samba - Mar 2007 - error while migrating users to ldap with pdbedit

hi list,

we want to migrate all our users from smbpasswd into ldap, but first  
test it so the current samba server in production should not be  
changed. to achieve this i created a smb.conf file with the following  
content:

--- [smb.conf]
[global]
workgroup = mpi
netbios name = sandy01
netbios aliases = sandy02 sandy03
interfaces = 10.4.0.106/255.255.0.0
bind interfaces only = yes
socket address = 10.4.0.106
encrypt passwords = yes
debug level = 2
wins server = 10.5.0.17
nt acl support = no
ldap admin dn = cn=Admin,dc=biochem,dc=mpg,dc=de
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap suffix = dc=biochem,dc=mpg,dc=de
ldap user suffix = ou=people
passdb backend = ldapsam:ldap://ldapserver.biochem.mpg.de:389/
---[end of smb.conf]

but executing pdbedit results in an error because pdbedit tries to  
connect the ldap server "localhost":

---
sandy01:/usr/local/samba/private # pdbedit -i smbpasswd -e ldapsam -s
/usr/local/samba/lib/smb.conf smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SANDY01))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SANDY01))]
smbldap_open_connection: connection opened
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SANDY01))]
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with  
dn="cn=Admin,dc=biochem,dc=mpg,dc=de"
Error: Can't contact LDAP server
        (unknown)
Connection to LDAP server failed for the 1 try!
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with  
dn="cn=Admin,dc=biochem,dc=mpg,dc=de"
Error: Can't contact LDAP server
        (unknown)
Connection to LDAP server failed for the 2 try!
smbldap_open_connection: connection opened
failed to bind to server ldap://localhost with  
dn="cn=Admin,dc=biochem,dc=mpg,dc=de"
Error: Can't contact LDAP server
        (unknown)
Connection to LDAP server failed for the 3 try!
------

where do i set the name of the ldapserver? i also tried
   passdb backend = ldapsam:ldap://10.251.0.16:389/
and
   ldap server = ldapserv.biochem.mpg.de
but without change! the ldapserver can be reached by both "ping" and  
"ldapsearch" via the console (but as pdbedit does not seem to try to  
connect to it this does not matter now).

any hints are appreciated!

thanks in advance!
   markus

+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL        |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de  |  Tel.: 089 - 89 40 85 99       |
|         markus.krause@mac.com  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: markus.krause@mac.com   |
+--------------------------------+--------------------------------+



----------------------------------------------------------------------
      This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/21/2007 08:56 AM, Markus Krause wrote:
> hi list,
> 
> we want to migrate all our users from smbpasswd into ldap, 
> but first test it so the current samba server in production
> should not be changed. to achieve this i created a smb.conf
> file with the following content:
	Are you using the same machine? Or you are doing the
tests on a new machine?

> --- [smb.conf]
[...]
> ---[end of smb.conf]
	Did you register the LDAP password using 'smbpasswd -w'?

> but executing pdbedit results in an error because pdbedit tries to
> connect the ldap server "localhost":
> 
> ---
[...]
> ------
> 
> where do i set the name of the ldapserver? i also tried
>   passdb backend = ldapsam:ldap://10.251.0.16:389/
> and
>   ldap server = ldapserv.biochem.mpg.de
> but without change! the ldapserver can be reached by both "ping"
and
> "ldapsearch" via the console (but as pdbedit does not seem to try
to
> connect to it this does not matter now).
	I would say that it could be the password problem, but
could also be some configuration related to the LDAP parameters
and ACLs.

> any hints are appreciated!
> thanks in advance!
>   markus
	Hope this helps, kind regards.

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGAUUmCj65ZxU4gPQRApX5AKCZuS5rLgzjooaYCTyLPzq+oFerMQCdFqIm
8k/XH5k4rFyCI50lqJLrcP0=KwFc
-----END PGP SIGNATURE-----

On Wed, Mar 21, 2007 at 12:56:34PM +0100, Markus Krause
wrote:
> but executing pdbedit results in an error because pdbedit tries to  
> connect the ldap server "localhost":
I would not be surprised if pdbedit was broken with regard
to the -s parameter. Can you edit the default smb.conf file
with your ldap values?

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070321/aea1b003/attachment.bin

Zitat von Volker Lendecke <Volker.Lendecke@SerNet.DE>:
> On Wed, Mar 21, 2007 at 12:56:34PM +0100, Markus Krause wrote:
>> but executing pdbedit results in an error because pdbedit tries to
>> connect the ldap server "localhost":
>
> I would not be surprised if pdbedit was broken with regard
> to the -s parameter. Can you edit the default smb.conf file
> with your ldap values?
>
> Volker
if you mean by "default smb.conf" the file which samba is currently  
using thats a problem as our samba server(s) are in heavy usage  
(almost all time) and a planned downtime has to be announced some days  
in advance.
is there another way instead of installing another samba server then?

regards
   markus

----------------------------------------------------------------------
      This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de

Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070324/a3230c25/attachment.bin

Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070324/443701be/attachment.bin

On Sat, Mar 24, 2007 at 10:47:25PM +0100, Volker Lendecke
wrote:
> > Attached find the patch I checked in as revision 21962.
> 
> This time with patch...
Sorry for the confusion. Something has eaten the patch I did
send the first time before it hit my inbox.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070324/b89f6bb8/attachment.bin