samba - Jan 2005 - LDAP unable to add Idmap

Hi,

I'm trying to setup a Samba with ldap backend, I followed tha samba by
example chapter 6, followed the instcution in the book, and when it says to
add an idmap data container, LDAP won't allow me to add the idmap something
like this :

adding new entry "ou=Idmap,dc=test,dc=co,dc=id"
ldapadd: update failed: ou=Idmap,dc=test,dc=co,dc=id
ldap_add: Constraint violation (19)
        additional info: structuralObjectClass: no user modification allowed

and
getent passwd | grep Domain returned :

[root@localhost sbin]# getent passwd | grep Domain
Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false

at first I thought it was ok, to ignore it as the rest of the validation
according to the book went fine, but when I tried net rpc join -U
Administrator%secret it says that the username or password is incorrect, I
can avoid this by adding a new user with 0 UID and then I can join the
domain, but I can't login after I joined the domain, "Domain is not
available" or something, can anyone help me with this, I even tried
reinstalling everything from scratch ( format the hardrive) this is the 3rd
time already, and I don't know what else I'm missing, Please help me


thx

Adi

Anyone please ?? really needs help here, if anyone needs to see the log or
anything just let me know.

----- Original Message -----
From: "Adi Nugraha" <adi@westindo.co.id>
To: <samba@samba.org>
Sent: Tuesday, January 11, 2005 4:49 PM
Subject: [Samba] LDAP unable to add Idmap

> Hi,
>
> I'm trying to setup a Samba with ldap backend, I followed tha samba by
> example chapter 6, followed the instcution in the book, and when it says
to
> add an idmap data container, LDAP won't allow me to add the idmap
something
> like this :
>
> adding new entry "ou=Idmap,dc=test,dc=co,dc=id"
> ldapadd: update failed: ou=Idmap,dc=test,dc=co,dc=id
> ldap_add: Constraint violation (19)
>         additional info: structuralObjectClass: no user modification
allowed
>
> and
> getent passwd | grep Domain returned :
>
> [root@localhost sbin]# getent passwd | grep Domain
> Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false
>
> at first I thought it was ok, to ignore it as the rest of the validation
> according to the book went fine, but when I tried net rpc join -U
> Administrator%secret it says that the username or password is incorrect, I
> can avoid this by adding a new user with 0 UID and then I can join the
> domain, but I can't login after I joined the domain, "Domain is
not
> available" or something, can anyone help me with this, I even tried
> reinstalling everything from scratch ( format the hardrive) this is the
3rd
> time already, and I don't know what else I'm missing, Please help
me
>
>
> thx
>
> Adi
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match,
one was group and the other was groups, any way my problem now is I can't
login to the domain after succesfully joining the domain from a W2K
workstation, "Domain not available", should I user another subject for
this
problem,


----- Original Message -----
From: "Jim C." <jcllings@gmail.com>
To: "Adi Nugraha" <adi@westindo.co.id>
Sent: Thursday, January 13, 2005 12:33 AM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I Just noticed that the smbldap-tools didn't fill in the groups
accounts in
| the linux group file, any idea why this is ??

You mean the smbldap-populate script?  My guess is that either the LDAP
acls prevented it or the setting in smbldap_conf.pm for groups was
wrong. I had a lot of trouble with this because I kept using ou=oup or
ou=oup rather than ou=oups.  The setting must be exactly the same
everywhere our there will be trouble.

Jim C.

P.S. Just out of curiosity why are you using SCO Unix if you don't mind
my asking?
- --
- -----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---------------------------------------------------------------|
| Y!: j_c_llings            Jabber: jcllings @ njs.netlab.cz |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC
Mlb80tpMBqtBoP5D4wQDtao?q2
-----END PGP SIGNATURE-----

the workstation is there, I don't think it's from the user / machine
accounts though, when I tried smbclint -L localhost -U% it returns :

Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

I don't really understand why, before when I setup a PDC with tdbsam backend
this never happened to me
Everything worked great, now........


----- Original Message -----
From: "Fiordilino, Rudy" <RFiordilino@TALK.COM>
To: "Adi Nugraha" <adi@westindo.co.id>
Sent: Thursday, January 13, 2005 10:17 AM
Subject: RE: [Samba] Re: LDAP unable to add Idmap


Adi,

I would check to see that there is an entry for the w2k workstation in
/etc/password. I had a similar issue during a migration.

Cheers,

Rudy

-----Original Message-----
From: Adi Nugraha [mailto:adi@westindo.co.id]
Sent: Wednesday, January 12, 2005 9:57 PM
To: Jim C.
Cc: samba@samba.org
Subject: Re: [Samba] Re: LDAP unable to add Idmap

thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't match,
one was group and the other was groups, any way my problem now is I can't
login to the domain after succesfully joining the domain from a W2K
workstation, "Domain not available", should I user another subject for
this
problem,


----- Original Message -----
From: "Jim C." <jcllings@gmail.com>
To: "Adi Nugraha" <adi@westindo.co.id>
Sent: Thursday, January 13, 2005 12:33 AM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I Just noticed that the smbldap-tools didn't fill in the groups
accounts in
| the linux group file, any idea why this is ??

You mean the smbldap-populate script?  My guess is that either the LDAP
acls prevented it or the setting in smbldap_conf.pm for groups was
wrong. I had a lot of trouble with this because I kept using ou=oup or
ou=oup rather than ou=oups.  The setting must be exactly the same
everywhere our there will be trouble.

Jim C.

P.S. Just out of curiosity why are you using SCO Unix if you don't mind
my asking?
- --
- -----------------------------------------------------------------
| I can be reached on the following Instant Messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---------------------------------------------------------------|
| Y!: j_c_llings            Jabber: jcllings @ njs.netlab.cz |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5V9P57L0B7uXm9oRAhkmAJ9Pk0WnhJAeIjfuySxj37yExBTw/wCePbEC
Mlb80tpMBqtBoP5D4wQDtao?q2
-----END PGP SIGNATURE-----


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

What is SCO unix ?? I'm kinda new to Linux and I don't really understand
it,
what is nmap ?? how do I use it ?? sorry if it's a dumb question, I
don't
think I have a problem with a firewall, as I never set any firewall

----- Original Message -----
From: "Jim C." <jcllings@gmail.com>
To: "Adi Nugraha" <adi@westindo.co.id>
Sent: Thursday, January 13, 2005 4:01 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> | thanks, just noticed it, my ldap.conf and smbldap_conf confgig didn't
> match,
> | one was group and the other was groups, any way my problem now is I
can't
> | login to the domain after succesfully joining the domain from a W2K
> | workstation, "Domain not available", should I user another
subject for
> this
> | problem,
>
> Definately.
>
> Check your ports and make sure you have your firewalls down.
> nmap is a good tool for checking this.
>
> You never answered my question about why you are using SCO Unix.  I
> assume it has something to do with vendor lock-in or some such?
>
> Jim C.
> - --
> - -----------------------------------------------------------------
> | I can be reached on the following Instant Messenger services: |
> |---------------------------------------------------------------|
> | MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
> |---------------------------------------------------------------|
> | Y!: j_c_llings            Jabber: jcllings @ njs.netlab.cz |
> - -----------------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFB5jjvB4AhF6wVFMERAvghAKDBMj0yzefbjsjrW/8SS7D+sxTCJACfT/VP
> +zuL5qAjLuV0LbRULENZMTs> =rPHX
> -----END PGP SIGNATURE-----
>