Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server Nov 25 17:57:07 smbldap smbd[9987]: (unknown) Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0] lib/smbldap.c:smbldap_search_suffix(1155) Nov 25 17:57:23 smbldap smbd[9987]: smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Question 1) Is my ldap working fine? 2) Why can't samba bind to Ldap?
Pls teach me to understand those kind errors.
Emil Sicad Cebu Mitsumi Inc Information Systems Division
On Wednesday 26 November 2008 09:31:38 Emil Sicad - ISD wrote:
Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server Nov 25 17:57:07 smbldap smbd[9987]: (unknown) Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0] lib/smbldap.c:smbldap_search_suffix(1155) Nov 25 17:57:23 smbldap smbd[9987]: smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Question
- Is my ldap working fine?
Can't tell, your ldap logging may not be high enough.
- Why can't samba bind to Ldap?
You didn't include any of your samba (ldap-related) configuration, and that would really be more relevant on a samba list.
Regards, Buchan
Sir,
Good Day!
Below is my smb.conf and slapd.conf file
################ smb.conf ################################ [global] workgroup = FCB.NET realm = FCB.NET netbios aliases = smbldap.fcb.net server string = FCB File Sharing log file = /var/log/samba/log.%m max log size = 500 log level = 2 encrypt passwords = yes passwd program = /usr/local/sbin/smbldap-passwd -o %u socket options = TCP_NODELAY interfaces = eth0 local master = yes preferred master = yes passdb backend = ldapsam domain logons = yes keepalive = 10 os level = 64 ldap passwd sync = Yes idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 valid users = isd
add user script = /usr/local/sbin/smbldap-useradd -a -m "%u" delete user script = /usr/local/sbin/smbldap-userdel -r "%u" add user to group script = /usr/local/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-groupmod -g "%g" "%u" add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add machine script = /usr/local/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false -g 'Domain Computers' '%u'
passdb backend = ldapsam:ldaps://127.0.0.1/ ldap ssl = on ldap passwd sync = yes ldap admin dn = cn=Manager,dc=fcb,dc=net ldap delete dn = yes ldap suffix = dc=fcb,dc=net #ldap machine suffix = ou=Computers #ldap users suffix = dc=fcb,dc=net #ldap group suffix = ou=Groups
wins support = yes dos charset = 850 dns proxy = no unix charset = ISO8859-1 logon script = %U.bat
[netlogon] comment = Domain Logon Service path = /home/netlogon browseable = No
[ISD] comment = Information Systems Division path = /home/isd valid users = @isd read only = No create mask = 0660 directory mask = 0770
[profiles] path = /home/samba/profiles valid users = %U, "@Domain Admins" force user = %U read only = No create mask = 0600 directory mask = 0700 guest ok = Yes profile acls = Yes browseable = No csc policy = disable
########################## slapd.conf ##########################################
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
database bdb directory /var/lib/ldap
suffix "dc=fcb.net,dc=." rootdn "cn=Manager,dc=fcb.net,dc=."
#inserted at 5pm #limits dn="cn=Manager,dc=fcb,dc=net" #size.soft=-1 #size.hard=soft
index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName eq,pres,sub index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
rootpw {SSHA}9c6LGBMLZeqDoEQfDT0lBIlvTw0GYu3k
access to attrs=userPassword,sambaLMPassword,sambaNTPassword,shadowLastChange by dn.children="dc=fcb.net,dc=." write by self write by anonymous auth by * none
access to * by dn.children="dc=fcb.net,dc=." write by * read
########## E N D############
Thanks,
Emil Sicad
Buchan Milne wrote:
On Wednesday 26 November 2008 09:31:38 Emil Sicad - ISD wrote:
Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server Nov 25 17:57:07 smbldap smbd[9987]: (unknown) Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0] lib/smbldap.c:smbldap_search_suffix(1155) Nov 25 17:57:23 smbldap smbd[9987]: smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Question
- Is my ldap working fine?
Can't tell, your ldap logging may not be high enough.
- Why can't samba bind to Ldap?
You didn't include any of your samba (ldap-related) configuration, and that would really be more relevant on a samba list.
Regards, Buchan
Sir,
good day!
my Samba can already bind with the LDAP, there's a clerical error on my smb config file. parameter: passd backend=ldapsam:ldap*s*://127.0.0.1/ - ldaps => ldap
but i still have problem: 1) My MS client cannot connect to the domain, the username/passwd is invalid.
This is what i do: 1) smbldap-adduser -a test1 2) smbldap-passwd test1 3) smbldap-userlist result : uid |username 0 |root | 999 |nobody | 1006 |test1 |
4) smbldap-usershow test1 result:
dn: uid=test1,ou=User,dc=fcb.net,dc=. objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount cn: test1 sn: test1 givenName: test1 uid: test1 uidNumber: 1006 gidNumber: 513 homeDirectory: /home/samba/user/test1 loginShell: /bin/bash gecos: System User userPassword: {crypt}x sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: test1 sambaAcctFlags: [UX] sambaSID: S-1-5-21-2796061091-2530429657-3897351620-3012 sambaLMPassword: XXX sambaPrimaryGroupSID: S-1-5-21-2796061091-2530429657-3897351620-513 sambaNTPassword: XXX sambaLogonScript: test1.bat sambaProfilePath: \smbldap\home\samba\profiles\test1 sambaHomePath: \smbldap\home\samba\users\test1 sambaHomeDrive: H:
5) Join the MS client to the domain.
####### E N D ############
1) Am i lacking something? 2) How to confirm that the user i add was already OK?
Thank you!
Emil Sicad Cebu Mitsumi Inc. Informtaion Systems Division
Buchan Milne wrote:
On Wednesday 26 November 2008 09:31:38 Emil Sicad - ISD wrote:
Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server Nov 25 17:57:07 smbldap smbd[9987]: (unknown) Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0] lib/smbldap.c:smbldap_search_suffix(1155) Nov 25 17:57:23 smbldap smbd[9987]: smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Question
- Is my ldap working fine?
Can't tell, your ldap logging may not be high enough.
- Why can't samba bind to Ldap?
You didn't include any of your samba (ldap-related) configuration, and that would really be more relevant on a samba list.
Regards, Buchan
On Wednesday 26 November 2008 01:31:38 Emil Sicad - ISD wrote:
Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server
Is that your base dn: "dc=fcb.net,dc", I think it could be "dc=fcb,dc=net", chech your slapd.conf and the suffix in your smb.conf
Nov 25 17:57:07 smbldap smbd[9987]: (unknown) Nov 25 17:57:23 smbldap smbd[9987]: [2008/11/25 17:57:23, 0] lib/smbldap.c:smbldap_search_suffix(1155) Nov 25 17:57:23 smbldap smbd[9987]: smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out)
Question
- Is my ldap working fine?
- Why can't samba bind to Ldap?
Pls teach me to understand those kind errors.
Emil Sicad Cebu Mitsumi Inc Information Systems Division
On Wednesday 26 November 2008 18:26:02 Jorge Armando Medina wrote:
On Wednesday 26 November 2008 01:31:38 Emil Sicad - ISD wrote:
Good day to all,
Im new to LDAP, I've been working with SAMBA-LDAP implem. and i have these messages logs:
Nov 25 17:56:59 smbldap slapd[9974]: sql_select option missing Nov 25 17:56:59 smbldap slapd[9974]: auxpropfunc error no mechanism available Nov 25 17:56:59 smbldap ldap: slapd startup succeededs Nov 25 17:57:07 smbldap smbd[9987]: [2008/11/25 17:57:07, 0] lib/smbldap.c:smbldap_connect_system(850) Nov 25 17:57:07 smbldap smbd[9987]: failed to bind to server with dn= cn=Manager,dc=fcb.net,dc=. Error: Can't contact LDAP server
Is that your base dn: "dc=fcb.net,dc", I think it could be "dc=fcb,dc=net", chech your slapd.conf and the suffix in your smb.conf
No, 'ldap admin dn', and if you change it, you must tell samba the password for this DN again (smbpasswd -W, or smbpasswd -w xxx).
openldap-technical@openldap.org
-
Buchan Milne -
Emil Sicad - ISD -
Jorge Armando Medina