search for: rootbinddn

Hi all (excuse my poor english): I have a samba PDC on a network with 100 machines and 200 users. Everything worked fine with FC2 and samba 3.0.14a, but a hd crash decided me to update system to FC4. I can see now, in the logs file "User jon in passdb, but getpwnam() fails! when an user try to log in. On XP I can not login neither add new machine to domain. My pass backend is

...our password" when they try to change it. sambaAcctFlags includes the X flag which I thought meant "don't expire passwords." The password changing thing has got me even more stumped. Can anyone offer any clues? /etc/pam_ldap.conf: host localhost base dc=trec,dc=us ldap_version 3 rootbinddn cn=admin,dc=trec,dc=us pam_password exop /etc/libnss-ldap.conf: host localhost base dc=trec,dc=us ldap_version 3 rootbinddn cn=admin,dc=trec,dc=us pam_password exop Example user entry: dn: uid=sgoodrich,ou=Users,dc=trec,dc=us objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAcco...

...liases: files nisplus Relevant parts of /etc/pam_ldap.conf (everything else is commented out): host dir1.ourdomain.com base dc=.ourdomain,dc=com #uri ldaps://dir1.ourdomain.com uri ldap://dir1.ourdomain.com # basic auth config binddn cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap...

Seems straight forward enough but I keep getting errors. On a client... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node ubuntu5.ttinet: LDAP Search failed on the puppet master... puppet.conf [master] # ENC (external node classificiations) node_terminus = ldap ldapnodes = true ldapclassattrs = puppetclass # LDAP ldapserver =

...n.com displayname: Charles Richards/MyDomain messagestorage: 1 encryptincomingmail: 0 roaminguser: 0 <snip> ... I have a feeling I'm missing something in my /etc/ldap.conf regarding how I'm binding to the directory (I've tried using my CN=Charles Richards for the binddn and rootbinddn to no avail...) Any tips or info are greatly appreciated! Thanks, Charles Richards richardsc at gmail.com charlesrichards.net

Sorry if this question is more for the LDAP community, but since I ran into this via the Samba3 by Example book, I'm asking here. :) As described in Chapter 6, PAM and NSS Client Configuration, in the ldap.conf file, is it necessary to have the bindpw line? From what I have seen, ldap.conf needs to be world readable and having that entry would seem to me to be a security risk. Am I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is a description of what I am trying to do (with Samba 3.0.2a & openldap 2.1.27): I have all my users populated into the LDAP with all the applicable attributes; Users can map drives to a server using LDAP as the authentication backend without issue. Where I am running into problems is bringing up a PDC using Samba w/LDAP. * I added

...c=abmas,dc=biz" and "cn=Manager,dc=abmas,dc=biz". I guess something like the following should be added to the Example 8.1 ldif dn: ou=Computers,dc=abmas,dc=biz objectClass: top objectClass: organizationalUnit ou: Computers Also, since "cn=Manager,dc=abmas,dc=biz" is the rootbinddn used in Chapter 6's example, I don't think it would need to be in the directory anyway but that could something I just don't understand yet concerning LDAP. Doug

....conf * passwd: compat ldap group: compat ldap shadow: compat ldap # /etc/libnss-ldap.conf et /etc/pam_ldap.conf base dc=mon_domaine,dc=com uri ldap://mon_url ldap_version 3 binddn cn=reader,dc=mon_domaine,dc=com bindpw xxxyyyzzz rootbinddn cn=superuser,dc=mon_domaine,dc=com port xxx The "/getent passwd/" gives me informations but only from the "other_branch" (don't know why) while i would like to get informations only from the "Users" branch. So, i need help on : * get informations (logi...

...use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so My /etc/ldap.conf is setup as (world readable): base dc=pds-support,dc=net rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net nss_base_passwd dc=pds-support,dc=net?sub nss_base_shadow dc=pds-support,dc=net?sub nss_base_group ou=Groups,dc=pds-support,dc=net?one ssl no pam_password md5 and my /etc/nsswitch.conf (world readable) passwd: files ldap shadow:...

...BAEFEF sambaPwdLastSet: 1280219188 sambaPwdMustChange: 2144132788 userPassword: {CRYPT}c28JIqzpe43e shadowLastChange: 14817 shadowMax: 9999 Here's /etc/ldap.conf base dc=example,dc=com uri ldapi:///127.0.0.1 uri ldap://127.0.0.1 ldap_version 3 binddn cn=admin,dc=example,dc=com bindpw mysecret rootbinddn cn=admin,dc=example,dc=com scope sub bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_check_host_attr yes pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=people,dc=example,dc=com?sub nss_base_passwd ou=computers,dc=example,dc=com?sub nss_base_group...

...ing LDAP. host 192.168.5.15 10.0.0.210 # The distinguished name of the search base. base dc=mydomain,dc=local # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. rootbinddn (DN of administrator) # The credentials to bind with. # Optional: default is no credential. bindpw secret # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) rootbinddn (DN of administrator) # The port. # Op...

...liases: files nisplus Relevant parts of /etc/pam_ldap.conf (everything else is commented out): host dir1.ourdomain.com base dc=.ourdomain,dc=com #uri ldaps://dir1.ourdomain.com uri ldap://dir1.ourdomain.com # basic auth config binddn cn=admin,dc=ourdomain,dc=com rootbinddn cn=admin,dc=ourdomain,dc=com # random stuff #timelimit 120 #bind_timelimit 120 #bind_policy hard # brought these times down wmodes Aug 11, 2008 timelimit 30 bind_timelimit 30 bind_policy soft idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap...

...t; write by dn="cn=smbldap-tools,ou=DSA,dc=dbb,dc=su,dc=se" write by * none # this can be omitted but we leave it: there could be other branch # in the directory access to * by self read by * none Her's my ldap.conf HOST s2.dbb.su.se BASE dc=dbb,dc=su,dc=se rootbinddn cn=nssldap,ou=DSA,dc=dbb,sc=su,dc=se nss_base_passwd dc=dbb,dc=su,dc=se?sub nss_base_shadow dc=dbb,dc=su,dc=se?sub nss_base_group ou=Groups,dc=dbb,dc=su,dc=se?one pam_password md5 tls_checkpeer yes TLS_CACERT /etc/ldap/ca.pem TLS_REQCERT demand ssl start_tls tls_cert /et...

...ldap.so session    required       pam_ldap.so   and check the content of :   /etc/pam_ldap.conf And this as example adjust as needed.   base dc=domain,dc=local uri ldap://dc01.domain.local/ ldap://dc02.domain.local/ ldap_version 3 binddn auth_ldap_user at domain.local bindpw password rootbinddn auth_ldap_user at domain.local pam_filter objectclass=user pam_login_attribute sAMAccountName pam_password crypt   ^^ test with and without the pam_password crypt And test with pam_password bind       Greetz,   Louis     Van: Marcel Ebbrecht [mailto:m.ebbrecht at dortmundit.de]...

...ot; userSmbHome="" userProfile="" userScript="logon.bat" mailDomain="example.org" with_smbpasswd="0" with_slappasswd="0" /etc/ldap.conf ********************** host server.example.org base dc=example,dc=org binddn cn=config bindpw 1w2345FJ rootbinddn cn=zimbra,dc=example,dc=org timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 nss_base_passwd ou=people,dc=example,dc=org?one nss_base_shadow ou=people,dc=example,dc=org?one nss_base_group ou=groups,dc=example,dc=org?one nss_base_hosts ou=mac...

Hi, I'd like to use nscd for passwd+group caching. pam_ldap is configured and works (e.g. 'id foo' returns the correct user id if foo is present in ldap). If I start nscd manually (not started by default), 'id foo' returns 'No such user'. As soon as I stop nscd, 'id foo' starts working again. I suspect nscd is only looking at /etc/passwd because 'id

...dow: compat ldap hosts: files dns ldap networks: files ldap protocols: db files services: db files ethers: db files rpc: db files netgroup: nis #/etc/libnss-ldap.conf host 127.0.0.1 base dc=IDEALX,dc=ORG ldap_version 3 bindpw mysecretpwd rootbinddn "cn=Manager,dc=IDEALX,dc=ORG" pam_password crypt Does anybody know why my samba box does not find or add the machine$ to the openldap data base? Please let me know if you need more infos/configs or logs. Thanks a lot, Mario

...just need to clean it out. Maybe a cache file somewhere? Following is ldap.conf file. Any suggestions? <ldap.conf> base dc=inside,dc=msi timelimit 120 bind_timelimit 120 idle_timelimit 3600 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman rootbinddn cn=Manager,dc=inside,dc=msi nss_base_passwd ou=People,dc=inside,dc=msi nss_base_shadow ou=People,dc=inside,dc=msi nss_base_group ou=Group,dc=inside,dc=msi uri ldap://127.0.0.1 ldap://my.domain ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 </ldap.conf>

...idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 50000-500000 #logging log level = 1 --- my nsswitch/pam /etc/ldap.conf --- ssl off suffix "dc=th-domain,dc=lan" uri ldap://localhost pam_password exop rootbinddn "cn=root,dc=th-domain,dc=lan" ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=peoples,dc=th-domain,dc=lan nss_base_shadow ou=peoples,dc=th-domain,dc=lan nss_base_group ou=groups,dc=th-domain,dc=lan nss_base_hos...