From owner-freebsd-questions@FreeBSD.ORG  Sat Jan  7 17:34:30 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1669D16A41F
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jan 2006 17:34:30 +0000 (GMT)
	(envelope-from playnet@mail333.com)
Received: from smtp1.pochta.ru (smtp1.pochta.ru [81.211.64.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 63BF443D45
	for <freebsd-questions@freebsd.org>;
	Sat,  7 Jan 2006 17:34:28 +0000 (GMT)
	(envelope-from playnet@mail333.com)
Received: from pl (ip-83-149-3-40.nwgsm.ru [83.149.3.40])
	(author=playnet@mail333.com authenticated bits=0)
	by smtp1.pochta.ru (8.13.1/8.13.1) with ESMTP daemon=POCHTA.RU id
	k07HYFie068995 for <freebsd-questions@freebsd.org>;
	Sat, 7 Jan 2006 20:34:18 +0300 (MSK)
	(envelope-from playnet@mail333.com)
X-Author: playnet@mail333.com from pl (ip-83-149-3-40.nwgsm.ru [83.149.3.40])
	via Free Mail POCHTA.RU
Date: Sat, 7 Jan 2006 20:36:49 +0300
From: Playnet <playnet@mail333.com>
X-Mailer: The Bat! (v1.62r)
X-Priority: 3 (Normal)
Message-ID: <77478496.20060107203649@mail333.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: samba+slapd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: playnet <playnet@mail333.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2006 17:34:30 -0000

Hello freebsd-questions,

I need setup subj, it's need for my diplom. I need it to 20.01, but i
read many docs and cat't understand some bugs

  I try to setup samba+ldap
samba-3.0.20,1      A free SMB and CIFS client and server for UNIX
openldap-sasl-server-2.2.28 Open source LDAP server implementation with SASL2 support


  1) how create certificates? In docs use gencert.sh, but i cat't find this in my system
I create it:
# openssl genrsa -des3 -out ca.key 2048
# openssl req -new -x509 -days 1825 -utf8 -key ca.key -out ca.cert
in Common Name (eg, YOUR name) []: ldap.domain.ru

usercert:
# openssl genrsa -out user.key 1024
# openssl req -new -key user.key -out user.csr -utf8
# openssl x509 -req -in user.csr -out user.cert \
            -CA ca.cert -CAkey ca.key -CAcreateserial -days 1095

# vi /usr/local/etc/openldap/slapd.conf
added:

disallow tls_authc
;Why? And how generate certs (?) correctly?

TLSCertificateFile    /usr/local/etc/openldap/ssl/user.cert
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/user.key
TLSCACertificateFile  /usr/local/etc/openldap/ssl/ca.cert

Is it correct?


  2) on start samba in /var/log/messages:
Jan  7 19:28:29 sstand slapd[53000]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
What i need?

3) on ldapsearch in /var/log/messages:
Jan  7 19:28:30 sstand ldapsearch: GSSAPI Error:  Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)
Why ldap wants kerberos and how to fix it?

4) Need i use PAM?
-- 
Best regards,
Playnet                          mailto:playnet@mail333.com