Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3

Previous Tutorial :

  1. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
  2. Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP


CONFIGURING SMBLDAP-TOOLS

Smbldap-tools are a CLI (Command Line Interface) and used as a command tools for insert, update or delete a data on Samba and LDAP. Installing smbldap-tools on openSUSE only need a few step because the package already available on openSUSE Build Service. Let’s do it.

  1. Goto openSUSE Build Service Package Search.
  2. Install the updated smbldap-tools version with one-click-install
  3. Edit /etc/smbldap-tools/smbldap.conf with the following content (don’t forget to replace the Samba SID and domain name, see previous tutorial):
    [code language=’cpp’]
    SID=”S-1-2-33-4444444444-555555555-6666666666″
    sambaDomain=”VAVAI.NET”
    slaveLDAP=127.0.0.1
    slavePort=”389″
    masterLDAP=”127.0.0.1″
    masterPort=”389″
    ldapTLS=”0″
    verify=””
    cafile=””
    clientcert=””
    clientkey=””
    suffix=”dc=vavai,dc=net”
    usersdn=”ou=People,ou=Users,${suffix}”
    computersdn=”ou=Computers,ou=Users,${suffix}”
    groupsdn=”ou=Groups,${suffix}”
    idmapdn=”ou=Idmap,${suffix}”
    sambaUnixIdPooldn=”sambaDomainName=VAVAI.NET,ou=Domains,${suffix}”
    scope=”sub”
    hash_encrypt=”MD5″
    crypt_salt_format=””
    userHome=”/data/home/%U”
    userHomeDirectoryMode=”700″
    userGecos=”System User”
    defaultUserGid=”513″
    defaultComputerGid=”515″
    skeletonDir=”/etc/skel”
    defaultMaxPasswordAge=”45″
    userSmbHome=”\server%U”
    userProfile=”\serverprofiles%U”
    userHomeDrive=”H:”
    userScript=”logon.bat”
    mailDomain=”vavai.net”
    with_smbpasswd=”0″
    smbpasswd=”/usr/bin/smbpasswd”
    with_slappasswd=”0″
    slappasswd=”/usr/sbin/slappasswd”
    # comment out the following line to get rid of the default banner
    # no_banner=”1″
    [/code]
  4. Edit /etc/smbldap-tools/smbldap_bind.conf and copy-paste the following content :
    [code language=’cpp’]
    slaveDN=”cn=Manager,dc=vavai,dc=net”
    slavePw=”zezevavai26032006″
    masterDN=”cn=Manager,dc=vavai,dc=net”
    masterPw=”zezevavai26032006″
    [/code]
  5. Starting Samba service
    [code language=’cpp’]
    service smb restart
    service nmb restart
    service ldap restart
    service winbind restart
    [/code]
  6. Insert default password for Samba-LDAP
    [code language=’cpp’]
    su
    smbldap-useradd -m -a root
    smbldap-passwd root
    smbpasswd -a
    smbldap-groupmod -m root Domain Admins
    [/code]

CONFIGURING LDAP ACCOUNT MANAGER (LAM)
LDAP account manager has similar function with smbldap-tools but provided a web interface to manage the LDAP data. You should have a running Apache server for host the LAM service. Click here if you need a tutorial to setting up Apache web server on openSUSE.

  1. Goto Packman page for LDAP Account Manager and install the LAM package with one-click-install (or by using zypper using Packman Repository)
  2. Backup & create the lam configuration
    [code language=’cpp’]
    su
    mv /srv/www/htdocs/lam/config/config.cfg_sample /srv/www/htdocs/lam/config/config.cfg
    touch /srv/www/htdocs/lam/config/lam.conf
    chown wwwrun:www /srv/www/htdocs/lam/config/lam.conf
    [/code]
  3. Copy-paste the following content for LAM configuration : /srv/www/htdocs/lam/config/lam.conf
    [code language=’cpp’]
    # LDAP Account Manager configuration
    serverURL: ldap://localhost:389
    admins: cn=Manager,dc=vavai,dc=net
    # password to change these preferences via webfrontend (default: lam)
    passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==
    treesuffix: dc=vavai,dc=net
    # default language (a line from config/language)
    defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain)
    # Path to external Script
    scriptPath:
    # Server of external Script
    scriptServer:
    # Access rights for home directories
    scriptRights: 750
    # Number of minutes LAM caches LDAP searches.
    cachetimeout: 5
    # Module settings
    modules: posixAccount_minUID: 10000
    modules: posixAccount_maxUID: 20000
    modules: posixAccount_minMachine: 10000
    modules: posixAccount_maxMachine: 20000
    modules: posixGroup_minGID: 10000
    modules: posixGroup_maxGID: 20000
    modules: posixGroup_pwdHash: SSHA
    modules: posixAccount_pwdHash: SSHA
    # List of active account types.
    activeTypes: user,group,host,smbDomain
    types: suffix_user: ou=People,dc=vavai,dc=net
    types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
    types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
    types: suffix_group: ou=group,dc=vavai,dc=net
    types: attr_group: #cn;#gidNumber;#memberUID;#description
    types: modules_group: posixGroup,sambaGroupMapping
    types: suffix_host: ou=machines,dc=vavai,dc=net
    types: attr_host: #cn;#description;#uidNumber;#gidNumber
    types: modules_host: account,posixAccount,sambaSamAccount
    types: suffix_smbDomain: ou=domains,dc=vavai,dc=net
    types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
    types: modules_smbDomain: sambaDomain
    [/code]
  4. Restart Apache service
    [code language=’cpp’]
    service apache2 restart
    [/code]
  5. Access the LAM service from http://yourhostname/lam or http://your-server-ip/lam, ex : http://server.vavai.net/lam or http://192.168.1.254/lam

Next Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4, Configuring Dynamic DHCP & DNS

9 thoughts on “Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 3

  1. Hi,
    when im trying smbldap-useradd -m -a root have got error:
    Error looking for next uid in sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local:invalid DN at /usr/sbin//smbldap_tools.pm line 1174, line 466.
    in /var/log/messages:
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
    Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
    Jun 9 21:13:08 osiol slapd[3550]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Jun 9 21:13:08 osiol slapd[3550]: slapd starting
    Jun 9 21:34:14 osiol slapd[3550]: conn=266 op=2 do_search: invalid dn (sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local)
    in smbd.log
    [2010/06/09 21:29:13, 1] lib/smbldap.c:another_ldap_try(1178)
    Connection to LDAP server failed for the 12 try!
    [2010/06/09 21:29:14, 1] lib/smbldap.c:another_ldap_try(1178)
    Connection to LDAP server failed for the 13 try!
    [2010/06/09 21:29:15, 1] lib/smbldap.c:another_ldap_try(1178)
    Connection to LDAP server failed for the 14 try!
    [2010/06/09 21:29:16, 1] lib/smbldap.c:another_ldap_try(1178)
    Connection to LDAP server failed for the 15 try!
    [2010/06/09 21:29:17, 0] lib/fault.c:fault_report(40)
    where could be mistake?

  2. Hi,
    I have this problem;
    lsserver:~ # smbldap-useradd -m -a root
    Can’t locate Unicode/String.pm in @INC (@INC contains: /usr/sbin/ /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
    BEGIN failed–compilation aborted at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
    Compilation failed in require at /usr/sbin//smbldap_tools.pm line 28, line 275.
    BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
    Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
    BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.
    lsserver:~ # tail -100 /var/log/messages
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 08:27:34 lsserver slapd[20638]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Jul 26 08:27:34 lsserver slapd[20638]: slapd starting
    where could be mistake?

  3. Hi,
    I have this problem;
    lsserver:~ # smbldap-useradd -m -a root
    Can’t locate Unicode/String.pm in @INC (@INC contains: /usr/sbin/ /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
    BEGIN failed–compilation aborted at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
    Compilation failed in require at /usr/sbin//smbldap_tools.pm line 28, line 275.
    BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
    Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
    BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.
    lsserver:~ # tail -100 /var/log/messages
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
    Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 08:27:34 lsserver slapd[20638]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Jul 26 08:27:34 lsserver slapd[20638]: slapd starting
    where could be mistake?

  4. Hi Vavai, thanks for your answer.
    I have reinstall perl-Unicode-MapUTF8 and perl-ldap, but the problem persists, my version of openSUSE is 11.2

  5. Hi, I config again from first step, and this are the log from:
    server:~ # tail -20 /var/log/messages
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable

  6. Hi, I config again from first step, and this are the log from:
    server:~ # tail -20 /var/log/messages
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
    Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable

  7. Hello.
    Have to add :
    ldap ssl = off
    in smb.conf.
    Otherwise I am not able to do the command :
    smbpasswd -a
    “Failed to issue the StartTLS instruction: Protocol error
    Connection to LDAP server failed for the 1 try!”

Leave a Reply

Your email address will not be published. Required fields are marked *