samba - Dec 2003 - Trying to use LDAP: Failed to bind to server: Invalid Credentials

I'm using RedHat 9 and Samba 3.01rc2. I'm working through the Samba
Howto on LDAP but I've no experience of LDAP and I'm struggling to
understand what is needed. At the moment when I try to change or set a password
with smbpasswd, I get the message "failed to bind to server with dn = etc:
Invalid credentials".
So can someone clarify any of these points for me.

1. About the ?ldap admin dn ? setting in smb.conf. 

I?ve put 
ldap admin dn = ?cn=Manager,ou=People,dc=IT,dc=local?
as a modification of the example in the Howto. Where they have used ?quenya and
com? I have used ?IT and local?. Are the quote marks needed?

Does this have to match a setting in either the slapd.conf  or  LFIF file used
to initialise the database and could this account for the ?Invalid Credentials?
message?
  
Or could it be the password?

2. The password I use is ?colafoo?. So I?ve typed ?smbpasswd ?w colafoo?. In my
slapd.conf file there are two lines starting rootpw. Should either of these be
set to colafoo.  They were both commented out. On the other hand there are three
lines in the LDIF file starting ?userPassword:  {SSHA}?. I generated the
password using
?slappasswd ?s colafoo? and put the result into the files. Have I made an error
there?

Finally
3. The LDIF file contains references to ?Setting up admin handle for People OU?
?dn: cn=admin etc?. What is the difference between Manager and admin?

Thanks 
John Murf


-----------------------------------------
Email provided by http://www.ntlhome.com/

<johnmurphy@ntlworld.com> wrote in message
news:20031223093803.DVTJ19387.mta05-svc.ntlworld.com@[10.137.100.72]...
I'm using RedHat 9 and Samba 3.01rc2. I'm working through the Samba
Howto on
LDAP but I've no experience of LDAP and I'm struggling to understand
what is
needed.

I would suggest you spend some time learning LDAP before trying to combine
it with Samba.  LDAP has its own learning curve.

You could try setting up a simple address book with LDAP so that you can
learn how it works.

I don't think you will be able to trouble shoot problems even if you
successfully set up Samba with LDAP now.

On Tue, 2003-12-23 at 02:38, johnmurphy@ntlworld.com wrote:
> 1. About the ?ldap admin dn ? setting in smb.conf. 
> 
> I?ve put 
> ldap admin dn = ?cn=Manager,ou=People,dc=IT,dc=local?
> as a modification of the example in the Howto. Where they have used ?quenya
and com? I have used ?IT and local?. Are the quote marks needed?
---
do not use the quotes in smb.conf
---
> Does this have to match a setting in either the slapd.conf  or  LFIF file
used to initialise the database and could this account for the ?Invalid
Credentials? message?
---
yes, it needs to match the rootdn in slapd.conf - otherwise it won't
work
---
> 2. The password I use is ?colafoo?. So I?ve typed ?smbpasswd ?w colafoo?.
In my slapd.conf file there are two lines starting rootpw. Should either of
these be set to colafoo.  They were both commented out. On the other hand there
are three lines in the LDIF file starting ?userPassword:  {SSHA}?. I generated
the password using
> ?slappasswd ?s colafoo? and put the result into the files. Have I made an
error there?
---
you should have 1 line in slapd.conf 
rootpw  {METHOD} output_of_'slapppasswd -s colaroo'
---
> Finally
> 3. The LDIF file contains references to ?Setting up admin handle for People
OU?
> ?dn: cn=admin etc?. What is the difference between Manager and admin?
---
depends upon what you make it - you are designing your own ldap
structure.

Another suggestion has been to learn LDAP first before learning to
interact with Samba. Seemed to be a good suggestion.

Craig

> From: Craig White <craigwhite@azapple.com>
<snip>
Thanks for the reply. I'll see how far I get.

John Murf

-----------------------------------------
Email provided by http://www.ntlhome.com/

On Tue, 23 Dec 2003 johnmurphy@ntlworld.com wrote:
> I'm using RedHat 9 and Samba 3.01rc2. I'm working through the Samba
Howto on LDAP but I've no experience of LDAP and I'm struggling to
understand what is needed. At the moment when I try to change or set a password
with smbpasswd, I get the message "failed to bind to server with dn = etc:
Invalid credentials".
> So can someone clarify any of these points for me.
>
> 1. About the ?ldap admin dn ? setting in smb.conf.
>
> I?ve put
> ldap admin dn = ?cn=Manager,ou=People,dc=IT,dc=local?
> as a modification of the example in the Howto. Where they have used
> ?quenya and com? I have used ?IT and local?. Are the quote marks needed?
Do not use the quotes.
>
> Does this have to match a setting in either the slapd.conf or LFIF file
> used to initialise the database and could this account for the ?Invalid
> Credentials? message?
Manager is super-user. admin is able to change only Samba Accounts.
>
> Or could it be the password?
>
> 2. The password I use is ?colafoo?. So I?ve typed ?smbpasswd ?w
> colafoo?. In my slapd.conf file there are two lines starting rootpw.
> Should either of these be set to colafoo.  They were both commented out.
> On the other hand there are three lines in the LDIF file starting
> ?userPassword:  {SSHA}?. I generated the password using ?slappasswd ?s
> colafoo? and put the result into the files. Have I made an error there?
You need in your slapd.conf file one rootpw, it should have the password
output from running slappasswd. You must include the {SSHA} portion.
>
> Finally
> 3. The LDIF file contains references to ?Setting up admin handle for People
OU?
> ?dn: cn=admin etc?. What is the difference between Manager and admin?
Manager is the system-wide super-user, admin can administer the People
container.

- John T.
>
> Thanks
> John Murf
>
>
> -----------------------------------------
> Email provided by http://www.ntlhome.com/
>
>
>
-- 
John H Terpstra
Email: jht@samba.org