Hi,
I am trying to set up a SAMBA PDC using LDAP for authentication. I am using
this document as a guide:
http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/
SAMBA and openldap are running on the same machine for R&D purposes and I am
using the following software:
OpenSuSE 10.3
samba-3.0.26a-3
openldap2-2.3.37-6
smbldap-tools-0.9.2
I have configured slapd.conf:
============================================================include
/etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
database bdb
directory /var/lib/ldap
suffix "dc=IDEALX,dc=ORG"
rootdn "cn=Manager,dc=IDEALX,dc=ORG"
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
===============================================================
slapd starts with no errors
=================================================================Mar 30 07:13:17
nac slapd[8208]: @(#) $OpenLDAP: slapd 2.3.37 (Sep 21 2007
20:39:46) $ abuild@dede:/usr/src/packages/BUILD/openldap-2.3.37
/servers/slapd
Mar 30 07:13:18 nac slapd[8209]: slapd starting
Mar 30 07:13:19 nac slapd[8209]: conn=0 fd=12 ACCEPT from
IP=127.0.0.1:11230(IP0.0.0.0:389)
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=0 BIND dn="" method=128
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=0 RESULT tag=97 err=0 textMar 30
07:13:19 nac slapd[8209]: conn=0 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textMar 30 07:13:19 nac slapd[8209]: conn=0 op=2 UNBIND
Mar 30 07:13:19 nac slapd[8209]: conn=0 fd=12 closed
=================================================================
Here is the global of my my smb.conf
=================================================================# Global
parameters
[global]
workgroup = IDEALX-NT
netbios name = PDC-SRV
enable privileges = yes
#interfaces = 192.168.5.11
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
ldap passwd sync = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
#time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home logon path
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org
ldap suffix = dc=idealx,dc=org
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g"
"%u"
===================================================================
SAMBA starts with no error, there are some LDAP errors in the log though
but I assume this is because the samba user has not bee added to the
database yet:
===================================================================Mar 30
07:40:45 nac slapd[8474]: conn=131 fd=12 ACCEPT from IP127.0.0.1:8776
(IP=0.0.0.0:389)
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=0 STARTTLS
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=0 RESULT oid= err=0 textMar 30
07:40:45 nac slapd[8474]: conn=131 fd=12 TLS established tls_ssf=256
ssf=256
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=1 BIND
dn="cn=samba,ou=Users,dc=idealx,dc=org" method=128
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=1 RESULT tag=97 err=49 textMar 30
07:40:45 nac slapd[8474]: conn=131 op=2 UNBIND
Mar 30 07:40:45 nac slapd[8474]: conn=131 fd=12 closed
=======================================================================
smbldap.conf:
=======================================================================SID="S-1-5-21-3358269676-3034831818-2487254716"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="1"
verify="none"
suffix="dc=IDEALX,dc=ORG"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
=====================================================================
and smbldap_bind.conf:
=====================================================================slaveDN="cn=Manager,dc=IDEALX,dc=ORG"
slavePw="ibmjacquardsys"
masterDN="cn=Manager,dc=IDEALX,dc=ORG"
masterPw="ibmjacquardsys"
=====================================================================
OK so here is my problem:
I try and populate the LDAP databse using the command:
#smbldap-populate
But I get the following error:
======================================================================Can't
locate Unicode/MapUTF8.pm in @INC (@INC contains: /usr/local/sbin/
/usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8
/usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at
/usr/local/sbin//smbldap_tools.pm line 6, <DATA> line 225.
BEGIN failed--compilation aborted at /usr/local/sbin//smbldap_tools.pm line
6, <DATA> line 225.
Compilation failed in require at /usr/local/sbin/smbldap-populate line 35,
<DATA> line 225.
BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-populate line
35, <DATA> line 225.
=======================================================================
I installed perl-Unicode-String 2.09 and perl-Unicode-Map8 0.12 But I still
get the same errors, so I tried to use CPAN but it fails to compile:
=======================================================================Running
make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM"
"-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01_unicode_maputf8....Can't locate Unicode/Map.pm in @INC (@INC contains:
./blib ../blib ../lib ./lib /root/.cpan/build/Unicode-MapUTF8-1.11/blib/lib
/root/.cpan/build/Unicode-MapUTF8-1.11/blib/arch
/usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8
/usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at
lib/Unicode/MapUTF8.pm line 6.
BEGIN failed--compilation aborted at lib/Unicode/MapUTF8.pm line 6.
Compilation failed in require at t/01_unicode_maputf8.t line 6.
BEGIN failed--compilation aborted at t/01_unicode_maputf8.t line 6.
t/01_unicode_maputf8....dubious
Test returned status 2 (wstat 512, 0x200)
t/97_distribution.......skipped
all skipped: Test::Distribution not installed
t/98_pod_coverage.......skipped
all skipped: Test::Pod::Coverage 1.06 required for testing POD
coverage
t/99_pod................skipped
all skipped: Test::Pod 1.00 required for testing POD
FAILED--4 test scripts could be run, alas--no output ever seen
make: *** [test_dynamic] Error 255
/usr/bin/make test -- NOT OK
Running make install
make test had returned bad status, won't install without force
========================================================================
Ok so now I am stumped.............
Any help much appreciated.
Lawrence
Hi,
I am trying to set up a SAMBA PDC using LDAP for authentication. I am using
this document as a guide:
http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/
SAMBA and openldap are running on the same machine for R&D purposes and I am
using the following software:
OpenSuSE 10.3
samba-3.0.26a-3
openldap2-2.3.37-6
smbldap-tools-0.9.2
I have configured slapd.conf:
============================================================include
/etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
database bdb
directory /var/lib/ldap
suffix "dc=IDEALX,dc=ORG"
rootdn "cn=Manager,dc=IDEALX,dc=ORG"
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,sub,eq
index memberUid,mail,givenname eq,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by * none
access to *
by * read
===============================================================
slapd starts with no errors
=================================================================Mar 30 07:13:17
nac slapd[8208]: @(#) $OpenLDAP: slapd 2.3.37 (Sep 21 2007
20:39:46) $ abuild@dede:/usr/src/packages/BUILD/openldap-2.3.37
/servers/slapd
Mar 30 07:13:18 nac slapd[8209]: slapd starting
Mar 30 07:13:19 nac slapd[8209]: conn=0 fd=12 ACCEPT from
IP=127.0.0.1:11230(IP0.0.0.0:389)
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=0 BIND dn="" method=128
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=0 RESULT tag=97 err=0 textMar 30
07:13:19 nac slapd[8209]: conn=0 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
Mar 30 07:13:19 nac slapd[8209]: conn=0 op=1 SEARCH RESULT tag=101 err=0
nentries=1 textMar 30 07:13:19 nac slapd[8209]: conn=0 op=2 UNBIND
Mar 30 07:13:19 nac slapd[8209]: conn=0 fd=12 closed
=================================================================
Here is the global of my my smb.conf
=================================================================# Global
parameters
[global]
workgroup = IDEALX-NT
netbios name = PDC-SRV
enable privileges = yes
#interfaces = 192.168.5.11
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
ldap passwd sync = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
#time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home logon path
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=samba,ou=Users,dc=idealx,dc=org
ldap suffix = dc=idealx,dc=org
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = start tls
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g"
"%u"
===================================================================
SAMBA starts with no error, there are some LDAP errors in the log though
but I assume this is because the samba user has not bee added to the
database yet:
===================================================================Mar 30
07:40:45 nac slapd[8474]: conn=131 fd=12 ACCEPT from IP127.0.0.1:8776
(IP=0.0.0.0:389)
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=0 STARTTLS
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=0 RESULT oid= err=0 textMar 30
07:40:45 nac slapd[8474]: conn=131 fd=12 TLS established tls_ssf=256
ssf=256
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=1 BIND
dn="cn=samba,ou=Users,dc=idealx,dc=org" method=128
Mar 30 07:40:45 nac slapd[8474]: conn=131 op=1 RESULT tag=97 err=49 textMar 30
07:40:45 nac slapd[8474]: conn=131 op=2 UNBIND
Mar 30 07:40:45 nac slapd[8474]: conn=131 fd=12 closed
=======================================================================
smbldap.conf:
=======================================================================SID="S-1-5-21-3358269676-3034831818-2487254716"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="1"
verify="none"
suffix="dc=IDEALX,dc=ORG"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
=====================================================================
and smbldap_bind.conf:
=====================================================================slaveDN="cn=Manager,dc=IDEALX,dc=ORG"
slavePw="ibmjacquardsys"
masterDN="cn=Manager,dc=IDEALX,dc=ORG"
masterPw="ibmjacquardsys"
=====================================================================
OK so here is my problem:
I try and populate the LDAP databse using the command:
#smbldap-populate
But I get the following error:
======================================================================Can't
locate Unicode/MapUTF8.pm in @INC (@INC contains: /usr/local/sbin/
/usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8
/usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at
/usr/local/sbin//smbldap_tools.pm line 6, <DATA> line 225.
BEGIN failed--compilation aborted at /usr/local/sbin//smbldap_tools.pm line
6, <DATA> line 225.
Compilation failed in require at /usr/local/sbin/smbldap-populate line 35,
<DATA> line 225.
BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-populate line
35, <DATA> line 225.
=======================================================================
I installed perl-Unicode-String 2.09 and perl-Unicode-Map8 0.12 But I still
get the same errors, so I tried to use CPAN but it fails to compile:
=======================================================================Running
make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM"
"-e"
"test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01_unicode_maputf8....Can't locate Unicode/Map.pm in @INC (@INC contains:
./blib ../blib ../lib ./lib /root/.cpan/build/Unicode-MapUTF8-1.11/blib/lib
/root/.cpan/build/Unicode-MapUTF8-1.11/blib/arch
/usr/lib/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8
/usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl .) at
lib/Unicode/MapUTF8.pm line 6.
BEGIN failed--compilation aborted at lib/Unicode/MapUTF8.pm line 6.
Compilation failed in require at t/01_unicode_maputf8.t line 6.
BEGIN failed--compilation aborted at t/01_unicode_maputf8.t line 6.
t/01_unicode_maputf8....dubious
Test returned status 2 (wstat 512, 0x200)
t/97_distribution.......skipped
all skipped: Test::Distribution not installed
t/98_pod_coverage.......skipped
all skipped: Test::Pod::Coverage 1.06 required for testing POD
coverage
t/99_pod................skipped
all skipped: Test::Pod 1.00 required for testing POD
FAILED--4 test scripts could be run, alas--no output ever seen
make: *** [test_dynamic] Error 255
/usr/bin/make test -- NOT OK
Running make install
make test had returned bad status, won't install without force
========================================================================
Ok so now I am stumped.............
Any help much appreciated.
Lawrence