search for: rootdn

Le 06/09/2018 à 11:44, Rowland Penny via samba a écrit : > On Thu, 6 Sep 2018 11:08:21 +0200 > Philippe Maladjian via samba <samba at lists.samba.org> wrote: >> Before the classicupdate on my ldap I can change the rootdn to match >> my.domain and not domain.fr? > I suppose you could try it, dump the entire ldap to an ldif, manually > change all 'dc=domain,dc=fr' to 'dc=my,dc=domain'. You would then have > to move the old ldap out of the way and add your new ldif to ldap. > Change y...

...e case i'm sorry by advance), but i've found almost no doc about this topic in the wiki. I'm currently running Samba 4 AD in a test environment, preparing for production. Everything is working quite fine, but i'm struggling about some configuration; How (and where) to define a rootDN in order to  specify which account has the right to make ldap queries against Samba 4 AD ldap database (with ldapsearch), whether in read or write access. On a Samba PDC install running OpenLDAP backend, it was possible to define this in slapd.conf by lines like that: access to *     by dn=&...

...n.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix...

...sword into secrets.tdb Machine is added to domain, no problem right, because PDC fields this whereas BDC handles most of logon chores. What if PDC/LDAP is offline? Doesn't Machine Add then get added to slave LDAP? How about if user changes his password? Do I really want the secrets.tdb to have rootdn PASSWORD? Shouldn't this be a non-rootdn in the BDC's smb.conf with only sufficient access to see sambaNTPassword & sambaLMPassword with read only and no write privileges to anything? I.E. PDC down, no password changes, no new machine accounts. Craig

...for domain . my query is, the nsswitch.conf and ldap.con of BDC should point to it's own LDAP server or Master LDAPserver and in smb.conf file of BDC, the passdb backed should point to master or slave. and smbpasswd -w <password>, (which password should i enter , the master LDAP server rootdn password or slave LDAP server rootdn passowrd) please guide me Regards ashok

Hi all I have a samba pdc (3.0.21c) with openldap (2.3.19) on the same server, i have setup another system as bdc (samba 3.0.21c) with slave ldap server (both samba and ldap are running on same machine). on the master ldap server i have rootdn "cn=manager,dc=mydomain,dc=com" and if i setup on the slave ldap server rootdn "cn=manager,dc=mydomain,dc=com" and in the slave ldap server, updatedn points to rootdn of the slave ldap server. ie updatedn is "cn=manager,dc=msdpl,dc=com" so my query is can both master...

...for quite a while, and haven't found any very helpful websites or anything. I've found quite a bit on how to set up a PDC using LDAP, which would be nice, but I already have the PDC... I just need LDAP to host UID's and GID's. The things I'd like to know are: 1. What should the rootdn, suffix, and indexes be in the slapd.conf? I think that the rootdn needs to match what I put in the smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs to match the "ldap suffix" from the smb.conf... I don't have any idea about the indexes. 2. What nee...

...ile "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 398, in run use_rfc2307=use_rfc2307, skip_sysvolacl=False) File "/usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py", line 1978, in provision sitename=sitename, rootdn=rootdn) File "/usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py", line 597, in guess_names raise ProvisioningError("guess_names: 'realm=%s' in %s must match chosen realm '%s'! Please remove the smb.conf file and let provision genera...

...ser userPassword: 123456 dn: cn=sambaadmin,dc=ddesign,dc=com objectClass: person cn: sambaadmin sn: sambaadmin userPassword: 123456 When using sambaadmin instead of manager samba hangs unable to connect to the ldap database, however if i change this entry in the slapd.conf all works find also. rootdn "cn=Manager,dc=ddesign,dc=com" TO>>> rootdn "cn=sambaadmin,dc=ddesign,dc=com" I have been through this configuration several times and keep getting the same issue. Is it possible that I am missing a crutial step between chapter 5 and the single master ld...

...in_provision() ? File "/usr/local/samba/lib64/python2.4/site-packages/samba/join.py", line 598, in join_provision ??? dns_backend="NONE") ? File "/usr/local/samba/lib64/python2.4/site-packages/samba/provision/__init__.py", line 1704, in provision ??? sitename=sitename, rootdn=rootdn) ? File "/usr/local/samba/lib64/python2.4/site-packages/samba/provision/__init__.py", line 507, in guess_names ??? if not valid_netbios_name(netbiosname): ? File "/usr/local/samba/lib64/python2.4/site-packages/samba/__init__.py", line 310, in valid_netbios_name ??? return...

I'm having trouble getting openldap through its initial setup. I created a /etc/openldap/slap.conf file with a default rootdn and rootpw, and they didn't seem to take effect. After much wailing and gnashing of teeth I found that if there is a config directory at /etc/openldap/slapd.d, it will ignore slapd.conf. I can't figure out how to translate slapd.conf into the (new?) standard of slapd.d because all the exa...

...ur PDC using its existing domain, add > another DC using 4.9.0, then run the nice new Domain rename tool. > Though this will entail manually renaming any GPO's Ok so for the moment i will keep my.domain in domain names windows and dns. Before the classicupdate on my ldap I can change the rootdn to match my.domain and not domain.fr? > Rowland > > > >

...=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # equivalent to TLS_CACERT TLSCertificateFile /etc/ssl/ldapcert.pem # selbst-signiertes Zertifikat # equivalent to TLS_KEY TLSCertificateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivale...

...n.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix...

...ons. I am using LDAP for user Authentication for these machines. I would *like* to have just one user authentication database (the LDAP one). The MS-Windows machines will *never* need to allow things like user creation or modification (including password changing), so Samba *should not need* the rootdn password for the LDAP server. I am having a hard time figuring out how to do this. It *seems* that Samba wants to have the rootdn password -- do I have to configure it that way? Or do I have to *duplicate* the user authentication in Samba's own user database (resulting in people having their...

...cess to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffi...

...add and login any new user. The ldap > directory is correctly populated for root afaik, there are the same > password hashes in there as for my test machine and ldap pam works > > > just wondering if you did the smbpasswd -w PASSWORD > > for the root account. > > Yes, rootdn password is stored in secrets.tdb > > > Shot in the dark here - since the root samba pasword is > stored in a secrets > > file, maybe there isnt one in the LDAP, and therefore your > get your error. > > Maybe run smbpasswd for the root (without the -w) so it > popu...

...ng the three of these to work together and I think that they are. (Mostly) Anyway the real question is: Is there a way to setup samba and the ldap scripts that are distributed with Samba so that they don't use a plain text password? Maybe I'm just too paranoid, but the idea of putting the rootdn password in the slapd.conf and the smbldap_conf.pm seems a bit too risky. Thanks, Doug

...2.168.1.1 base dc=tdm-consult, dc=com ssl no # f?r nss_ldap crypt des # f?r pam_ldap pam_filter objectclass=posixAccount pam_login_attribute uid pam_crypt local pam_password crypt ldap_version 3 /etc/openldap/slap.conf suffix "dc=tdm-consult,dc=com" rootdn "cn=tdm,dc=tdm-consult,dc=com" rootpw {crypt}... /etc/pam.d/passwd auth required pam_unix2.so nullok account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok sessio...

...,dc=net> with scope subtree # filter: objectclass=* # requesting: ALL # # search result search: 2 result: 32 No such object I am currently attempting to use the actual word 'secret' to authenticate the Manager account: database bdb suffix "dc=example,dc=net" rootdn "cn=Manager,dc=example,dc=net" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw {CRYPT}secret And I am getti...