Adam Stokes
2005-Jul-08 19:42 UTC
[Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
I have taken some time out to write up a rough draft on integrating samba with RHDS/FDS. Please have a look and I welcome any and all comments/modifications. http://people.redhat.com/astokes/samba_rhds.pdf http://people.redhat.com/astokes/samba_rhds.html Of course the links can be found at http://people.redhat.com/astokes/ Thanks for your time adam stokes
Christopher Blizzard
2005-Jul-08 20:36 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Adam has (been) volunteered to add this to the wiki under the samba howto. Go, Adam! --Chris Adam Stokes wrote:> I have taken some time out to write up a rough draft on integrating > samba with RHDS/FDS. Please have a look and I welcome any and all > comments/modifications. > > http://people.redhat.com/astokes/samba_rhds.pdf > http://people.redhat.com/astokes/samba_rhds.html > > Of course the links can be found at http://people.redhat.com/astokes/ >
Mike Jackson
2005-Jul-09 10:55 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Adam Stokes wrote:> I have taken some time out to write up a rough draft on integrating > samba with RHDS/FDS. Please have a look and I welcome any and all > comments/modifications.Hi, I read that document and it looks really good. Still, I have some comments: 1) It should be mentioned that RHDS and FDS are equal, so that the reader won''t be confused. 2) When displaying instance location, it should show both RHDS and FDS, e.g. /opt/redhat-ds/slapd-<server>/config/schema or /opt/fedora-ds/slapd-<server>/config/schema 3) In order to further eliminate confusion, the instance directory could be referenced with backticks which can be escaped by the shell: /opt/redhat-ds/slapd-`hostname -s` This is the default location, and anybody who modifies this already knows what they are doing... 4) It''s not really necessary to include long, cryptic perl scripts (which I wrote!), in the body of the document. Adding the link to download it is enough. 5) The migration tools from openldap-servers are open source, why not just make them available for individual download as well. Somebody may not be able to install that RPM just to get those two scripts. And finally, what are you doing the document sources with? If you do it with DocBook, then it''s much easier for people to send contribution patches. BR, -- mike
Vesko
2005-Jul-11 10:00 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Christopher Blizzard wrote:> Adam has (been) volunteered to add this to the wiki under the samba > howto. Go, Adam! > > --Chris > > Adam Stokes wrote: > >> I have taken some time out to write up a rough draft on integrating >> samba with RHDS/FDS. Please have a look and I welcome any and all >> comments/modifications. >> >> http://people.redhat.com/astokes/samba_rhds.pdf >> http://people.redhat.com/astokes/samba_rhds.html >> >> Of course the links can be found at http://people.redhat.com/astokes/ >>Following the howto I reached the step :net getlocalsid and i get the following errors: --- [root@dt fedora-ds]# net getlocalsid [2005/07/11 12:53:26, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for MENADA failed with NT_STATUS_UNSUCCESSFUL [2005/07/11 12:53:26, 0] utils/net.c:net_getlocalsid(494) Can''t fetch domain SID for name: PDC --- [root@dt fedora-ds]# net getlocalsid MENADA [2005/07/11 12:53:04, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for MENADA failed with NT_STATUS_UNSUCCESSFUL SID for domain MENADA is: S-1-5-21-3908961923-2064544837-4242978264 --- this is what i have in /opt/fedora-ds/slapd-dt/logs/errors: --- [11/Jul/2005:12:58:15 +0300] - Entry "sambaDomainName=MENADA,dc=belvedere,dc=bg" -- attribute "objectClass" not allowed --- Any advice would be wellcome! Vesko
Vesko
2005-Jul-11 10:16 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Vesko wrote:> > Following the howto I reached the step :net getlocalsid > and i get the following errors: > --- > [root@dt fedora-ds]# net getlocalsid > [2005/07/11 12:53:26, 0] lib/smbldap.c:smbldap_search_domain_info(1392) > Adding domain info for MENADA failed with NT_STATUS_UNSUCCESSFUL > [2005/07/11 12:53:26, 0] utils/net.c:net_getlocalsid(494) > Can''t fetch domain SID for name: PDC > --- > [root@dt fedora-ds]# net getlocalsid MENADA > [2005/07/11 12:53:04, 0] lib/smbldap.c:smbldap_search_domain_info(1392) > Adding domain info for MENADA failed with NT_STATUS_UNSUCCESSFUL > SID for domain MENADA is: S-1-5-21-3908961923-2064544837-4242978264 > --- > > this is what i have in /opt/fedora-ds/slapd-dt/logs/errors: > --- > [11/Jul/2005:12:58:15 +0300] - Entry > "sambaDomainName=MENADA,dc=belvedere,dc=bg" -- attribute "objectClass" > not allowed > ---After this point I try to add the sambaDomainName.ldif and get: --- [root@dt fedora-ds]# ./slapd-dt/ldif2ldap "cn=root" 12345678 /opt/fedora-ds/sambaDomainName.ldif adding new entry sambaDomainName=MENADA,dc=example,dc=com ldap_add: No such object --- The howto seems clear, so i guess i did or didnot do something regards Vesko
Adam Stokes
2005-Jul-11 13:15 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Mon, 2005-07-11 at 13:16 +0300, Vesko wrote:> > this is what i have in /opt/fedora-ds/slapd-dt/logs/errors: > > --- > > [11/Jul/2005:12:58:15 +0300] - Entry > > "sambaDomainName=MENADA,dc=belvedere,dc=bg" -- attribute > "objectClass" > > not allowed > > ---that base dn looks different from what this error shows After this point I try to add the sambaDomainName.ldif and get: --- [root@dt fedora-ds]# ./slapd-dt/ldif2ldap "cn=root" 12345678 /opt/fedora-ds/sambaDomainName.ldif adding new entry sambaDomainName=MENADA,dc=example,dc=com ldap_add: No such object ---
Vesko
2005-Jul-11 15:44 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Adam Stokes wrote:> > > that base dn looks different from what this error shows >Another error i come upon in a next step of the howto: --- [root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' unixgroup=''Admins'' adding entry for group Domain Admins failed! --- I have an unix group ''Admins'', samba and fedora-ds logs show nothing when executing this command regards
Adam Stokes
2005-Jul-11 19:44 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Mon, 2005-07-11 at 18:44 +0300, Vesko wrote:> Adam Stokes wrote: > > > > > > that base dn looks different from what this error shows > > > > Another error i come upon in a next step of the howto: > --- > [root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' > unixgroup=''Admins'' > adding entry for group Domain Admins failed! > --- > I have an unix group ''Admins'', samba and fedora-ds logs show nothing > when executing this command > > regards > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersWhen you created /etc/sambaGroups to be converted what values did you use for the group?
Adam Stokes
2005-Jul-11 19:46 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Mon, 2005-07-11 at 15:44 -0400, Adam Stokes wrote:> On Mon, 2005-07-11 at 18:44 +0300, Vesko wrote: > > Adam Stokes wrote: > > > > > > > > > that base dn looks different from what this error shows > > > > > > > Another error i come upon in a next step of the howto: > > --- > > [root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' > > unixgroup=''Admins'' > > adding entry for group Domain Admins failed! > > --- > > I have an unix group ''Admins'', samba and fedora-ds logs show nothing > > when executing this command > > > > regards > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > When you created /etc/sambaGroups to be converted what values did you > use for the group? > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersSorry meant /tmp/sambaGroups and what is the output of ldapsearch -x -Z ''(cn=Domain*)'' thanks
Vesko
2005-Jul-12 07:05 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Adam Stokes wrote:>>> >>>Another error i come upon in a next step of the howto: >>>--- >>>[root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' >>>unixgroup=''Admins'' >>>adding entry for group Domain Admins failed! >>>--- >>>I have an unix group ''Admins'', samba and fedora-ds logs show nothing >>>when executing this command >> >>When you created /etc/sambaGroups to be converted what values did you >>use for the group? > > Sorry meant /tmp/sambaGroups and what is the output of ldapsearch -x -Z > ''(cn=Domain*)'' > > thanksThank you for your reply I made changes to /tmp/sambaGroup to get rid of some console errors i get but still cant pass to the next step of the howto. here is more information: --- [root@dt /]# cat /etc/group ... Domain Admins:x:512: Domain Users:x:513: Domain Guests:x:514: Domain Computers:x:515: --- [root@dt /]# cat /tmp/sambaGroups Domain Admins:x:2512: Domain Users:x:2513: Domain Guests:x:2514: Domain Computers:x:2515: --- converted to ldif and imported to the directory. I can see the entries in the directory. --- [root@dt /]# net groupmap add rid=512 ntgroup=''Admins'' unixgroup=''Admins'' adding entry for group Admins failed! ---
Adam Stokes
2005-Jul-12 13:03 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Tue, 2005-07-12 at 10:05 +0300, Vesko wrote:> Adam Stokes wrote: > >>> > >>>Another error i come upon in a next step of the howto: > >>>--- > >>>[root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' > >>>unixgroup=''Admins'' > >>>adding entry for group Domain Admins failed! > >>>--- > >>>I have an unix group ''Admins'', samba and fedora-ds logs show nothing > >>>when executing this command > >> > >>When you created /etc/sambaGroups to be converted what values did you > >>use for the group? > > > > Sorry meant /tmp/sambaGroups and what is the output of ldapsearch -x -Z > > ''(cn=Domain*)'' > > > > thanks > > Thank you for your reply > I made changes to /tmp/sambaGroup to get rid of some console errors i > get but still cant pass to the next step of the howto. > here is more information: > --- > [root@dt /]# cat /etc/group > ... > Domain Admins:x:512: > Domain Users:x:513: > Domain Guests:x:514: > Domain Computers:x:515: > --- > [root@dt /]# cat /tmp/sambaGroups > Domain Admins:x:2512: > Domain Users:x:2513: > Domain Guests:x:2514: > Domain Computers:x:2515: > --- > converted to ldif and imported to the directory. I can see the entries > in the directory. > > --- > [root@dt /]# net groupmap add rid=512 ntgroup=''Admins'' unixgroup=''Admins'' > adding entry for group Admins failed! > --- > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersThere is no need for the /etc/group file to have those entries in it because Samba will map the entires from the ldap server. So remove the entries in /etc/group, import the ldif from /tmp/sambaGroups and map the appropriate entries (instead of ntgroup=''Admins'' use ntgroup=''Domain Admins'' unixgroup=''Domain Admins'') Remeber you are mapping from an ldap server so the entries have to exist somewhere.
Vesko
2005-Jul-13 07:07 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
Adam Stokes wrote:> > There is no need for the /etc/group file to have those entries in it > because Samba will map the entires from the ldap server. > > So remove the entries in /etc/group, import the ldif > from /tmp/sambaGroups and map the appropriate entries (instead of > ntgroup=''Admins'' use ntgroup=''Domain Admins'' unixgroup=''Domain Admins'') > > Remeber you are mapping from an ldap server so the entries have to exist > somewhere. > >The same errors: [root@dt ~]# net groupmap add rid=512 ntgroup=’Domain Admins’ unixgroup=’Domain Admins’ Bad option: Admins’ [root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' unixgroup=''Domain Admins'' Can''t lookup UNIX group Domain Admins Is this a samba bug or ...? it is just not working as expected :( I did everything right up till this mommenet. I use samba-3.0.10-1.4E on CentOS release 4.1 (Final) and fedora-ds-7.1-2.RHEL4 (rpm install) regards
Adam Stokes
2005-Jul-13 20:49 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Wed, 2005-07-13 at 10:07 +0300, Vesko wrote:> Adam Stokes wrote: > > > > There is no need for the /etc/group file to have those entries in it > > because Samba will map the entires from the ldap server. > > > > So remove the entries in /etc/group, import the ldif > > from /tmp/sambaGroups and map the appropriate entries (instead of > > ntgroup=''Admins'' use ntgroup=''Domain Admins'' unixgroup=''Domain Admins'') > > > > Remeber you are mapping from an ldap server so the entries have to exist > > somewhere. > > > > > > The same errors: > > [root@dt ~]# net groupmap add rid=512 ntgroup=’Domain Admins’ > unixgroup=’Domain Admins’ > Bad option: Admins’ > > [root@dt ~]# net groupmap add rid=512 ntgroup=''Domain Admins'' > unixgroup=''Domain Admins'' > Can''t lookup UNIX group Domain Admins > > Is this a samba bug or ...? > it is just not working as expected :( I did everything right up till > this mommenet. I use samba-3.0.10-1.4E on CentOS release 4.1 (Final) and > fedora-ds-7.1-2.RHEL4 (rpm install) > > regards > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersHard to say whether its a bug or not. When you query the directory server do those Samba groups show up? If so try to come up with a small test case for your scenario and ill see if i can reproduce it and a possible workaround. thanks
Adam Stokes
2005-Jul-13 20:54 UTC
Re: [Fedora-directory-users] integrating samba and FDS/RHDS (draft 1)
On Sat, 2005-07-09 at 13:55 +0300, Mike Jackson wrote:> Adam Stokes wrote: > > I have taken some time out to write up a rough draft on integrating > > samba with RHDS/FDS. Please have a look and I welcome any and all > > comments/modifications. > > > Hi, > I read that document and it looks really good. Still, I have some > comments: > > > 1) It should be mentioned that RHDS and FDS are equal, so that the > reader won''t be confused. > > > 2) When displaying instance location, it should show both RHDS and FDS, e.g. > > /opt/redhat-ds/slapd-<server>/config/schema > > or > > /opt/fedora-ds/slapd-<server>/config/schema >I had thought about that, however, anything RHDS related will probably be available elsewhere (Red Hat Knowledgebase, Docs)> > 3) In order to further eliminate confusion, the instance directory could > be referenced with backticks which can be escaped by the shell: > > /opt/redhat-ds/slapd-`hostname -s` >Will get that changed> This is the default location, and anybody who modifies this already > knows what they are doing... > > > 4) It''s not really necessary to include long, cryptic perl scripts > (which I wrote!), in the body of the document. Adding the link to > download it is enough. >Fixed on the wiki - http://directory.fedora.redhat.com/wiki/Howto:Samba> 5) The migration tools from openldap-servers are open source, why not > just make them available for individual download as well. Somebody may > not be able to install that RPM just to get those two scripts.Good idea, however, I am not sure where to upload those scripts to on the wiki> > > And finally, what are you doing the document sources with? If you do it > with DocBook, then it''s much easier for people to send contribution patches.Good idea, picked up a little bit of docbook knowledge and am in the process of converting my documents. Those are available on people.redhat.com/astokes> > > BR, > -- > mike > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-usersThanks for the input Adam