samba - Mar 2006 - Samba 3 by Example - chapter 5 & 6 ( Manager ->sambaadmin)

Well I am glad that there has been alot of input on this topic, alot of 
people are having different opinions but that is because we are not focusing 
with the problem at hand.

The documentation provides full details on how to get samba + ldap working 
from scratch; but there seems to be a gap between chapter 5 & 6;

Once again I will say I love this book; by far the best technical reference 
manaual available for samba and highly recommend it.

Chapter 6, is it assumeing we are starting fresh here, because the ldap 
database is placed in a different directory to what was in chapter 5 
slapd.conf?

Questions;

1. If it is assumeing that we are starting from scratch; all configuration 
files are to that of the documentation - why will the database not populate 
with the smbldap-tools using sambaadmin?

2. If I change sambaadmin to Manager all works fine; is there anything wrong 
with doing this.

3. I am not interested in learning ldap and its complexities, otherwise I 
would not have bothered using ldap, samba 3 by example provides simple steps 
- however this step I am stuck with.

4. A solution ?

For over a year now I have worked around this by using Manager in place of 
sambaadmin - but it is time for me to get to the bottom of this so I can 
start with another problem and  move on to testing samba4.

All your help and time is greatly appreciated.


Thanks.
Adrian.

>From: "adrian sender" <adrian_au1@hotmail.com>
>To: dot@linagora.com
>CC: samba@lists.samba.org
>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager 
>->sambaadmin)
>Date: Fri, 03 Mar 2006 11:49:25 +1100
>I have this in my slap.conf as per the docs;
>
>
>access to attrs=sambaLMPassword,sambaNTPassword
>           by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>           by * none
>
>Should that work?
>
>
>>From: "Yanick Durant" <dot@linagora.com>
>>To: "adrian sender" <adrian_au1@hotmail.com>
>>CC: samba@lists.samba.org
>>Subject: Re: [Samba] Samba 3 by Example - chapter 5 & 6 ( Manager
->
>>sambaadmin)
>>Date: Thu, 2 Mar 2006 09:49:19 +0100 (CET)
>>
>>You need to give enough rights to your "sambaadmin" to allow
him to write
>>to the ldap repository for adding users, and updating information.
>>
>>Ie :
>>
>>This kind of access rule inside your slapd.conf these line need to be
>>after the database tag in the config file.
>>This will also allow user to change their password
>>
>>access to attr=userPassword,sambaLMPassword,sambaNTPassword
>>	by self write
>>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>>	by anonymous auth
>>	by * none
>>
>># The admin dn has full write access
>>access to *
>>	by self write
>>	by dn="cn=Manager,dc=tinistuff,dc=com" write
>>	by dn="cn=sambaadmin,dc=tinistuff,dc=com" write
>>	by * read
>>
>>Regards,
>>
>>Yanick Durant
>>
>>
>> > I will try to explain my situtation a little better so other can
>> > understand.
>> >
>> > I am sticking to the documentation, (samba 3 by example by jht) 
>>excellent
>> > book!;
>> >
>> > So here is where I am at;
>> >
>> > I have configured my smb.conf; slapd.conf, ldap.conf, nssldap.conf
as
>>per
>> > the documentation chapter 6.
>> >
>> > I do have a bdc; however there is no relivence to that as I am
only
>> > working
>> > on the PDC at the time;
>> >
>> > I have these commented out in the slapd.conf for the moment.
>> >
>> > #replica     host=192.168.0.3:389
>> > #            suffix="dc=tinistuff,dc=com"
>> > #            binddn="cn=updateuser,dc=tinistuff,dc=com"
>> > #            bindmethod=simple credentials=123456
>> >
>> > #replogfile  /var/lib/ldap/replogfile
>> >
>> >
>> > This is my smb.conf as per chapter 6;
>> > ***Note we are using "sambaadmin" and not
"Manager" as in Chapter 5***
>> >
>> > ldap admin dn = cn=sambaadmin,dc=tinistuff,dc=com
>> >
>> > [root@node1 sbin]# smbpasswd -w 123456
>> > Setting stored password for
"cn=sambaadmin,dc=tinistuff,dc=com" in
>> > secrets.tdb
>> >
>> > Does this look right so far; I am now going to configure
smbldaptools
>>as
>> > per
>> > the documentation; In chapter 5 (./configure)
>> >
>> > Ok, now we take a look at this -
>> > [root@node1 sbin]# cat
/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>> >
>> > ############################
>> > # Credential Configuration #
>> > ############################
>> > # Notes: you can specify two differents configuration if you use a
>> > # master ldap for writing access and a slave ldap server for
reading
>> > access
>> > # By default, we will use the same DN (so it will work for
standard
>>Samba
>> > # release)
>> > slaveDN="cn=sambaadmin,dc=tinistuff,dc=com"
>> > slavePw="123456"
>> > masterDN="cn=sambaadmin,dc=tinistuff,dc=com"
>> > masterPw="123456"
>> >
>> >
>> > Time to populate the ldap DB.
>> > [root@node1 sbin]# ./smbldap-populate -a root -k 0 -m 0
>> >
>> > This does not work because it cannot bind as
"sambaadmin"
>> >
>> > If I change my smbldap_bind to Manager, I can populate the DB.
>> >
>> > root@node1 sbin]# cat
/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
>> >
>> > ############################
>> > # Credential Configuration #
>> > ############################
>> > # Notes: you can specify two differents configuration if you use a
>> > # master ldap for writing access and a slave ldap server for
reading
>> > access
>> > # By default, we will use the same DN (so it will work for
standard
>>Samba
>> > # release)
>> > slaveDN="cn=Manager,dc=tinistuff,dc=com"
>> > slavePw="123456"
>> > masterDN="cn=Manager,dc=tinistuff,dc=com"
>> > masterPw="123456"
>> >
>> > Now it populates fine.
>> >
>> > Is this a fault on my behalf, or is there something wrong with
>> > "sambaadmin"
>> > in the config files?
>> >
>> > PS - please forgive any spelling errors.
>> >
>> > Kind Regards,
>> > Adrian Sender.
>> >

On Sat, 2006-03-04 at 00:25 +1100, adrian sender wrote:
> Well I am glad that there has been alot of input on this topic, alot of 
> people are having different opinions but that is because we are not
focusing
> with the problem at hand.
> 
> The documentation provides full details on how to get samba + ldap working 
> from scratch; but there seems to be a gap between chapter 5 & 6;
> 
> Once again I will say I love this book; by far the best technical reference
> manaual available for samba and highly recommend it.
> 
> Chapter 6, is it assumeing we are starting fresh here, because the ldap 
> database is placed in a different directory to what was in chapter 5 
> slapd.conf?
> 
> Questions;
> 
> 1. If it is assumeing that we are starting from scratch; all configuration 
> files are to that of the documentation - why will the database not populate
> with the smbldap-tools using sambaadmin?
> 
> 2. If I change sambaadmin to Manager all works fine; is there anything
wrong
> with doing this.
> 
> 3. I am not interested in learning ldap and its complexities, otherwise I 
> would not have bothered using ldap, samba 3 by example provides simple
steps
> - however this step I am stuck with.
> 
> 4. A solution ?
> 
> For over a year now I have worked around this by using Manager in place of 
> sambaadmin - but it is time for me to get to the bottom of this so I can 
> start with another problem and  move on to testing samba4.
> 
> All your help and time is greatly appreciated.
----
the reason you can't get past it is inherent in your 'question 3'
which
of course isn't a question at all.

If you aren't interested in learning LDAP - don't use it. Perhaps with
Samba 4, you can use LDAP without knowing a thing about it much as you
can in a Windows AD but definitely not Samba 3 and OpenLDAP - there is
no close my eyes and hope it works scenario that is going to work
because the worst thing you can ever do is get lucky and make it work
and then depend upon it to work because it will break and you won't be
able to fix it.

Craig