be greatly appreciated. Thank you in advance for your assistance.

 

If you cannot log back into the system after step 6 of the howto....
I figure I let other learn from my mistake...

check your vi /etc/pam.d/common-auth

make sure its

auth sufficient pam_unix.so nullok_secure (mine was on required)
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so

you can boot in single user mode from the grub menu and login with the root password
and see if so make that change.. Hope it helps..Thats how I solved it..

but now I'm getting this:
# net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege
Password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_CONNECTION_REFUSED

Any ideas? Thanks again for your help

 

Hi houms,

if you are not able to log in into the system after the reboot at the end of step 6 you made a mistake in step 6 (the PAM configuration) - please have a look at these settings on your system.

Btw, the howto is not up to date at the moment - currently I have no time to update it. The new MDS packages need additional configuration.

Best regards,

Olli

 

Ollie,
Thanks for the response. It is greatly appreciated . Is it better to not follow this tutorial then? If so, any suggestions on whats the best way to setup something similar. basically I would like to install something to replace AD.
I have looked over my PAM settings and compared them to the writeup and they are the same, yet i cannot login.. not sure what mistake i may have made. any suggestions would be appreciated.

 

MDS 2.2.0 to MDS 2.3.0 upgrade notes

update mail.schema

Code:

 
cp /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/

edit /etc/mmc/plugins/samba.ini

Code:

 
[main]
disable = 0
# Computers Locations
baseComputersDN = ou=Computers,dc=example,dc=com
sambaConfFile = /etc/samba/smb.conf
sambaInitScript = /etc/init.d/samba
sambaClamavSo = /usr/lib/samba/vfs/vscan-clamav.so
# Default SAMBA shares location
defaultSharesPath = /home/samba
# You can specify authorized paths for share creation
# Default value is the defaultSharesPath value
# authorizedSharePaths = /shares, /opt, /srv

# Default value when adding samba attributes to an user
# DELETE means the attibute is removed from the user LDAP entry
[userDefault]
sambaPwdMustChange = DELETE

MDS 2.3.0 to MDS 2.3.1 upgrade notes

add to /etc/mmc/plugins/network.ini

Code:

 
bindgroup = bind

 

Nikitos, your the man!! I don't know if your updates are what did it, but it resolved my issues and I am now at step 19.1 (inside the MMC configuring DNS). For anyone having trouble... make sure you make the adjustments that nikitos posted... As of today, this howto + Nikitos suggestions works perfect with debian etch r3-netinstall.

Thank Ollie for taking the time to put together this wonderful howto...
Nikitos thanks for the suggestions... Don't know how you knew that but big props.

 

Thanks for your HowTo.
I have a question.
for login to http://x.x.x.x/mmc/
I only need to put user: mmc and password: s3cr3t ? that mmc.ini has.

Code:

 
# HTTP basic authentication credentials to use for XMLRPC communication
login = mmc
password = s3cr3t

if this ok,, doesnt work for me,,,
but I can login with root and password system. is correct?

thx, great job...

 

you shouldn`t use login as mmc. Only samba users

mmc user is user to link webui with mmc-agent

 

HI.
I have another problem, this time is with postfix

Code:

Jun 26 05:19:40 vme postfix/local[4156]: E6B2B24042: to=<[email protected]>, relay=local, delay=0.2
, delays=0.11/0.03/0/0.07, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /home/samba/users/pinfante/Maildirtmp/1214482780.P4156.vme.example.com: Permission denied)
Jun 26 05:19:40 vme postfix/cleanup[4154]: 17D0524044: message-id=<[email protected]>

the point is when or how put the permissions?
thats for when i send email at first time, postfix want to create mail skel. on /home/samba/users/pinfante/Maildir/

Code:

 #ls -al /home/samba/users/
total 20
drwx------ 5 root     root         4096 2008-06-26 04:46 .
drwxr-xr-x 8 root     root         4096 2008-06-26 03:17 ..
drwx------ 2 gvazquez Domain Users 4096 2008-06-26 03:17 gvazquez
drwx------ 2 pinfante Domain Users 4096 2008-06-26 04:46 pinfante
drwx------ 2 pnavajas Domain Users 4096 2008-06-26 04:32 pnavajas

What can i do?
as i know i have to put permissions to root or maybe postfix user,but i have to respect user and domain users

Im not use Dovecot.

Ok, I try another way with virtual domains, with conf that has folder with-virtual-domains,
curiously the users that I add via WEB Interface MMC doesnt has the attribute maildrop.
and the conf for virtual domains has something like this:
/etc/postfix/Main.cf

Code:

[...]
 Virtual Domains Control
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
virtual_mailbox_maps = [b]ldap:/etc/postfix/ldap-accounts.cf[/b]
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-maildrop.cf
virtual_mailbox_base = /
virtual_alias_domains =
virtual_minimum_uid = 100
virtual_uid_maps = ldap:/etc/postfix/ldap-uid.cf
virtual_gid_maps = ldap:/etc/postfix/ldap-gid.cf
[...]

And ldap:/etc/postfix/ldap-accounts.cf

Code:

server_host = 127.0.0.1
server_port = 389
search_base = ou=Users,dc=example,dc=com
query_filter = (&(objectClass=mailAccount)(mailenable=OK)(mail=%s))
result_attribute = [b]mailbox[/b]
version = 3
expansion_limit = 1

the result:
# postmap -q [email protected] ldap:/etc/postfix/ldap-accounts.cf

*empty

then I try to change the result_attribute to homedirectory
the result:
# postmap -q [email protected] ldap:/etc/postfix/ldap-accounts.cf
/home/samba/users/pinfante

thats may be nice, but without the / at the end of homedirectory, when I send a email for firstime, i have a error like this:
#mail [email protected]

Code:

vme postfix/virtual[7754]: 87CA924047: to=<[email protected]>, relay=virtual, delay=
0.25, delays=0.17/0.04/0/0.05, dsn=4.2.0, status=deferred (delivery failed to mailbox ///home/samba/users/pinfante: cannot open file: Is a directory)

somebody knows where can I add the slash at the end of homedirectory,,, just conf files,,, i know that i can add manually with any ldap tools. I want to set default the slash at the end always I add users.

Thanks a lot for your help.

I hope mailbox attribute isnt a big mistake.

 

I answer my own question....
the next day when I restarted my server, enter to MMC web interface and...
SURPRISE!!!!!
Apear this:

When i use MMC with virtual domains, on Mail tab

add boxes like:
Mail delivery path:
Mail server host:

THATS ALL!!!! this mailbox attribute!

Sorry for the misunderstanding.

 

Hi,

In section 5.4 the command 'chown -R :"Domain Users" /home/samba' gives an error due to the fact that unix groups aren't allowed to have spaces or capital letters in them.

Does the unix group name have to match the LDAP group "Domain Users" or does the name not matter? If it does matter is there some way of 'mapping' a unix group onto an LDAP group?

 

Hi,

I have the same problem as above, when I try to set the folder group to "Domain Users" it gives an error saying "Invalid Group". I figure this is because the program trying to set the group does not check the ldap database for groups i.e. it is a problem with the nsswitch.conf file.

However, that file is exactly the same as the one in the tutorial here. I have also checked that the ldap server is up and running and that there is an entry called "Domain Users" which is a subclass of "Group". So, I'm wondering is there some way of checking whether the changes in the nsswitch.conf file have been implemented? i.e. whether the system is using the ldap database and if not why it is not using it?

I also checked the /etc/ldap/ldap.conf file and the details seem to be correct as well, with the only two lines being 'host' and 'base'.

 

ok, figured it out. Just had to change a line in the /etc/libnss-ldap.conf file. It turns out that the installation added 'host ldap://127.0.0.1/' instead of 'uri ldap://127.0.0.1/'.

 

You can use any IP address or FQDN that's pointing to your server.

What's the output of

Code:

ls -l /usr/bin/dccproc

?

 

This is the output of

Code:

ls -l /usr/bin/dccproc

ls: /usr/bin/dccproc: Datei oder Verzeichnis nicht gefunden

The thing regarding the configuration of Outlook etc.. was easy.
IP or FQDN of Server that's what I've did already but I missed the
@domainname at the end of the username. ;-)