Hello, I have got another problem. trying this howto CentOS 5.x Samba Domain Controller With LDAP Backend al went wel untill I had to start LDAP. I've got this message: Controleren van configuratiebestanden voor slapd: could not open config file "/etc/openldap/slapd.conf": Permission denied (13) slaptest: bad configuration file! This is my slapd.conf file: include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database bdb suffix "dc=amtand,dc=nl" rootdn "cn=root,dc=amtand,dc=nl" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxx password-hash {SSHA} directory /var/lib/ldap index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index objectClass pres,eq index default sub And here the init.ldif: dn: dc=amtand ,dc=nl objectclass: dcObject objectclass: organization o: CentOS Directory Server dc: amtand dn: cn=root, dc=amtand, dc=nl objectclass: organizationalRole cn: root Does somebody knows what goes wrong?
Looking at the permissions showed that slapd.conf had -rw------ 1 root root changing this to -rw-r----- 1 root ldap did the trick. Restarting httpd gave this message: NameVirtualHost *:80 has no VirtualHosts Is this a problem? Trying to change my iptables is a problem. Momentary the firewall is disabled as recommend in building a perfect server. I use the computer also as a router for my network and put this in iptables to do so: # Generated by iptables-save v1.3.5 on Fri Dec 10 09:05:11 2010 *nat REROUTING ACCEPT [4:231] OSTROUTING ACCEPT [10:621] :OUTPUT ACCEPT [11:661] -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Fri Dec 10 09:05:11 2010 # Generated by iptables-save v1.3.5 on Fri Dec 10 09:05:11 2010 *filter :INPUT ACCEPT [70:4931] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [58:4093] -A FORWARD -s 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -d 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -s ! 10.0.0.0/255.255.255.0 -j DROP -A FORWARD -s 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -d 10.0.0.0/255.255.255.0 -j ACCEPT COMMIT # Completed on Fri Dec 10 09:05:11 2010 Trying to put in the lines for HTTPS and restarting iptables failed. When I enable firewall with the default iptables running, the computer is failing is a router, and I am unable to connect to the internet on the other computers. Trying the https://10.0.0.10/samba/pla/ gave as result it was an insecure connection. Is it possible to put my iptables in the default ones, changing input, forward output etc values? with kind regards Ad.
Changed iptables to this: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *nat REROUTING ACCEPT [4:231] OSTROUTING ACCEPT [10:621] :OUTPUT ACCEPT [11:661] -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [70:4931] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [58:4093] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT #-A FORWARD -j RH-Firewall-1-INPUT -A FORWARD -s 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -d 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -s ! 10.0.0.0/255.255.255.0 -j DROP -A FORWARD -s 10.0.0.0/255.255.255.0 -j ACCEPT -A FORWARD -d 10.0.0.0/255.255.255.0 -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT #Allow Https:// -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT #Allow samba: -A RH-Firewall-1-INPUT -m multiport -p udp --dport 137,138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport 139,445 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Generated by Ad v1 on Sat Dec 18 09:05:11 2010 Seems to work. Still getting the announcement https is not save. Is this normal? Accepting the fact there is no certificat I can see the site. Can only logging as anonymous.
