From owner-freebsd-questions@FreeBSD.ORG Mon Jul 20 09:56:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 695F11065675 for ; Mon, 20 Jul 2009 09:56:47 +0000 (UTC) (envelope-from Johan@double-l.nl) Received: from smtp-vbr12.xs4all.nl (smtp-vbr12.xs4all.nl [194.109.24.32]) by mx1.freebsd.org (Postfix) with ESMTP id B761F8FC19 for ; Mon, 20 Jul 2009 09:56:46 +0000 (UTC) (envelope-from Johan@double-l.nl) Received: from w2003s01.double-l.local (double-l.xs4all.nl [80.126.205.144]) by smtp-vbr12.xs4all.nl (8.13.8/8.13.8) with ESMTP id n6K9ujxx051564; Mon, 20 Jul 2009 11:56:45 +0200 (CEST) (envelope-from Johan@double-l.nl) Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Mon, 20 Jul 2009 11:56:44 +0200 Message-ID: <57200BF94E69E54880C9BB1AF714BBCB5DEA73@w2003s01.double-l.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: {Disarmed} Re: Samba PDC with LDAP backend Thread-Index: AcoJHdR2IMnTXvx1Qn2iO8JEt9HDnAAAP9Hg References: <20090719112802.GA77843@ei.bzerk.org> <57200BF94E69E54880C9BB1AF714BBCB5DEA71@w2003s01.double-l.local> <200907200835.n6K8ZZ7D001753@banyan.cs.ait.ac.th> <20090720105553.a665479b.freebsd@edvax.de> From: "Johan Hendriks" To: "Ruel Luchavez" X-Virus-Scanned: by XS4ALL Virus Scanner Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: RE: {Disarmed} Re: Samba PDC with LDAP backend X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2009 09:56:51 -0000 There is an improvement... this is my current /etc/rc.conf slapd_enable=3DYES slapd_flags=3D'-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://MailScanner warning: numerical links are often malicious: 127.0.0.1/ ldap://MailScanner warning: numerical links are often malicious: 192.168.5.200/ "' slapd_sockets=3D"/var/run/openldap/ldapi" samba_enable=3D"YES" winbindd_enable=3D"YES" cupsd_enable=3D"YES" ######################################################################## ######## and this is the output of ps -aux | grep slap #ps -aux | grep slap ldap 1667 0.0 6.7 345832 7936 ?? Ss 5:24PM 0:01.18 /usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://MailScanner warning: numerical links are often malicious: 127.0.0.1/ ldap://MailScanner warning: numerical links are often malicious: 192.168.5.200/ -u ld root 1794 0.0 0.2 388 268 p0 R+ 5:32PM 0:00.00 grep slap Well regarding what Oliver said "I see no ldaps:// in the command, but one in the ps, that is strange!" I think it is solve now! Am I right? Then I populate the database, unfortunate there another error and I can't understand the code in smbldap_tools.pm! Her's the output of the box #smbldap-populate -u 10000 -g 10000 -r 10000 Populating LDAP directory for domain MYDOMAIN (S-1-5-21-2772587264-3389604304-3649373591) (using builtin directory structure) adding new entry: dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 466. adding new entry: ou=3DPeople,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 12. adding new entry: ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 17. adding new entry: ou=3DComputers,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 22. adding new entry: ou=3DIdmap,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 27. adding new entry: uid=3Droot,ou=3DPeople,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 58. adding new entry: uid=3Dnobody,ou=3DPeople,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 89. adding new entry: cn=3DDomain = Admins,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 101. adding new entry: cn=3DDomain Users,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 112. adding new entry: cn=3DDomain = Guests,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 123. adding new entry: cn=3DDomain = Computers,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 134. adding new entry: = cn=3DAdministrators,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 179. adding new entry: cn=3DAccount = Operators,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 201. adding new entry: cn=3DPrint = Operators,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 212. adding new entry: cn=3DBackup = Operators,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 223. adding new entry: cn=3DReplicators,ou=3DGroups,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 234. adding new entry: sambaDomainName=3DMYDOMAIN,dc=3Dmydomain,dc=3Dlocal failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 498, line 242. Please provide a password for the domain root: No such object at /usr/local/lib/perl5/site_perl/5.8.9/smbldap_tools.pm line 406, line 466. # return (success, dn ) <<------and this is the line at 466 of smbldap_tools.pm What does it mean?? I can't type the password for the domain root cause it ends up there... You guys are great...FreeBSD Rock Thanks... --=20 rHueL FreeBSD user since 6.0 Happy BSD use... Country:Philippines Zip Code:8000 =20 =20 Ok did you do these steps of my howto. Configuration Prepare the openldap config file (/usr/local/etc/openldap/slapd.conf) First we need to create a password for the openldap server # slappasswd -s very-secure-password=20 {SSHA}2pCGrVMhMh3cC+LakUXApebb9jwICf5e Copy the {SSHA} line to your slapd.conf file ofter the rootpw line ####################################################################### # BDB database definitions ####################################################################### =20 database bdb suffix "dc=3Dsmbdomain,dc=3Dlocal" rootdn "cn=3DManager,dc=3Dsmbdomain,dc=3Dlocal" #rootpw =3D very-secure-password rootpw {SSHA}2pCGrVMhMh3cC+LakUXApebb9jwICf5e =20 directory /usr/local/var/db/openldap-data =20 Also make sure you have that password (plain text very-secure-password) in your /usr/local/etc/smbldap-tools/smbldap_bind.conf file Regards, Johan Hendriks Sylhouette =20