samba - Mar 2018 - Fwd: Migrating server

On Wed, 28 Feb 2018 20:41:43 +1000
Rob Thoman via samba <samba at lists.samba.org> wrote:
> 
> root at sam3dc # smbldap-populate
> Use of qw(...) as parentheses is deprecated at /usr/share/perl5/
> smbldap_tools.pm line 1423, <DATA> line 522.
> Unable to open /etc/smbldap-tools/smbldap.conf for reading !
> Compilation failed in require at /usr/sbin/smbldap-populate line 30.
> BEGIN failed--compilation aborted at /usr/sbin/smbldap-populate line
> 30.
> 
The problem is that smbldap-tools appears to be a dead project, last
time I looked, it had disappeared from the internet.
That's the bad news, the good news is, you do not need it ;-)

You have (in your smb.conf):

ldapsam:trusted = yes
ldapsam:editposix = yes

With these lines, Samba itself can admin ldap, I can provide you with
some notes I made last year when testing this very subject, interested ?
> 
> 
> The file in question doesn't even exist. Any ideas?
> 
> Also, in one of the samba list articles, I read that we'll need to run
> pdbedit -i tdbsam -e ldapsam to import the info from tdb to ldap.
> When do we do this one?
Presumably, once you get your PDC up and running, the how is a
question I cannot answer ;-)

Rowland

Yes please

On Wed, Feb 28, 2018 at 9:34 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 28 Feb 2018 20:41:43 +1000
> Rob Thoman via samba <samba at lists.samba.org> wrote:
>
> >
> > root at sam3dc # smbldap-populate
> > Use of qw(...) as parentheses is deprecated at /usr/share/perl5/
> > smbldap_tools.pm line 1423, <DATA> line 522.
> > Unable to open /etc/smbldap-tools/smbldap.conf for reading !
> > Compilation failed in require at /usr/sbin/smbldap-populate line 30.
> > BEGIN failed--compilation aborted at /usr/sbin/smbldap-populate line
> > 30.
> >
>
> The problem is that smbldap-tools appears to be a dead project, last
> time I looked, it had disappeared from the internet.
> That's the bad news, the good news is, you do not need it ;-)
>
> You have (in your smb.conf):
>
> ldapsam:trusted = yes
> ldapsam:editposix = yes
>
> With these lines, Samba itself can admin ldap, I can provide you with
> some notes I made last year when testing this very subject, interested ?
>
> >
> >
> > The file in question doesn't even exist. Any ideas?
> >
> > Also, in one of the samba list articles, I read that we'll need to
run
> > pdbedit -i tdbsam -e ldapsam to import the info from tdb to ldap.
> > When do we do this one?
>
> Presumably, once you get your PDC up and running, the how is a
> question I cannot answer ;-)
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Yes please for the notes.

I re-ran the tests without the smbldap-tools. I installed phpldapadmin and
am able to login to the apache page using the cn=admin, dn=mydomain and
create entries. This kind of tells me that LDAP is working

Then I run the pdbedit -Lv and it lists all the users.

The following happens when I add the LDAP bits to smb.conf and restart
samba.The issue seems to be with samba and ldap intergration. Just to
re-iterate we have samba 3.6. The following errors keeps coming up.

pdbedit -Lv
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))]
smbldap_open_connection: connection opened
add_new_domain_info: failed to add domain dnsambaDomainName=MYDOMAIN,dc=mydomain
with: Invalid DN syntax
        invalid DN
smbldap_search_domain_info: Adding domain info for MYDOMAIN failed with
NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new
users/groups, and will risk BDCs having inconsistent SIDs


         obey pam restrictions = no
        dns forwarder = 8.8.8.8
passdb backend = ldapsam:ldap://sam3dc.mydomain/
    ldap admin dn = cn=admin,dc=mydomain
  ldap group suffix = ou=Groups
  ldap idmap suffix = ou=Users
  ldap machine suffix = ou=Computers
  ldap passwd sync = yes
    ldap suffix = dc=mydomain
  ldap user suffix = ou=Users
ldap ssl = off
ldap passwd sync = yes

/etc/ldap/ldap.conf
BASE    dc=mydomain
URI     ldap://sam3dc.mydomain ldap://sam3dc.mydomain:666





On Thu, Mar 1, 2018 at 10:51 AM, Rob Thoman <emailthomasrob at gmail.com>
wrote:
> Yes please
>
> On Wed, Feb 28, 2018 at 9:34 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Wed, 28 Feb 2018 20:41:43 +1000
>> Rob Thoman via samba <samba at lists.samba.org> wrote:
>>
>> >
>> > root at sam3dc # smbldap-populate
>> > Use of qw(...) as parentheses is deprecated at /usr/share/perl5/
>> > smbldap_tools.pm line 1423, <DATA> line 522.
>> > Unable to open /etc/smbldap-tools/smbldap.conf for reading !
>> > Compilation failed in require at /usr/sbin/smbldap-populate line
30.
>> > BEGIN failed--compilation aborted at /usr/sbin/smbldap-populate
line
>> > 30.
>> >
>>
>> The problem is that smbldap-tools appears to be a dead project, last
>> time I looked, it had disappeared from the internet.
>> That's the bad news, the good news is, you do not need it ;-)
>>
>> You have (in your smb.conf):
>>
>> ldapsam:trusted = yes
>> ldapsam:editposix = yes
>>
>> With these lines, Samba itself can admin ldap, I can provide you with
>> some notes I made last year when testing this very subject, interested
?
>>
>> >
>> >
>> > The file in question doesn't even exist. Any ideas?
>> >
>> > Also, in one of the samba list articles, I read that we'll
need to run
>> > pdbedit -i tdbsam -e ldapsam to import the info from tdb to ldap.
>> > When do we do this one?
>>
>> Presumably, once you get your PDC up and running, the how is a
>> question I cannot answer ;-)
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>