Hello there... My name is Marcelo, i am new in this list. I don't know if here is the right place for asking about samba + LDAP, if not, sorry... I am finishing to implement a samba server with ldap support but, when i want to add some group to the samba domain i obtain the following error messages: - SMBLDAP_TOOLS # smbldap-groupadd -a -g 10000 -s S-1-5-21-blablabla -t 2 domainadmins erreur LDAP: Can't contact master ldap server for writing (IO::Socket::INET: connect: Conexion rehusada) at /usr/share/perl5/smbldap_tools.pm line 277. This line code refers to master ldap server, this server is in /etc/smbldap-tools/smbldap.conf configuration file. - LAM (LDAP ACCOUNT MANAGER) In section groups i press the New Group button and then i complete the form for Unix and Samba 3 sections, but when i press the Create Account button it show me the following error message: *Warning*: ldap_add() [function.ldap-add <http://www.skull-one.com.ar/lam/templates/account/function.ldap-add>]: Add: Internal (implementation specific) error in */usr/share/ldap-account-manager/lib/modules.inc* on line *1401 * Can't create the DN: cn=domainadmins,ou=group,dc=skull-one,dc=com,dc=ar. Internal (implementation specific) error I don't undertand what mean the 1401 line code in modules.inc file, searching in google i don't find information, onle a person who advises to use a old samba.schema version, i have the version which come with debian packet 3.0.26a and i downloaded the versions 3.0.25, 3.0.24 and 3.0.23 but i had no luck, the problem continues there. - PHPLDAPADMIN In left menu, in ou=group section i press Create New Object button, i select Posix Group, i complete form with group name and GID and then press Proceed>> button. Then Create Object and i obtain the following error: Error Can't add object to LDAP server. LDAP sais: Internal (implementation specific) error Error number: 0x50 (LDAP_OTHER) Descripci?n: . Searching in google i don't find any information about this error number. I would be thankful if someone could help me with this problem. Best regards
Celodrake escreveu:> Hello there...Hi.> My name is Marcelo, i am new in this list. > I don't know if here is the right place for asking about samba + LDAP, > if not, sorry...Yes, it is.> I am finishing to implement a samba server with ldap support but, when > i want to add some group to the samba domain i obtain the following > error messages: > - SMBLDAP_TOOLS > # smbldap-groupadd -a -g 10000 -s S-1-5-21-blablabla -t 2 domainadmins > erreur LDAP: Can't contact master ldap server for writing > (IO::Socket::INET: connect: Conexion rehusada) at > /usr/share/perl5/smbldap_tools.pm line 277. > > This line code refers to master ldap server, this server is in > /etc/smbldap-tools/smbldap.conf configuration file.Trying to add anything else works?> - LAM (LDAP ACCOUNT MANAGER) > In section groups i press the New Group button and then i complete the > form for Unix and Samba 3 sections, but when i press the Create > Account button it show me the following error message: > > (...) > > I don't undertand what mean the 1401 line code in modules.inc file, > searching in google i don't find information, onle a person who > advises to use a old samba.schema version, i have the version which > come with debian packet 3.0.26a and i downloaded the versions 3.0.25, > 3.0.24 and 3.0.23 but i had no luck, the problem continues there. > > - PHPLDAPADMIN > In left menu, in ou=group section i press Create New Object button, i > select Posix Group, i complete form with group name and GID and then > press Proceed>> button. Then Create Object and i obtain the following > error: > > (...) > > Searching in google i don't find any information about this error number. > > I would be thankful if someone could help me with this problem. > > Best regardsI don't use LAM, but use smbldap-tools and phpldapadmin. In turn to saying that the services aren't properly configured (as nothing worked and you said that there isnt anything like that in google), I think helps begin from the beginning. Are all services running in the same machine? You said that you are using Debian right? The package 3.0.26a doesn't come with the stable release "Etch", which release are you using? How do you configure your apt repositories and install your packages? (if the packages related with the problem didn't came from the stable repository, helps write its versions). How did you populated your LDAP tree? One detail. smbldap-tools doesn't use samba to do its job, it connects to LDAP directly, so, supposing that you have configured smbldap-tools properly, its very unlikely that the problem has anything to do with the samba package, as you have noticed that changing versions doesn't solve the problem. Regards. Edmundo Valle Neto.
If it was asked to the list answer to the list please, other people can not guess what was already answered. Sending it back ... (...)>> >> Trying to add anything else works? > with de command line a don't know how add another thing, but with > phpldapadmin i can add for example users.The best documentation are from smbldap-tools project [1] and samba [2], [3].>> (...) >> >> I don't use LAM, but use smbldap-tools and phpldapadmin. In turn to >> saying that the services aren't properly configured (as nothing >> worked and you said that there isnt anything like that in google), I >> think helps begin from the beginning. >> >> Are all services running in the same machine? > before, services were running now, i don't know what happen but slapd > doesn't work when i write /etc/init.d/slapd start as root in command > line, the syslog show me this: > > Oct 29 16:31:56 skull1 slapd[12409]: @(#) $OpenLDAP: slapd 2.3.38 (Sep > 17 2007 21:09:04) $ > ^Iroot@monster:/tmp/buildd/openldap2.3-2.3.38/debian/build/servers/slapd > Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_open: Database cannot be > opened, err 13. Restore from backup! > Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): > DB_ENV->lock_id_free interface requires an environment configured for > the locking subsystem > Oct 29 16:31:57 skull1 slapd[12410]: bdb(dc=skull-one,dc=com,dc=ar): > txn_checkpoint interface requires an environment configured for the > transaction subsystem > Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: txn_checkpoint > failed: Invalid argument (22) > Oct 29 16:31:57 skull1 slapd[12410]: backend_startup_one: bi_db_open > failed! (13) > Oct 29 16:31:57 skull1 slapd[12410]: bdb_db_close: alock_close failed > Oct 29 16:31:57 skull1 slapd[12410]: slapd stopped. > Oct 29 16:31:57 skull1 slapd[12410]: connections_destroy: nothing to > destroy. > > i don't know why... yesterday it work perfectly.Probably your database is corrupted, you can try to fix it, recover a backup, or if you don't have a backup and nothing works, start it over. If you don't know how to make any of the alternatives, maybe is time to learn a little more about how LDAP works, before trying to use it.>> You said that you are using Debian right? > yes >> The package 3.0.26a doesn't come with the stable release "Etch", >> which release are you using? > i have debian sid (unstable release)I don't recommend it in servers. And don't recommend it in desktops if you don't know how to solve your own problems.>> How do you configure your apt repositories and install your packages? >> (if the packages related with the problem didn't came from the stable >> repository, helps write its versions). > i configured my apt repository manualy with nano -w > /etc/apt/sources.list and my repositories are: > > deb http://ftp.uk.debian.org/debian/ sid main non-free contrib > deb-src http://ftp.uk.debian.org/debian/ sid main non-free contrib > > ldap-account-manage 2.0.0-1 > ldap-utils 2.3.38-1 > slapd 2.3.38-1 > smbldap-tools 0.9.4-1 > phpldapadmin 0.9.8.4-2 > > i think that all packages are there...Ok. Everything from Sid.>> How did you populated your LDAP tree? > i can't populate my LDAP tree jet ...The package drops a working database practically with only the root and administrator DNs. I mean prepare it be used by samba, creating the needed OUs and domain information.>> One detail. smbldap-tools doesn't use samba to do its job, it >> connects to LDAP directly, so, supposing that you have configured >> smbldap-tools properly, its very unlikely that the problem has >> anything to do with the samba package, as you have noticed that >> changing versions doesn't solve the problem. > aahh. ok. > > thanks and best regards1. http://download.gna.org/smbldap-tools/docs/ 2. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ 3. http://us4.samba.org/samba/docs/man/Samba-Guide/ Regards. Edmundo Valle Neto
Hi John... John H Terpstra wrote:> On Wednesday 07 November 2007 19:00, Marcelo Mogrovejo wrote: > >> Hello... >> >> Edmundo Valle Neto wrote: >> >>> Marcelo Mogrovejo escreveu: >>> >>>> Hello Edmundo >>>> >>> (...) >>> >>> >>>> So, yes, i have configured this file already: >>>> passwd: compat ldap >>>> shadow: compat ldap >>>> group: compat ldap >>>> >>>> I have downloaded the libnss-ldap file too but it's the same... >>>> >>> Yes, this package must be installed too, nsswitch.conf says where to >>> read and libnss-ldap says how to do it when using LDAP. Normally >>> answering debconf properly when installing the package is enough to >>> make it work and messing with /etc/libnss-ldap.conf isn't needed. >>> >>> >>>> I can't make it to work... >>>> >>>> If i try to create a posixAccount in phpLDAPadmin it show me the error: >>>> "Could not add the object to the LDAP server. >>>> >>>> LDAP said: Object class violation >>>> Error number: 0x41 (LDAP_OBJECT_CLASS_VIOLATION) >>>> Description: You tried to perform an operation that would cause an >>>> undefined attribute to exist or that would remove a required >>>> attribute, given the current list of ObjectClasses. This can also >>>> occur if you do not specify a structural objectClass when creating an >>>> entry, or if you specify more than one structural objectClass." >>>> >>> Doesn't make much sense trying anything else if your NSS doesn't work, >>> make it work isn't optional. >>> If you have populated LDAP successfully with smbldap-populate at least >>> the administrator and nobody accounts (or whatever was inserted in the >>> base) must appear with getent. (you can make sure what was inserted >>> doing a slapcat). >>> >> Ok with slapcat i see the user "testuser" created... but i saw it in >> phpldapadmin before. >> Here i cut and paste a last section of slapcat out: >> >> dn: uid=testuser,ou=Users,dc=skull-one,dc=com,dc=ar >> objectClass: top >> objectClass: person >> objectClass: organizationalPerson >> objectClass: inetOrgPerson >> objectClass: posixAccount >> objectClass: shadowAccount >> cn: testuser >> sn: testuser >> givenName: testuser >> uid: testuser >> uidNumber: 1564 >> gidNumber: 513 >> homeDirectory: /home/testuser >> loginShell: /bin/bash >> gecos: System User >> structuralObjectClass: inetOrgPerson >> entryUUID: c1028b56-21df-102c-8a0d-63a789f5531c >> creatorsName: cn=Manager,dc=skull-one,dc=com,dc=ar >> createTimestamp: 20071108004614Z >> userPassword:: e1NTSEF9KzM0SzNxejVOZnJLNTJzK3pkaGVYam11QWpSM1FYcE4>> shadowLastChange: 13825 >> shadowMax: 45 >> entryCSN: 20071108004653Z#000000#00#000000 >> modifiersName: cn=Manager,dc=skull-one,dc=com,dc=ar >> modifyTimestamp: 20071108004653Z >> >> >>>> And the rare is, when i create the account with smbldap-useradd -m >>>> testuser it create the home directory at /home/testuser but i don't >>>> know why it doesn't create a uid.... >>>> >>> Ok, -m makes the home directory, but what do you mean by "doesn't >>> create a uid"? Its only a perl script that inserts something in the >>> base directly, it doesn't fail when lacking NSS. A dump of the base >>> with slapcat doesn't show the user? The command give any error? If the >>> user isn't in the base your smbldap-tools install is broken too. >>> >> I mean that i don't know why the user linux is not created, why i don't >> see him with getent passwd. >> The command work fine without errors. >> >> So all of this means smbldap-tools is broken ?? >> > > No, it means your NSS is either not configured correctly, or is broken. How > have you configured /etc/nsswitch.conf and /etc/ldap.conf? >here i show you my /etc/nsswitch.conf and /etc/ldap/ldap.conf http://pastebin.com/mf74cf2 thanks. regards