Glenn Arnold
2006-Apr-23 02:15 UTC
[Samba] User Manger for Domains can not reset user password.
I am running RHES 3.0 with Samba 3.0.22 and Open Ldap 2.1.22 ldapsam and when I use User Manager for Domains and try to change a user password as root or any other Domain Admin account I get the following error: "The following error occurred changing the properties of the user jcampbell. The group name could not be found." When you look at groups under user manager Domain Users is set default group. Any ideas? Thanks -Glenn smb.conf [global] interfaces = eth* netbios name = SERVER workgroup = EXAMPLE server string security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes #passdb backend = tdbsam ldappasswd sync =yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=samba,ou=DSA,dc=example,dc=net #ldap admin dn = cn=Manager,dc=example,dc=net ldap suffix = dc=example,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap ssl = no unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%U logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd -m '%u' delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' logon script = logon.bat logon path logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins server = 10.100.0.10 ldap admin dn = cn=samba,ou=DSA,dc=example,dc=net ldap delete dn = Yes ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=example,dc=net ldap ssl = no ldap user suffix = ou=Users idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = - force printername = Yes [netlogon] path = /smbsrvr/netlogon/scripts write list = Domain, Admins guest ok = Yes browseable = No [homes] comment = Home Directories force group = "Domain Admins" read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.scr/*.zip/.*/testfile/ browseable = No [C$] path = /smbsrvr valid users = "@Domain Admins" force group = "Domain Admins" read only = No create mask = 0770 directory mask = 0770 force directory mode = 0770 veto files = /fnksvc32.exe/testfile/ [tftpboot$] path = /tftpboot valid users = "@Domain Admins" force group = "root" read only = No create mask = 0775 directory mask = 0775 force directory mode = 0775 [Apps] path = /smbsrvr/Apps read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 inherit permissions = Yes veto files = /fnksvc32.exe/testfile/ [Students] path = /smbsrvr/Students force group = hsstudents read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 veto files = /fnksvc32.exe/testfile/ [AdminTools$] path = /smbsrvr/AdminTools read only = No veto files = /fnksvc32.exe/testfile/ [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes default devmode = Yes veto files = /fnksvc32.exe/testfile/ browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = root, "@@Domain Admins" read only = No veto files = /fnksvc32.exe/testfile/ [home$] path = /home valid users = "Domain Admins", +ntadmins, +root, "@MTHS-Domain Admins", @ntadmin, @root write list = +ntadmin, "@MTHS-Domain Admins", @ntadmin, @root force group = "Domain Admins" read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 veto files = /fnksvc32.exe/testfile/ [ezaudit] path = /smbsrvr/ezaudit force group = "Domain Users" read only = No create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 guest ok = Yes browseable = No [HSGUIDANCE] path = /smbsrvr/Guidance read only = No veto files = /fnksvc32.exe/testfile/ [HS PRINCIPAL] path = /smbsrvr/hsprincipal read only = No veto files = /fnksvc32.exe/testfile/ [CIP] path = /smbsrvr/CIP read only = No veto files = /fnksvc32.exe/testfile/ [POISE ISSUES] path = /smbsrvr/Poise Issues read only = No veto files = /fnksvc32.exe/testfile/ [HSDISCIPLINE] path = /smbsrvr/Discipline read only = No veto files = /fnksvc32.exe/testfile/ [YEARBOOK] path = /smbsrvr/yearbook valid users = @hsyearbook force group = hsyearbook read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 veto files = /fnksvc32.exe/testfile/ [MTM] path = /smbsrvr/Apps/Mtm valid users = @hsbuilding, "@Domain Admins" force group = hsbuilding read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [INSTALL] comment = Mt. Healthy Software path = /smbsrvr/Install write list = root, "@Domain Admins" force group = Domain Admins read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 veto files = /fnksvc32.exe/testfile/ [hsstudents] path = /home/hsstudents read only = No veto files = /fnksvc32.exe/testfile/ [hsstaff] path = /home/hsstaff read only = No veto files = /fnksvc32.exe/testfile/ [hsbuilding] path = /home/hsbuilding read only = No veto files = /fnksvc32.exe/testfile/ [staffback$] path = /home/staffback valid users = @hsstaff force group = hsstaff read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 veto files = /fnksvc32.exe/testfile/ ldap.conf HOST 127.0.0.1 BASE dc=example,dc=net rootbinddn cn=nssldap,ou=DSA,dc=example,dc=net nss_base_passwd dc=example,dc=net?sub nss_base_shadow dc=example,dc=net?sub nss_base_group ou=Groups,dc=example,dc=net?one ssl no pam_password md5 slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba3.schema #include /etc/openldap/schema/redhat/autofs.schema #include /etc/openldap/schema/redhat/kerberosobject.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #pidfile //var/run/slapd.pid #argsfile //var/run/slapd.args # Create a replication log in /var/lib/ldap for use by slurpd. #replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend modules: # modulepath /usr/sbin/openldap # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # # The next three lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # rootdn can always write! access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,samba PwdMustChange by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by dn="cn=nssldap,ou=DSA,dc=example,dc=net" write by self write by anonymous auth by * none # some attributes need to be readable anonymously so that 'id user' can answer correctly access to attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,m emberUid,loginshell by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by * read # somme attributes can be writable by users themselves access to attrs=description,telephoneNumber by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by self write by * read # some attributes need to be writable for samba access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime, sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sa mbaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,s ambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,s ambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sa mbaNextUserRid,sambaAlgorithmicRidBase by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by self read by * none # samba need to be able to create the samba domain account access to dn.base="dc=example,dc=net" by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by * none # samba need to be able to create new users account access to dn="ou=Users,dc=example,dc=net" by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by * none # samba need to be able to create new groups account access to dn="ou=Groups,dc=example,dc=net" by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by * none # samba need to be able to create new computers account access to dn="ou=Computers,dc=example,dc=net" by dn="cn=samba,ou=DSA,dc=example,dc=net" write by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write by * none # this can be omitted but we leave it: there could be other branch # in the directory access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=example,dc=net" #suffix "o=My Organization Name,c=US" rootdn "cn=Manager,dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" rootpw {SSHA}rCWryJIyAP66u64ALA6gRREQ7j2bJH0T #rootdn "cn=Manager,o=My Organization Name,c=US" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap #performance mods loglevel 256 sizelimit 100000 cachesize 100000 dbcachesize 30000000 # Indices to maintain index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
Michael Gasch
2006-Apr-30 11:32 UTC
[Samba] User Manger for Domains can not reset user password.
the first thing i did when having trouble with usrmgr 1) reset any client connection (the client from which you connect) to the DC after increasing debug level in smb.conf (10) 2) open usrmgr from client 3) clear log echo "" >log.client 4) try to reset pw 5) view log which result do you get? greez Glenn Arnold wrote:> I am running RHES 3.0 with Samba 3.0.22 and Open Ldap 2.1.22 ldapsam and > when I use User Manager for Domains and try to change a user password as > root or any other Domain Admin account I get the following error: "The > following error occurred changing the properties of the user jcampbell. > The group name could not be found." When you look at groups under user > manager Domain Users is set default group. Any ideas? > > > Thanks > -Glenn > > smb.conf > [global] > interfaces = eth* > netbios name = SERVER > workgroup = EXAMPLE > server string > security = user > os level = 64 > domain master = yes > local master = yes > preferred master = yes > time server = yes > #passdb backend = tdbsam > ldappasswd sync =yes > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=samba,ou=DSA,dc=example,dc=net > #ldap admin dn = cn=Manager,dc=example,dc=net > ldap suffix = dc=example,dc=net > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap ssl = no > unix extensions = yes > encrypt passwords = yes > domain logons = yes > logon script = logon.bat > logon drive = H: > logon home = \\%L\%U > logon path > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > add user script = /usr/local/sbin/smbldap-useradd -m '%u' > delete user script = /usr/local/sbin/smbldap-userdel '%u' > add group script = /usr/local/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/local/sbin/smbldap-groupdel '%g' > add user to group script = /usr/local/sbin/smbldap-groupmod -m > '%u' '%g' > delete user from group script = /usr/local/sbin/smbldap-usermod > -g '%g' '%u' > set primary group script = /usr/local/sbin/smbldap-usermod -g > '%g' '%u' > add machine script = /usr/local/sbin/smbldap-useradd -w '%u' > logon script = logon.bat > logon path > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > wins server = 10.100.0.10 > ldap admin dn = cn=samba,ou=DSA,dc=example,dc=net > ldap delete dn = Yes > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap passwd sync = Yes > ldap suffix = dc=example,dc=net > ldap ssl = no > ldap user suffix = ou=Users > idmap uid = 15000-20000 > idmap gid = 15000-20000 > winbind separator = - > force printername = Yes > > [netlogon] > path = /smbsrvr/netlogon/scripts > write list = Domain, Admins > guest ok = Yes > browseable = No > > [homes] > comment = Home Directories > force group = "Domain Admins" > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files > /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.scr/*.zip/.*/testfile/ > browseable = No > > [C$] > path = /smbsrvr > valid users = "@Domain Admins" > force group = "Domain Admins" > read only = No > create mask = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files = /fnksvc32.exe/testfile/ > > [tftpboot$] > path = /tftpboot > valid users = "@Domain Admins" > force group = "root" > read only = No > create mask = 0775 > directory mask = 0775 > force directory mode = 0775 > > [Apps] > path = /smbsrvr/Apps > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > inherit permissions = Yes > veto files = /fnksvc32.exe/testfile/ > > [Students] > path = /smbsrvr/Students > force group = hsstudents > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files = /fnksvc32.exe/testfile/ > > [AdminTools$] > path = /smbsrvr/AdminTools > read only = No > veto files = /fnksvc32.exe/testfile/ > > [printers] > comment = All Printers > path = /var/spool/samba > guest ok = Yes > printable = Yes > default devmode = Yes > veto files = /fnksvc32.exe/testfile/ > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/drivers > write list = root, "@@Domain Admins" > read only = No > veto files = /fnksvc32.exe/testfile/ > > [home$] > path = /home > valid users = "Domain Admins", +ntadmins, +root, "@MTHS-Domain > Admins", @ntadmin, @root > write list = +ntadmin, "@MTHS-Domain Admins", @ntadmin, @root > force group = "Domain Admins" > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files = /fnksvc32.exe/testfile/ > > [ezaudit] > path = /smbsrvr/ezaudit > force group = "Domain Users" > read only = No > create mask = 0777 > force create mode = 0777 > directory mask = 0777 > force directory mode = 0777 > guest ok = Yes > browseable = No > > [HSGUIDANCE] > path = /smbsrvr/Guidance > read only = No > veto files = /fnksvc32.exe/testfile/ > > [HS PRINCIPAL] > path = /smbsrvr/hsprincipal > read only = No > veto files = /fnksvc32.exe/testfile/ > > [CIP] > path = /smbsrvr/CIP > read only = No > veto files = /fnksvc32.exe/testfile/ > > [POISE ISSUES] > path = /smbsrvr/Poise Issues > read only = No > veto files = /fnksvc32.exe/testfile/ > > [HSDISCIPLINE] > path = /smbsrvr/Discipline > read only = No > veto files = /fnksvc32.exe/testfile/ > > [YEARBOOK] > path = /smbsrvr/yearbook > valid users = @hsyearbook > force group = hsyearbook > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files = /fnksvc32.exe/testfile/ > > [MTM] > path = /smbsrvr/Apps/Mtm > valid users = @hsbuilding, "@Domain Admins" > force group = hsbuilding > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > > [INSTALL] > comment = Mt. Healthy Software > path = /smbsrvr/Install > write list = root, "@Domain Admins" > force group = Domain Admins > read only = No > create mask = 0775 > force create mode = 0775 > directory mask = 0775 > force directory mode = 0775 > veto files = /fnksvc32.exe/testfile/ > > [hsstudents] > path = /home/hsstudents > read only = No > veto files = /fnksvc32.exe/testfile/ > > [hsstaff] > path = /home/hsstaff > read only = No > veto files = /fnksvc32.exe/testfile/ > > [hsbuilding] > path = /home/hsbuilding > read only = No > veto files = /fnksvc32.exe/testfile/ > > [staffback$] > path = /home/staffback > valid users = @hsstaff > force group = hsstaff > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 > veto files = /fnksvc32.exe/testfile/ > > ldap.conf > HOST 127.0.0.1 > BASE dc=example,dc=net > rootbinddn cn=nssldap,ou=DSA,dc=example,dc=net > nss_base_passwd dc=example,dc=net?sub > nss_base_shadow dc=example,dc=net?sub > nss_base_group ou=Groups,dc=example,dc=net?one > > ssl no > > pam_password md5 > > slapd.conf > # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 > 20:00:31 kurt Exp $ > # > # See slapd.conf(5) for details on configuration options. > # This file should NOT be world readable. > # > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/samba3.schema > #include /etc/openldap/schema/redhat/autofs.schema > #include /etc/openldap/schema/redhat/kerberosobject.schema > > # Define global ACLs to disable default read access. > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > #pidfile //var/run/slapd.pid > #argsfile //var/run/slapd.args > # Create a replication log in /var/lib/ldap for use by slurpd. > #replogfile /var/lib/ldap/master-slapd.replog > > # Load dynamic backend modules: > # modulepath /usr/sbin/openldap > # moduleload back_ldap.la > # moduleload back_ldbm.la > # moduleload back_passwd.la > # moduleload back_shell.la > > # > # The next three lines allow use of TLS for connections using a dummy > test > # certificate, but you should generate a proper certificate by changing > to > # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions > on > # slapd.pem so that the ldap user or group can read it. > # TLSCertificateFile /usr/share/ssl/certs/slapd.pem > # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem > # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt > # > # Sample Access Control > # Allow read access of root DSE > # Allow self write access > # Allow authenticated users read access > # rootdn can always write! > access to > attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,samba > PwdMustChange > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by dn="cn=nssldap,ou=DSA,dc=example,dc=net" write > by self write > by anonymous auth > by * none > # some attributes need to be readable anonymously so that 'id user' can > answer correctly > access to > attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,m > emberUid,loginshell > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by * read > # somme attributes can be writable by users themselves > access to attrs=description,telephoneNumber > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by self write > by * read > # some attributes need to be writable for samba > access to > attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime, > sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sa > mbaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,s > ambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,s > ambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sa > mbaNextUserRid,sambaAlgorithmicRidBase > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by self read > by * none > # samba need to be able to create the samba domain account > access to dn.base="dc=example,dc=net" > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by * none > # samba need to be able to create new users account > access to dn="ou=Users,dc=example,dc=net" > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by * none > # samba need to be able to create new groups account > access to dn="ou=Groups,dc=example,dc=net" > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by * none > # samba need to be able to create new computers account > access to dn="ou=Computers,dc=example,dc=net" > by dn="cn=samba,ou=DSA,dc=example,dc=net" write > by dn="cn=smbldap-tools,ou=DSA,dc=example,dc=net" write > by * none > # this can be omitted but we leave it: there could be other branch > # in the directory > access to attrs=userPassword,sambaLMPassword,sambaNTPassword > by self write > by anonymous auth > by * none > access to * > by * read > ####################################################################### > # ldbm database definitions > ####################################################################### > > database ldbm > suffix "dc=example,dc=net" > #suffix "o=My Organization Name,c=US" > rootdn "cn=Manager,dc=example,dc=net" > rootdn "cn=Manager,dc=example,dc=net" > rootpw {SSHA}rCWryJIyAP66u64ALA6gRREQ7j2bJH0T > #rootdn "cn=Manager,o=My Organization Name,c=US" > # Cleartext passwords, especially for the rootdn, should > # be avoided. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > # rootpw secret > # rootpw {crypt}ijFYNcSNctBYg > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd/tools. Mode 700 recommended. > directory /var/lib/ldap > > #performance mods > loglevel 256 > sizelimit 100000 > cachesize 100000 > dbcachesize 30000000 > > # Indices to maintain > index objectClass,uidNumber,gidNumber eq > index cn,sn,uid,displayName pres,sub,eq > index memberUid,mail,givenname eq,subinitial > index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq >-- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399
Apparently Analagous Threads
- Samba 3.0.5 pre1 cannot ad windows xp machine to domain
- Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
- smbldap_search_suffix: Problem during the LDAP search
- Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-)
- Setting up Pointing and Click Printing through APW on Win2k Machine