Hi all,
I've compiled 3.0.7 on a test box which also has an LDAP server running on
it.
This is the first time for me trying to use Samba with LDAP. I copied the
IdealX scripts into /usr/local/sbin and edited the _config.pm file. It is
attached at the bottom, stripped of comments. I then edited my smb.conf to
the effect of the following:
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=mydomain,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=People
ldap admin dn = cn=Manager
ldap ssl = no
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
I then did smbpasswd -w (insert cn=Manager password for LDAP)
smbd and nmbd started up just fine. Here is when I run into problems:
oink:/usr/local/samba/lib # smbclient -L oink
protocol negotiation failed
Same result if I use 'localhost' or reference it by IP. If you can tell
me
what I have missed it would be greatly appreciated. I have been following
the HOWTO step-by-step and I'm not sure what I missed.
Thanks,
Misty
smbldap_conf.pm:
use strict;
package smbldap_conf;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS
$UID_START $GID_START $smbpasswd $slaveLDAP
$masterLDAP
$slavePort $masterPort $ldapSSL $slaveURI $masterURI
$with_smbpasswd $mk_ntpasswd
$ldap_path $ldap_opts $ldapmodify $suffix $usersdn
$computersdn
$groupsdn $scope $binddn $bindpasswd
$slaveDN $slavePw $masterDN $masterPw
$_userLoginShell $_userHomePrefix $_userGecos
$_defaultUserGid $_defaultComputerGid
$_skeletonDir $_userSmbHome
$_userProfile $_userHomeDrive
$_userScript $usersou $computersou $groupsou $SID
$hash_encrypt $_defaultMaxPasswordAge
);
use Exporter;
$VERSION = 1.00;
@ISA = qw(Exporter);
@EXPORT = qw(
$UID_START $GID_START $smbpasswd $slaveLDAP
$masterLDAP
$slavePort $masterPort $ldapSSL $slaveURI $masterURI
$with_smbpasswd $mk_ntpasswd
$ldap_path $ldap_opts $ldapmodify $suffix $usersdn
$computersdn $groupsdn $scope $binddn $bindpasswd
$slaveDN $slavePw $masterDN $masterPw
$_userLoginShell $_userHomePrefix $_userGecos
$_defaultUserGid $_defaultComputerGid $_skeletonDir
$_userSmbHome $_userProfile $_userHomeDrive
$_userScript
$usersou $computersou $groupsou $SID $hash_encrypt
$_defaultMaxPasswordAge
);
$UID_START = 1000;
$GID_START = 1000;
$SID='S-1-5-21-725326080-1709766072-2910717368';
$slaveLDAP = "127.0.0.1";
$slavePort = "389";
$masterLDAP = "127.0.0.1";
$masterPort = "389";
$ldapSSL = "0";
$suffix = "dc=mydomain,dc=com";
$usersou = q(_USERS_);
$usersdn = "ou=People,$suffix";
$computersou = q(_COMPUTERS_);
$computersdn = "ou=$computersou,$suffix";
$groupsou = q(_GROUPS_);
$groupsdn = "ou=$groupsou,$suffix";
$scope = "sub";
$hash_encrypt="SSHA";
$binddn = "cn=Manager,$suffix";
$bindpasswd = 'some_unencrypted_password';
$slaveDN = $binddn;
$slavePw = $bindpasswd;
$masterDN = $binddn;
$masterPw = $bindpasswd;
$_userLoginShell = q(/bin/false);
$_userHomePrefix = q(/data/samba/home/);
$_userGecos = q(System User);
$_defaultUserGid = 513;
$_defaultComputerGid = 553;
$_skeletonDir = q(/etc/skel);
$_defaultMaxPasswordAge = 90;
$_userSmbHome = q(\\\\_PDCNAME_\\homes);
$_userProfile = q(\\\\_PDCNAME_\\profiles\\);
$_userHomeDrive = q(H:);
$with_smbpasswd = 0;
$smbpasswd = "/usr/local/samba/bin/smbpasswd";
$mk_ntpasswd = "/usr/local/sbin/mkntpwd";
$slaveURI = "ldap://$slaveLDAP:$slavePort";
$masterURI = "ldap://$masterLDAP:$masterPort";
$ldap_path = "/usr/bin";
if ( $ldapSSL eq "0" ) {
$ldap_opts = "-x";
} elsif ( $ldapSSL eq "1" ) {
$ldap_opts = "-x -Z";
} else {
die "ldapSSL option must be either 0 or 1.\n";
}
$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D
'$masterDN'
-w '$masterPw'";
1;
I fixed this error. I had not realized that I needed to specify --with-ldap at compile-time. configure --help had led me to believe that that was the default value, but I guess it was not. Misty On Wednesday 22 September 2004 17:12, Misty Stanley-Jones wrote:> Hi all, > > I've compiled 3.0.7 on a test box which also has an LDAP server running on > it. This is the first time for me trying to use Samba with LDAP. I copied > the IdealX scripts into /usr/local/sbin and edited the _config.pm file. It > is attached at the bottom, stripped of comments. I then edited my smb.conf > to the effect of the following: > > passdb backend = ldapsam:ldap://localhost > ldap suffix = dc=mydomain,dc=com > ldap machine suffix = ou=Computers > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap idmap suffix = ou=People > ldap admin dn = cn=Manager > ldap ssl = no > ldap passwd sync = Yes > idmap uid = 15000-20000 > idmap gid = 15000-20000 > winbind separator = + > > I then did smbpasswd -w (insert cn=Manager password for LDAP) > > smbd and nmbd started up just fine. Here is when I run into problems: > oink:/usr/local/samba/lib # smbclient -L oink > protocol negotiation failed > > Same result if I use 'localhost' or reference it by IP. If you can tell me > what I have missed it would be greatly appreciated. I have been following > the HOWTO step-by-step and I'm not sure what I missed. > > Thanks, > Misty > > smbldap_conf.pm: > use strict; > package smbldap_conf; > > use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS > $UID_START $GID_START $smbpasswd $slaveLDAP > $masterLDAP > $slavePort $masterPort $ldapSSL $slaveURI > $masterURI $with_smbpasswd $mk_ntpasswd > $ldap_path $ldap_opts $ldapmodify $suffix $usersdn > $computersdn > $groupsdn $scope $binddn $bindpasswd > $slaveDN $slavePw $masterDN $masterPw > $_userLoginShell $_userHomePrefix $_userGecos > $_defaultUserGid $_defaultComputerGid > $_skeletonDir $_userSmbHome > $_userProfile $_userHomeDrive > $_userScript $usersou $computersou $groupsou $SID > $hash_encrypt $_defaultMaxPasswordAge > ); > > use Exporter; > $VERSION = 1.00; > @ISA = qw(Exporter); > > @EXPORT = qw( > $UID_START $GID_START $smbpasswd $slaveLDAP > $masterLDAP > $slavePort $masterPort $ldapSSL $slaveURI > $masterURI $with_smbpasswd $mk_ntpasswd > $ldap_path $ldap_opts $ldapmodify $suffix $usersdn > $computersdn $groupsdn $scope $binddn $bindpasswd > $slaveDN $slavePw $masterDN $masterPw > $_userLoginShell $_userHomePrefix $_userGecos > $_defaultUserGid $_defaultComputerGid > $_skeletonDir $_userSmbHome $_userProfile $_userHomeDrive $_userScript > $usersou $computersou $groupsou $SID $hash_encrypt > $_defaultMaxPasswordAge > ); > > $UID_START = 1000; > $GID_START = 1000; > > $SID='S-1-5-21-725326080-1709766072-2910717368'; > > $slaveLDAP = "127.0.0.1"; > $slavePort = "389"; > > $masterLDAP = "127.0.0.1"; > $masterPort = "389"; > > $ldapSSL = "0"; > > $suffix = "dc=mydomain,dc=com"; > > > $usersou = q(_USERS_); > $usersdn = "ou=People,$suffix"; > > $computersou = q(_COMPUTERS_); > $computersdn = "ou=$computersou,$suffix"; > > $groupsou = q(_GROUPS_); > $groupsdn = "ou=$groupsou,$suffix"; > > $scope = "sub"; > > $hash_encrypt="SSHA"; > > $binddn = "cn=Manager,$suffix"; > > $bindpasswd = 'some_unencrypted_password'; > > $slaveDN = $binddn; > $slavePw = $bindpasswd; > $masterDN = $binddn; > $masterPw = $bindpasswd; > > > $_userLoginShell = q(/bin/false); > > $_userHomePrefix = q(/data/samba/home/); > > $_userGecos = q(System User); > > $_defaultUserGid = 513; > > $_defaultComputerGid = 553; > > $_skeletonDir = q(/etc/skel); > > $_defaultMaxPasswordAge = 90; > > > $_userSmbHome = q(\\\\_PDCNAME_\\homes); > > $_userProfile = q(\\\\_PDCNAME_\\profiles\\); > > $_userHomeDrive = q(H:); > > > > > $with_smbpasswd = 0; > $smbpasswd = "/usr/local/samba/bin/smbpasswd"; > $mk_ntpasswd = "/usr/local/sbin/mkntpwd"; > > $slaveURI = "ldap://$slaveLDAP:$slavePort"; > $masterURI = "ldap://$masterLDAP:$masterPort"; > > $ldap_path = "/usr/bin"; > > if ( $ldapSSL eq "0" ) { > $ldap_opts = "-x"; > } elsif ( $ldapSSL eq "1" ) { > $ldap_opts = "-x -Z"; > } else { > die "ldapSSL option must be either 0 or 1.\n"; > } > > $ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D > '$masterDN' -w '$masterPw'"; > > > > 1;