Andreas Krupp
2012-Nov-20 18:12 UTC
[Samba] MS Sharepoint 2010 configuration fails with Samba/Openldap PDC
Hello,
I hope this is the right mailing list for troubleshooting.
My environment is:
-CentOs 6.3 x64
-Samba as PDC
-OpenLdap
-Bind
I followed this very nice tutorial to set-up the environment as PDC:
http://www.server-world.info/en/note?os=CentOS_6
<http://www.server-world.info/en/note?os=CentOS_6&p=samba&f=4>
&p=samba&f=4
And actually almost everything is working. I can add Windows Server 2008 R2
to the domain, use users and service accounts from samba/ldap and e.g. run
SQL Server over such a service account.
However, my Sharepoint 2010 Configuration Wizard fails every time I am
trying to configure Sharepoint. The normal resolution for this problem is to
do the installation while the Sharepoint Server is connected to the Domain.
In my case, I am connected to the domain but it does not work. The error
message from sharepoint is:
Exception: System.ArgumentException: Specified value is not supported for
the {0} parameter.
at
Microsoft.SharePoint.Utilities.SPUserUtility.GetDomainControllerToSearch(SPW
ebApplication webApp, String domainName)
at
Microsoft.SharePoint.Utilities.SPUtility.GetDomainAndPropColl(SPWebApplicati
on webApplicaiton, String loginName, String[]& resolveUserAdProperties,
SPActiveDirectoryDomain& gcPath, ResultPropertyCollection& propcol)
at
Microsoft.SharePoint.Utilities.SPUtility.GetUserPropertiesFromAD(SPWebApplic
ation webApplicaiton, String loginName, String[]& origUserAdProperties)
at
Microsoft.SharePoint.Utilities.SPUtility.GetUserPropertyFromAD(SPWebApplicat
ion webApplicaiton, String loginName, String propertyName)
at
Microsoft.SharePoint.Administration.SPManagedAccount.GetUserAccountControl(S
tring username)
at Microsoft.SharePoint.Administration.SPManagedAccount.Update()
at Microsoft.SharePoint.Administration.SPProcessIdentity.Update()
at Microsoft.SharePoint.Administration.SPApplicationPool.Update()
at
Microsoft.SharePoint.Administration.SPWebApplication.CreateDefaultInstance(S
PWebService service, Guid id, String applicationPoolId, SPProcessAccount
processAccount, String iisServerComment, Boolean secureSocketsLayer, String
iisHostHeader, Int32 iisPort, Boolean iisAllowAnonymous, DirectoryInfo
iisRootDirectory, Uri defaultZoneUri, Boolean iisEnsureNTLM, Boolean
createDatabase, String databaseServer, String databaseName, String
databaseUsername, String databasePassword, SPSearchServiceInstance
searchServiceInstance, Boolean autoActivateFeatures)
at
Microsoft.SharePoint.Administration.SPWebApplication.CreateDefaultInstance(S
PWebService service, Guid id, String applicationPoolId, IdentityType
identityType, String applicationPoolUsername, SecureString
applicationPoolPassword, String iisServerComment, Boolean
secureSocketsLayer, String iisHostHeader, Int32 iisPort, Boolean
iisAllowAnonymous, DirectoryInfo iisRootDirectory, Uri defaultZoneUri,
Boolean iisEnsureNTLM, Boolean createDatabase, String databaseServer, String
databaseName, String databaseUsername, String databasePassword,
SPSearchServiceInstance searchServiceInstance, Boolean autoActivateFeatures)
at
Microsoft.SharePoint.Administration.SPAdministrationWebApplication.CreateDef
aultInstance(SqlConnectionStringBuilder administrationContentDatabase,
SPWebService adminService, IdentityType identityType, String farmUser,
SecureString farmPassword)
at
Microsoft.SharePoint.Administration.SPFarm.CreateAdministrationWebService(Sq
lConnectionStringBuilder administrationContentDatabase, IdentityType
identityType, String farmUser, SecureString farmPassword)
at
Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnection
StringBuilder administrationContentDatabase, IdentityType identityType,
String farmUser, SecureString farmPassword)
at
Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder
configurationDatabase, SqlConnectionStringBuilder
administrationContentDatabase, IdentityType identityType, String farmUser,
SecureString farmPassword, SecureString masterPassphrase)
at
Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder
configurationDatabase, SqlConnectionStringBuilder
administrationContentDatabase, String farmUser, SecureString farmPassword,
SecureString masterPassphrase)
at
Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Create
OrConnectConfigDb()
at
Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
The ".GetDomainControllerToSearch" function that does not get the
right
result made me dig into the LDAP requests that the Sharepoint Installation
is sending to the PDC. And I could isolate a couple of requests with 0
results that I thought were causing the trouble.
After I added the group "Domain Controllers" to the LDAP, added the
PDC to
that group and made several DNS modification to match those of a Windows
PDC. I still cannot get rid of the error. So here are the remaining LDAP
queries without response:
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s
-1-5-21-2966583388-1241265182-3898909196-1004)(sambaSIDList=s-1-5-21-2966583
388-1241265182-3898909196-515)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(s
ambaSIDList=s-1-5-11)))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=s
-1-5-21-2966583388-1241265182-3898909196-1005)(sambaSIDList=s-1-5-21-2966583
388-1241265182-3898909196-515)(sambaSIDList=s-1-1-0)(sambaSIDList=s-1-5-2)(s
ambaSIDList=s-1-5-11)))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-1-0))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-11))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-2))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-32-545))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-3001)(objectCl
ass=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-3001)(objectCl
ass=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-515)(objectCla
ss=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-515)(objectCla
ss=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-515)(objectCla
ss=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-515)(objectCla
ss=sambaSamAccount))"
SRCH base="sambaDomainName=MAKAMAKA,dc=makamaka,dc=home" scope=2
deref=0
filter="(objectClass=sambaTrustedDomainPassword)"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-3001)(objectCl
ass=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-3001)(objectCl
ass=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-513)(objectCla
ss=sambaSamAccount))"
SRCH base="dc=makamaka,dc=home" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-2966583388-1241265182-3898909196-513)(objectCla
ss=sambaSamAccount))"
The following search caught my eye because it had something to do with the
Domain itself:
SRCH base="sambaDomainName=MAKAMAKA,dc=makamaka,dc=home" scope=2
deref=0
filter="(objectClass=sambaTrustedDomainPassword)"
Now I tried to add to my domain manually the objectClass
"sambaTrustedDomainPassword" but nothing will do. I cannot get the
LDIF or
command that will do it and could not find any other solutions.
Would anybody have a clue on what could be wrong. or how I could add the
"sambaTrustedDomainPassword" objectclass to my domain entry? I am
trying to
go step by step here, but if anybody has come across this problem, help
would be most appreciated!!!!
Cheers & best,
Andreas
Andrew Bartlett
2012-Nov-20 21:49 UTC
[Samba] MS Sharepoint 2010 configuration fails with Samba/Openldap PDC
On Tue, 2012-11-20 at 19:12 +0100, Andreas Krupp wrote:> Hello, > > > > I hope this is the right mailing list for troubleshooting. > > > > My environment is: > > -CentOs 6.3 x64 > > -Samba as PDC > > -OpenLdap > > -Bind > > > > I followed this very nice tutorial to set-up the environment as PDC: > http://www.server-world.info/en/note?os=CentOS_6 > <http://www.server-world.info/en/note?os=CentOS_6&p=samba&f=4> &p=samba&f=4 > > And actually almost everything is working. I can add Windows Server 2008 R2 > to the domain, use users and service accounts from samba/ldap and e.g. run > SQL Server over such a service account. > > > > However, my Sharepoint 2010 Configuration Wizard fails every time I am > trying to configure Sharepoint. The normal resolution for this problem is to > do the installation while the Sharepoint Server is connected to the Domain. > In my case, I am connected to the domain but it does not work. The error > message from sharepoint is:> > The ".GetDomainControllerToSearch" function that does not get the right > result made me dig into the LDAP requests that the Sharepoint Installation > is sending to the PDC. And I could isolate a couple of requests with 0 > results that I thought were causing the trouble. > > > > After I added the group "Domain Controllers" to the LDAP, added the PDC to > that group and made several DNS modification to match those of a Windows > PDC. I still cannot get rid of the error. So here are the remaining LDAP > queries without response:If sharepoint is expecting an AD DC, then you really have no option but to run an AD DC. See our wiki at https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO for an explanation of the process of upgrading to Samba 4.0 as an AD DC. An OpenLDAP server simply won't have the right structure that sharepoint is looking for. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org