{Disarmed} Re: Samba PDC with LDAP backend

Johan Hendriks Johan at double-l.nl
Mon Jul 20 09:56:51 UTC 2009 

There is an improvement...
this is my current /etc/rc.conf

slapd_enable=YES
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap://MailScanner warning: numerical links are often malicious:
127.0.0.1/ <http://127.0.0.1/>  ldap://MailScanner warning: numerical
links are often malicious: 192.168.5.200/ <http://192.168.5.200/> "'
slapd_sockets="/var/run/openldap/ldapi"

samba_enable="YES"
winbindd_enable="YES"
cupsd_enable="YES"
########################################################################
########

and this is the output of ps -aux | grep slap

#ps -aux | grep slap
ldap   1667  0.0  6.7 345832  7936  ??  Ss    5:24PM   0:01.18
/usr/local/libexec/slapd -h ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap://MailScanner warning: numerical links are often malicious:
127.0.0.1/ <http://127.0.0.1/>  ldap://MailScanner warning: numerical
links are often malicious: 192.168.5.200/ <http://192.168.5.200/>  -u ld

root   1794  0.0  0.2   388   268  p0  R+    5:32PM   0:00.00 grep slap

Well regarding what Oliver said "I see no ldaps:// in the command, but
one in the ps, that is strange!"
I think it is solve now! Am I right?

Then I populate the database, unfortunate there another error and I
can't understand the code in smbldap_tools.pm! Her's the output of the
box

#smbldap-populate -u 10000 -g 10000 -r 10000
Populating LDAP directory for domain MYDOMAIN
(S-1-5-21-2772587264-3389604304-3649373591)
(using builtin directory structure)

adding new entry: dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <DATA> line 466.
adding new entry: ou=People,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 12.
adding new entry: ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 17.
adding new entry: ou=Computers,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 22.
adding new entry: ou=Idmap,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 27.
adding new entry: uid=root,ou=People,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 58.
adding new entry: uid=nobody,ou=People,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 89.
adding new entry: cn=Domain Admins,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Groups,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 234.
adding new entry: sambaDomainName=MYDOMAIN,dc=mydomain,dc=local
failed to add entry: modifications require authentication at
/usr/local/sbin/smbldap-populate line 498, <GEN1> line 242.

Please provide a password for the domain root:
No such object at /usr/local/lib/perl5/site_perl/5.8.9/smbldap_tools.pm
line 406, <DATA> line 466.

# return (success, dn ) <<------and this is the line at 466 of
smbldap_tools.pm

What does it mean??
I can't type the password for the domain root cause it ends up there...

You guys are great...FreeBSD Rock

Thanks...
-- 
rHueL
FreeBSD user since 6.0
Happy BSD use...
Country:Philippines
Zip Code:8000

 

 

Ok did you do these steps of my howto.



Configuration

Prepare the openldap config file (/usr/local/etc/openldap/slapd.conf)
First we need to create a password for the openldap server

# slappasswd -s very-secure-password 
{SSHA}2pCGrVMhMh3cC+LakUXApebb9jwICf5e

Copy the {SSHA} line to your slapd.conf file ofter the rootpw  line

#######################################################################
# BDB database definitions
#######################################################################
 
database        bdb
suffix          "dc=smbdomain,dc=local"
rootdn          "cn=Manager,dc=smbdomain,dc=local"
#rootpw = very-secure-password
rootpw          {SSHA}2pCGrVMhMh3cC+LakUXApebb9jwICf5e
 
directory       /usr/local/var/db/openldap-data

 

Also make sure you have that password (plain text  very-secure-password)
in your /usr/local/etc/smbldap-tools/smbldap_bind.conf file



Regards,

Johan Hendriks
Sylhouette

More information about the freebsd-questions mailing list