Samba objects replication
by mike
Hello everybody.
I have configurated Samba with openLdap.
My problem is that openldap slave does not synchronize the samba objects
from the openldap master.
All the others objects (ou, o, dc) are synchronized normaly
Can someone help me please?
Thanks
Migue
14 years, 9 months
2.4.13 could not start
by owen nirvana
libldap_r-2.4.so.2 no version information (reqired by slapd)
liblber-2.4.so.2 no version information (reqired by slapd)
in debian lenny-081114,
I don't remove openldap 2.4.11 debian package which had installed,
because synpatic always want to remove many many related package too.
But I don't think it is the problem.
thanks for instruction
gtalk:freeespeech@gmail.com
14 years, 10 months
Can join Domain but cannot login.
by Emil Sicad - ISD
Good day!
I badly need your help.
I can join the domain using the root but after restart i cannot login
anymore
My client is windows XP sp4.
The message was this:`
"The system cannot log you on to this domain because the system's
computer account in its primary domain
is missing or the password on that account is incorrect."
i have already disable the following in Local Security Settings
1. Domain member: Digitally encrypt or sign secure channel data (always)
2. Domain member: Digitally encrypt secure channel data (when possible)
3. Domain member: Digitally sign secure channel data (when possible)
4. Domain member: Disable machine account password changes
I can add and delete user using smbldap-useradd and smbldap-userdel
and also using webmin 1.41
Pls help me with this.
This is my config files:
#########################################
-rw-r--r-- 1 root root 2715 Dec 1 18:15 smb.conf
[global]
idmap gid = 16777216-33554431
enable privileges = Yes
passwd program = /usr/local/sbin/smbldap-passwd %u
dns proxy = no
netbios name = smbldap
ldap passwd sync = yes
idmap uid = 16777216-33554431
default = global
dos charset = 850
local master = yes
workgroup = fcb.net
os level = 34
security = User
log level = 0
log file = /var/log/samba/log.%m
max log size = 500
socket options = TCP_NODELAY
domain master = yes
encrypt passwords = yes
winbind use default domain = no
keepalive = 10
template shell = /bin/false
netbios aliases = smbldap.fcb.net
password server = smbldap valid users = %U
domain logons = yes
encrypt passwords = yes
unix charset = ISO8859-1
password server = smbldap
# Samba-Ldap Declarations #
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=fcb.net,dc=.
ldap suffix = dc=fcb.net,dc=.
ldap delete dn = yes
ldap ssl = on
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
add user script = /usr/local/sbin/smbldap-useradd -a "%u
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/local/smbldap-groupmod -m "%u" "%g"
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
set primary group script = /usr/local/sbin/smbldap-groupmod -g
"%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
[netlogon]
comment = Domain Logon Service
path = /home/netlogon
browseable = No
[ISD]
comment = Information Systems Division
path = /home/isd
valid users = @isd
read only = No
create mask = 0660
directory mask = 0770
[profiles]
path = /home/samba/profiles
valid users = %U, "@Domain Admins"
##########################################
-rwxr-xr-x 1 ldap ldap 1010 Nov 28 16:29 slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
directory /var/lib/ldap
suffix "dc=fcb.net,dc=."
rootdn "cn=Manager,dc=fcb.net,dc=."
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq,pres,sub
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
rootpw smbldap
access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange
by dn.children="dc=fcb.net,dc=." write
by self write
by anonymous auth
by * none
access to *
by dn.children="dc=fcb.net,dc=." write
by * read
######################################
-rw-r--r-- 1 ldap ldap 851 Dec 1 17:56 ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
host 127.0.0.1
base dc=fcb.net,dc=.
#inserted nov 24, 2008
#rootbinddn cn=Manager,dc=fcb.net,dc=.
rootbinddn cn=Manager,dc=fcb.net,dc=.
nss_base_passwd dc=fcb.net,dc=.
nss_base_shadow dc=fcb.net,dc=.
nss_base_group dc=fcb.net,dc=.
#Security Options
ssl no
pam_passwd md5
bind_policy soft
TLS_CACERTDIR /etc/openldap/cacerts
########################################
-rw-r--r-- 1 root root 1119 Nov 27 13:38 smbldap.conf
SID="S-1-5-21-2796061091-2530429657-3897351620"
sambaDomain="smbldap"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
#verify=""
#clientcert=""
#clientkey=""
suffix="dc=fcb.net,dc=."
usersdn="ou=User,dc=fcb.net,dc=."
computersdn="ou=Computers,dc=fcb.net,dc=."
groupsdn="ou=Groups,dc=fcb.net,dc=."
binddn="cn=Manager,dc=fcb.net,dc=."
bindpasswd="smbldap"
#idmapdn="fcb,${suffix}"
#sambaUnixIdPooldn="sambaDomainName=workgroup,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/bash"
userHome="/home/samba/users/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
userSmbHome="\\smbldap\home\samba\users\%U"
userProfile="\\smbldap\home\samba\profiles\%U"
userHomeDrive="H"
userScript="%U.bat"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
#######################################
-rw------- 1 root root 428 Nov 25 18:34 smbldap_bind.conf
slaveDN="cn=Manager,dc=fcb.net,dc=."
slavePw="smbldap"
masterDN="cn=Manager,dc=fcb.net,dc=."
masterPw="smbldap"
###############################################
-rw-r--r-- 1 root root 1658 Nov 29 15:14 /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
Thanks in advance!
Emil Sicad
Cebu Mitsumi Inc
Information Systems Division
14 years, 10 months
hello
by Donny George
Hello
After much work i set up and openldap server and client and established
their connectivity and also populated the database with phpldapadmin. but
wen i do ldapsearch -x or getent passwd or when i search for the specific
ids i cant get the user information which i entered through the gui. as i am
not sure the config files which i should look into to correct this error,
could someone guide me. did i miss in installing soething or have i not
edited any specific file
thank you in advance
--
Donny George
14 years, 10 months
RE: Some servers are delay synced...
by Quanah Gibson-Mount
Look for any change noting fixes to slapo-syncprov and/or syncrepl.
--Quanah
--On Monday, December 01, 2008 1:56 PM +0000 Bad Guy
<badguy9588(a)hotmail.com> wrote:
> Would you mind telling me the ITS# related to this ?
>
> I can't find it in the changes of 2.4.12 and 2.4.13 about this one.
>
> Thanks
>
>> Date: Mon, 1 Dec 2008 00:30:24 -0800
>> From: quanah(a)zimbra.com
>> To: badguy9588(a)hotmail.com; openldap-technical(a)openldap.org
>> Subject: Re: Some servers are delay synced...
>>
>> --On Monday, December 01, 2008 7:39 AM +0000 Bad Guy
>> <badguy9588(a)hotmail.com> wrote:
>>
>> > Dear sir,
>> >
>> > We have got a N-way master (N=4) openldap running in version 2.4.11
>> > under linux environment.
>> >
>> > Any idea on this ?
>>
>> Yes, read the changelog for the changes between 2.4.11 and 2.4.13.
>>
>> --Quanah
>>
>> --
>>
>> Quanah Gibson-Mount
>> Principal Software Engineer
>> Zimbra, Inc
>> --------------------
>> Zimbra :: the leader in open source messaging and collaboration
>
>
>
> __________________________________________________
>
用部落格分享照片、影音、趣味小工具和最愛清單,盡捊>
��秀出你自己 — Windows Live Spaces
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
14 years, 10 months
Authenticate a user
by Mansour Al Akeel
Hello all,
I am trying to create a user and authenticate this user. I need to give
an admin a way to access and modify account. I was able to succeffuly
add a user, but can not connect using this account. The only way I am
able to connect is using the Manager's DN.
I keep on getting invalid credentials.
I have reset the password for this user few times to make sure it's
correct. Still unable to authenticate. I am using JXplorer to connect to
that server. Here's the corresponding section from the log file. I hope
it helps.
Dec 1 13:52:11 neptune slapd[13518]: >>> slap_listener(ldap:///)
Dec 1 13:52:11 neptune slapd[13518]: connection_get(12): got connid=13
Dec 1 13:52:11 neptune slapd[13518]: connection_read(12): checking for
input on id=13
Dec 1 13:52:11 neptune slapd[13518]: do_bind
Dec 1 13:52:11 neptune slapd[13518]: >>> dnPrettyNormal:
<uid=user,dc=test,dc=com>
Dec 1 13:52:11 neptune slapd[13518]: <<< dnPrettyNormal:
<uid=user,dc=test,dc=com>, <uid=user,dc=test,dc=com>
Dec 1 13:52:11 neptune slapd[13518]: do_bind: version=3
dn="uid=user,dc=test,dc=com" method=128
Dec 1 13:52:11 neptune slapd[13518]:
bdb_dn2entry("uid=user,dc=test,dc=com")
Dec 1 13:52:11 neptune slapd[13518]: send_ldap_result: conn=13 op=0 p=3
Dec 1 13:52:11 neptune slapd[13518]: send_ldap_response: msgid=1 tag=97
err=49
Dec 1 13:52:11 neptune slapd[13518]: connection_get(12): got connid=13
Dec 1 13:52:11 neptune slapd[13518]: connection_read(12): checking for
input on id=13
Dec 1 13:52:11 neptune slapd[13518]: ber_get_next on fd 12 failed
errno=0 (Success)
Dec 1 13:52:11 neptune slapd[13518]: connection_closing: readying
conn=13 sd=12 for close
Dec 1 13:52:11 neptune slapd[13518]: connection_close: conn=13 sd=-1
I don't know what I am missing, but I have been trying to resolve this
for few hours with no success.
14 years, 10 months
how group work with samba & openldap ?
by franck dufau
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hye all,
i have install samba as PDC with openldap authentification everything
work fine.
But i want to create différent group with différent privileges on folder
How gestion of group work with Openldap authentification because users
are not in /etc/passwd and domain group are not in /etc/group !?
I don't find information about this...
can you help me ?
cordialement
Franck Dufau
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkz66UACgkQrKIazktK/hICSgCeOiQGmEHKk5qHGiC5sMTzyux7
uMgAn2LY3axBykW29YkGQy1k4+5vi0dE
=hPaV
-----END PGP SIGNATURE-----
14 years, 10 months
Re: Delta-sync symptom in 2.4.11
by William Jojo
---- Original message ----
>Date: Tue, 25 Nov 2008 15:52:57 -0800
>From: Quanah Gibson-Mount <quanah(a)zimbra.com>
>Subject: Re: Delta-sync symptom in 2.4.11
>To: William Jojo <w.jojo(a)hvcc.edu>,openldap-technical(a)openldap.org
>
>--On Monday, November 24, 2008 10:00 PM -0800 Quanah Gibson-Mount
><quanah(a)zimbra.com> wrote:
>
>> --On Monday, November 24, 2008 6:05 PM -0800 Quanah Gibson-Mount
>> <quanah(a)zimbra.com> wrote:
>>
>>> --On Monday, November 24, 2008 9:00 PM -0500 William Jojo
>>> <w.jojo(a)hvcc.edu> wrote:
>>>
>>>>
>>>>
>>>> ---- Original message ----
>>>>> Date: Thu, 20 Nov 2008 11:02:40 -0800
>>>>> From: Quanah Gibson-Mount <quanah(a)zimbra.com>
>>>>> Subject: Re: Delta-sync symptom in 2.4.11
>>>>> To: William Jojo <w.jojo(a)hvcc.edu>,openldap-technical(a)openldap.org
>>>>>
>>>>> --On Thursday, November 20, 2008 10:38 AM -0500 William Jojo
>>>>> <w.jojo(a)hvcc.edu> wrote:
>>>>>
>>>>>
>>>>>> Otherwise this is just like test043, except or the missing dn's. :-)
>>>>>>
>>>>>> Any ideas?
>>>>>
>>>>> Try current RE24 CVS. There have been a number of replication related
>>>>> fixes made since 2.4.11.
>>>>>
>>>>
>>>> I just tried 2.4.13. The problem still persists. I will check out the
>>>> CVS version in the morning.
>>>
>>> There's nothing different between RE24 and 2.4.13 at this point in time,
>>> so there's no point in trying RE24 if you've tried 2.4.13 and it still
>>> fails.
>>>
>>> I suggest you submit an ITS with a way to easily reproduce the issue.
>>
>> Also make sure to include your exact configuration on the master &
>> replica, and any log messages at loglevel sync, so the contextCSN data is
>> gathered.
>
>Also, does the replicator have unlimited time and size limits to search the
>master with?
>
Quanah,
Just got back from holiday to find that tests I launched before hand had completed successfully. I had realized that I had not set unlimited prior to my previous tests.
Thank you very much for your persistence in following up. Although not a bug (thankfully), I did realize my ignorance of some configuration options.
Cheers,
Bill
14 years, 10 months
Can join domain but cannot login
by Emil Sicad - ISD
Good day!
I badly need your help.
I can join the domain using the root but after restart i cannot login
anymore
My client is windows XP sp4.
The message was this:`
"The system cannot log you on to this domain because the system's
computer account in its primary domain
is missing or the password on that account is incorrect."
i have already disable the following in Local Security Settings
1. Domain member: Digitally encrypt or sign secure channel data (always)
2. Domain member: Digitally encrypt secure channel data (when possible)
3. Domain member: Digitally sign secure channel data (when possible)
4. Domain member: Disable machine account password changes
I can add and delete user using smbldap-useradd and smbldap-userdel
and also using webmin 1.41
Pls help me with this.
This is my config files:
#########################################
-rw-r--r-- 1 root root 2715 Dec 1 18:15 smb.conf
[global]
idmap gid = 16777216-33554431
enable privileges = Yes
passwd program = /usr/local/sbin/smbldap-passwd %u
dns proxy = no
netbios name = smbldap
ldap passwd sync = yes
idmap uid = 16777216-33554431
default = global
dos charset = 850
local master = yes
workgroup = fcb.net
os level = 34
security = User
log level = 0
log file = /var/log/samba/log.%m
max log size = 500
socket options = TCP_NODELAY
domain master = yes
encrypt passwords = yes
winbind use default domain = no
keepalive = 10
template shell = /bin/false
netbios aliases = smbldap.fcb.net
password server = smbldap
valid users = %U
domain logons = yes
encrypt passwords = yes
unix charset = ISO8859-1
password server = smbldap
# Samba-Ldap Declarations #
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=fcb.net,dc=.
ldap suffix = dc=fcb.net,dc=.
ldap delete dn = yes
ldap ssl = on
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
add user script = /usr/local/sbin/smbldap-useradd -a "%u
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/local/smbldap-groupmod -m "%u" "%g"
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
set primary group script = /usr/local/sbin/smbldap-groupmod -g
"%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
[netlogon]
comment = Domain Logon Service
path = /home/netlogon
browseable = No
[ISD]
comment = Information Systems Division
path = /home/isd
valid users = @isd
read only = No
create mask = 0660
directory mask = 0770
[profiles]
path = /home/samba/profiles
valid users = %U, "@Domain Admins"
##########################################
-rwxr-xr-x 1 ldap ldap 1010 Nov 28 16:29 slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
database bdb
directory /var/lib/ldap
suffix "dc=fcb.net,dc=."
rootdn "cn=Manager,dc=fcb.net,dc=."
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName eq,pres,sub
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
rootpw smbldap
access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange
by dn.children="dc=fcb.net,dc=." write
by self write
by anonymous auth
by * none
access to *
by dn.children="dc=fcb.net,dc=." write
by * read
######################################
-rw-r--r-- 1 ldap ldap 851 Dec 1 17:56 ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
host 127.0.0.1
base dc=fcb.net,dc=.
#inserted nov 24, 2008
#rootbinddn cn=Manager,dc=fcb.net,dc=.
rootbinddn cn=Manager,dc=fcb.net,dc=.
nss_base_passwd dc=fcb.net,dc=.
nss_base_shadow dc=fcb.net,dc=.
nss_base_group dc=fcb.net,dc=.
#Security Options
ssl no
pam_passwd md5
bind_policy soft
TLS_CACERTDIR /etc/openldap/cacerts
########################################
-rw-r--r-- 1 root root 1119 Nov 27 13:38 smbldap.conf
SID="S-1-5-21-2796061091-2530429657-3897351620"
sambaDomain="smbldap"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
#verify=""
#clientcert=""
#clientkey=""
suffix="dc=fcb.net,dc=."
usersdn="ou=User,dc=fcb.net,dc=."
computersdn="ou=Computers,dc=fcb.net,dc=."
groupsdn="ou=Groups,dc=fcb.net,dc=."
binddn="cn=Manager,dc=fcb.net,dc=."
bindpasswd="smbldap"
#idmapdn="fcb,${suffix}"
#sambaUnixIdPooldn="sambaDomainName=workgroup,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
userLoginShell="/bin/bash"
userHome="/home/samba/users/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
userSmbHome="\\smbldap\home\samba\users\%U"
userProfile="\\smbldap\home\samba\profiles\%U"
userHomeDrive="H"
userScript="%U.bat"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
#######################################
-rw------- 1 root root 428 Nov 25 18:34 smbldap_bind.conf
slaveDN="cn=Manager,dc=fcb.net,dc=."
slavePw="smbldap"
masterDN="cn=Manager,dc=fcb.net,dc=."
masterPw="smbldap"
###############################################
-rw-r--r-- 1 root root 1658 Nov 29 15:14 /etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: files
automount: files ldap
aliases: files
Thanks in advance!
Emil Sicad
Cebu Mitsumi Inc
Information Systems Division
14 years, 10 months
{SSHA} for PHP
by Jack van Rock
Hi,
I want to modify a website-login-system (PHP) to check passwords which
are deocoded with SSHA.
My script should compare the clear password, which I get from a FORM,
with the SSHA-hash of the password, which is in the database (MySQL).
The dates in the MySQL-DB comes from a LDAP.
This is my script:
<?php
$password_sub = "test";
//Das Passwort erhalte ich über ein HTML-Formular
$passsowrd_hash_db = base64_decode("e1NTSEF9aH....");
//Diesen base64-Hash erhalte ich aus der Datenbank.
//Er wird gleich decodiert, da man daraus das $salt benötigt.
//Dann hat er die Form {SSHA}hxtMi....
$salt = base64_decode(substr($passsowrd_hash_db , 32));
//Berechnung des $salt
$hash = "{SSHA}" . base64_encode(pack("H*",
sha1($password_sub.$salt)).$salt);
?>
But the script doesn't work, because the generated hash isn't the same
as the hash from the database.
But I don't now, what's wrong?
May someone help me?
m@xx
14 years, 10 months
