Hi All,
I am going through a setup of a test samba3 box with rh9 with my self rolled
copy of 3.0.10. I have removed the old rpm version of samba. I compiled
3.0.10 with all defaults except for the install prefix which I set
to /usr/local/samba3.
I followed the steps given in Chap 6 - making users happy in the online html
version.
I changed a few things. Instead of MASSIVE as the PDC name I used ROSSMOULD
and also changed the abmas to rossmould in all the ldap configs.
I also left off most of the shares so the my smb.conf file looks thusly
--------------------------------------
[global]
unix charset = LOCALE
workgroup = ROSSMOULD
netbios name = ROSSPDC
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://rosspdc.rossmould.biz
username map = /usr/local/samba3/private/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -m
'%u'
'%g'
delete user from group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -x
'%u' '%g'
set primary group script = /var/lib/samba/sbin/ smbldap-usermod.pl -g
'%g'
'%u'
add machine script = /var/lib/samba/sbin/ smbldap-useradd.pl -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=rossmould,dc=biz
ldap machine suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=rossmould,dc=biz
idmap backend = ldap:ldap://rosspdc.rossmould.biz
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
printer admin = Administrator, sreynolds
# The shares
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /home/profiles
read only = No
profile acls = Yes
[profdata]
comment = Profile Data Share
path = /home/profdata
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /home/drivers
browseable = yes
guest ok = no
read only = yes
write list = Administrator, sreynolds
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
--------------------------------------
I have found the following inconsistencies.
First one was in Samba-3 PDC Configuration section 2
root# testparm -s > test.conf
The $IPC share does not display which I assumed to be correct
Section 5 is also problematic.
root# smbclient -L localhost -U%
Times out and if the smbd log is checked it falls over in trying to have
chatties with the ldap server which is needless to say not running.
Ofcourse the net command fails as well.
I then plodded on and did the config of the ldap server and got it up and
running. This is in LDAP Initialization and Creation of User and Group
Accounts section 1. I used service ldap start - being redhatish
I then reran the sbclient -L massive -U% command,
Worked as advertised.
I could then run the net command to get the SID anf put it
into /var/lib/samba/sbin/smbldap_conf.pm
I used the IdealX scripts that came with the 3.0.10 source and compiled
mkntpwd just fine.
Next problem cropped up in adding the users with
root# ./smbldap-populate.pl.
First crash was missing cpan module Net::LDAP so no probs just configured cpan
and loaded it!
Now the perl script ran but barfed at
adding new entry: ou=People,dc=rossmould,dc=biz
failed to add entry: Already exists at ./smbldap-populate.pl line 323,
<GEN1>
line 5.
The script had already added People and Groups ou's and then went on the add
the Administrators ou after the error
(Rather confusing to have this list say that having computers in their own ou
works but a big warning in the the e-book say it does not work!)
Be that as it may i then pressed on to checking the ldap database for per
section 5 after ldap was stopped and started.
root# slapcat | grep -i idmap gave no output so idmap does not exist in the
database.
Then followed the instructions to create and ldif with the required ou for
idmap but when I tried to run
ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get
< /etc/openldap/idmap.LDIF
(All one line!)
I got back
ldap_add: Constraint violation
additional info: structuralObjectClass: no user modification allowed
ldif_record() = 19
I'm rather new to ldap and other than playing around with some basic
settings
and adding and changing records with ldapadd and ldapmodify and ldif files
and then searching the database I've not done anything else.
I could go and set slapd to debug but I'd hate to reinvent the wheel if I
can!
One added point I used just about all cut 'n paste from the html pages to
the
various config files. Even used cut 'n paste to select them! Found a few
problems in the long lines in the smb.conf parts but vi's j phixed that!
Please help!
Cheers
Ang
--
Angela Williams Enterprise Outsourcing
SCO Unix/Linux & Cisco spoken here! Bedfordview
awilliams@eoh.co.za Gauteng South Africa
Smile!! Jesus Loves You!!
On Thursday 13 January 2005 09:43, Angela Williams wrote:> Hi All, > I am going through a setup of a test samba3 box with rh9 with my self > rolled copy of 3.0.10. I have removed the old rpm version of samba. I > compiled 3.0.10 with all defaults except for the install prefix which I set > to /usr/local/samba3.Update your smbldap-tools to the latest version from www.idealx.org. Samba-3.0.10 is NOT compatible with version 0.8.2 that is included with the book. You should be using version 0.8.5.3. Also, with this version do not include the '.pl' part of the filename in the smb.conf file. That has changed since 0.8.2.> > I followed the steps given in Chap 6 - making users happy in the online > html version. > I changed a few things. Instead of MASSIVE as the PDC name I used > ROSSMOULD and also changed the abmas to rossmould in all the ldap configs. > I also left off most of the shares so the my smb.conf file looks thusly > > -------------------------------------- > [global] > unix charset = LOCALE > workgroup = ROSSMOULD > netbios name = ROSSPDC > interfaces = eth0, lo > bind interfaces only = Yes > passdb backend = ldapsam:ldap://rosspdc.rossmould.biz > username map = /usr/local/samba3/private/smbusers > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 50 > smb ports = 139 445 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > show add printer wizard = No > add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' > delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' > add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' > delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' > add user to group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -m '%u' > '%g' > delete user from group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -x > '%u' '%g' > set primary group script = /var/lib/samba/sbin/ smbldap-usermod.pl -g '%g' > '%u' > add machine script = /var/lib/samba/sbin/ smbldap-useradd.pl -w '%u' > logon script = scripts\logon.bat > logon path = \\%L\profiles\%U > logon drive = X: > domain logons = Yes > preferred master = Yes > wins support = Yes > ldap suffix = dc=rossmould,dc=biz > ldap machine suffix = ou=People > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=rossmould,dc=biz > idmap backend = ldap:ldap://rosspdc.rossmould.biz > idmap uid = 10000-20000 > idmap gid = 10000-20000 > map acl inherit = Yes > printing = cups > printer admin = Administrator, sreynolds > > # The shares > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = Yes > locking = No > > [profiles] > comment = Profile Share > path = /home/profiles > read only = No > profile acls = Yes > > [profdata] > comment = Profile Data Share > path = /home/profdata > read only = No > profile acls = Yes > > [print$] > comment = Printer Drivers > path = /home/drivers > browseable = yes > guest ok = no > read only = yes > write list = Administrator, sreynolds > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > [printers] > comment = SMB Print Spool > path = /var/spool/samba > guest ok = Yes > printable = Yes > browseable = No > > -------------------------------------- > > I have found the following inconsistencies. > > First one was in Samba-3 PDC Configuration section 2 > root# testparm -s > test.conf > > The $IPC share does not display which I assumed to be correctDo NOT include a service definition in your smb.conf file for [IPC$]. It is not needed.> > Section 5 is also problematic. > > root# smbclient -L localhost -U% > Times out and if the smbd log is checked it falls over in trying to have > chatties with the ldap server which is needless to say not running. > Ofcourse the net command fails as well. > > I then plodded on and did the config of the ldap server and got it up and > running. This is in LDAP Initialization and Creation of User and Group > Accounts section 1. I used service ldap start - being redhatish > > I then reran the sbclient -L massive -U% command, > Worked as advertised. > I could then run the net command to get the SID anf put it > into /var/lib/samba/sbin/smbldap_conf.pm > I used the IdealX scripts that came with the 3.0.10 source and compiled > mkntpwd just fine.Please do NOT use the Idealx scripts that come with Samba 3.0.10 - please obtain a fresh current version from Idealx.Org.> > Next problem cropped up in adding the users with > root# ./smbldap-populate.pl. > First crash was missing cpan module Net::LDAP so no probs just configured > cpan and loaded it! > Now the perl script ran but barfed at > adding new entry: ou=People,dc=rossmould,dc=biz > failed to add entry: Already exists at ./smbldap-populate.pl line 323, > <GEN1> line 5.Yes. That is expected since both Computer accounts and User accounts will be in ou=People.> > The script had already added People and Groups ou's and then went on the > add the Administrators ou after the error > > (Rather confusing to have this list say that having computers in their own > ou works but a big warning in the the e-book say it does not work!)This has been discussed ad nauseum on this list. Suggest you go back over the history of this discussion thread in the archives.> > Be that as it may i then pressed on to checking the ldap database for per > section 5 after ldap was stopped and started. > root# slapcat | grep -i idmap gave no output so idmap does not exist in > the database.This is solved with the new Idealx smbldap-tool scripts.> Then followed the instructions to create and ldif with the required ou for > idmap but when I tried to run > ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get > < /etc/openldap/idmap.LDIF > (All one line!) > I got back > ldap_add: Constraint violation > additional info: structuralObjectClass: no user modification > allowedKnown issues. See above comment for solution.> > ldif_record() = 19 > > I'm rather new to ldap and other than playing around with some basic > settings and adding and changing records with ldapadd and ldapmodify and > ldif files and then searching the database I've not done anything else. > > I could go and set slapd to debug but I'd hate to reinvent the wheel if I > can! > > One added point I used just about all cut 'n paste from the html pages to > the various config files. Even used cut 'n paste to select them! Found a > few problems in the long lines in the smb.conf parts but vi's j phixed > that! > > Please help!I am trying to do that. :) Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
Hi All,
I am going through a setup of a test samba3 box with rh9 with my self rolled
copy of 3.0.10. I have removed the old rpm version of samba. I compiled
3.0.10 with all defaults except for the install prefix which I set
to /usr/local/samba3.
I followed the steps given in Chap 6 - making users happy in the online html
version.
I changed a few things. Instead of MASSIVE as the PDC name I used ROSSMOULD
and also changed the abmas to rossmould in all the ldap configs.
I also left off most of the shares so the my smb.conf file looks thusly
--------------------------------------
[global]
unix charset = LOCALE
workgroup = ROSSMOULD
netbios name = ROSSPDC
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://rosspdc.rossmould.biz
username map = /usr/local/samba3/private/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -m
'%u'
'%g'
delete user from group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -x
'%u' '%g'
set primary group script = /var/lib/samba/sbin/ smbldap-usermod.pl -g
'%g'
'%u'
add machine script = /var/lib/samba/sbin/ smbldap-useradd.pl -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=rossmould,dc=biz
ldap machine suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=rossmould,dc=biz
idmap backend = ldap:ldap://rosspdc.rossmould.biz
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
printer admin = Administrator, sreynolds
# The shares
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /home/profiles
read only = No
profile acls = Yes
[profdata]
comment = Profile Data Share
path = /home/profdata
read only = No
profile acls = Yes
[print$]
comment = Printer Drivers
path = /home/drivers
browseable = yes
guest ok = no
read only = yes
write list = Administrator, sreynolds
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
--------------------------------------
I have found the following inconsistencies.
First one was in Samba-3 PDC Configuration section 2
root# testparm -s > test.conf
The $IPC share does not display which I assumed to be correct
Section 5 is also problematic.
root# smbclient -L localhost -U%
Times out and if the smbd log is checked it falls over in trying to have
chatties with the ldap server which is needless to say not running.
Ofcourse the net command fails as well.
I then plodded on and did the config of the ldap server and got it up and
running. This is in LDAP Initialization and Creation of User and Group
Accounts section 1. I used service ldap start - being redhatish
I then reran the sbclient -L massive -U% command,
Worked as advertised.
I could then run the net command to get the SID anf put it
into /var/lib/samba/sbin/smbldap_conf.pm
I used the IdealX scripts that came with the 3.0.10 source and compiled
mkntpwd just fine.
Next problem cropped up in adding the users with
root# ./smbldap-populate.pl.
First crash was missing cpan module Net::LDAP so no probs just configured cpan
and loaded it!
Now the perl script ran but barfed at
adding new entry: ou=People,dc=rossmould,dc=biz
failed to add entry: Already exists at ./smbldap-populate.pl line 323,
<GEN1>
line 5.
The script had already added People and Groups ou's and then went on the add
the Administrators ou after the error
(Rather confusing to have this list say that having computers in their own ou
works but a big warning in the the e-book say it does not work!)
Be that as it may i then pressed on to checking the ldap database for per
section 5 after ldap was stopped and started.
root# slapcat | grep -i idmap gave no output so idmap does not exist in the
database.
Then followed the instructions to create and ldif with the required ou for
idmap but when I tried to run
ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get
< /etc/openldap/idmap.LDIF
(All one line!)
I got back
ldap_add: Constraint violation
additional info: structuralObjectClass: no user modification allowed
ldif_record() = 19
I'm rather new to ldap and other than playing around with some basic
settings
and adding and changing records with ldapadd and ldapmodify and ldif files
and then searching the database I've not done anything else.
I could go and set slapd to debug but I'd hate to reinvent the wheel if I
can!
One added point I used just about all cut 'n paste from the html pages to
the
various config files. Even used cut 'n paste to select them! Found a few
problems in the long lines in the smb.conf parts but vi's j phixed that!
Please help!
Cheers
Ang
--
Angela Williams Enterprise Outsourcing
SCO Unix/Linux & Cisco spoken here! Bedfordview
awilliams@eoh.co.za Gauteng South Africa
> -----Original Message----- > From: samba-bounces+guus-leeuw=gmx.de@lists.samba.org [mailto:samba- > bounces+guus-leeuw=gmx.de@lists.samba.org] On Behalf Of Angela Williams > Sent: lundi 17 janvier 2005 17:34 > To: samba@lists.samba.org > Subject: [Samba] Samba3 by example problems[snipped]> > Be that as it may i then pressed on to checking the ldap database for per > section 5 after ldap was stopped and started. > root# slapcat | grep -i idmap gave no output so idmap does not exist in > the > database. > Then followed the instructions to create and ldif with the required ou for > idmap but when I tried to run > ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get > < /etc/openldap/idmap.LDIF > (All one line!) > I got back > ldap_add: Constraint violation > additional info: structuralObjectClass: no user modification > allowedThis is correct behaviour of (Open)LDAP ;) The samba-docs is wrong here, though.>From the website:dn: ou=Idmap,dc=abmas,dc=biz objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit Remove the last line (structural...Unit) and rerun the ldapadd. That should be it. John, Could you pls update accordingly? ;) TIA Guus -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005