Previous Tutorial :
- Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
- Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP
CONFIGURING SMBLDAP-TOOLS
Smbldap-tools are a CLI (Command Line Interface) and used as a command tools for insert, update or delete a data on Samba and LDAP. Installing smbldap-tools on openSUSE only need a few step because the package already available on openSUSE Build Service. Let’s do it.
- Goto openSUSE Build Service Package Search.
- Install the updated smbldap-tools version with one-click-install
- Edit /etc/smbldap-tools/smbldap.conf with the following content (don’t forget to replace the Samba SID and domain name, see previous tutorial):
[code language=’cpp’]
SID=”S-1-2-33-4444444444-555555555-6666666666″
sambaDomain=”VAVAI.NET”
slaveLDAP=127.0.0.1
slavePort=”389″
masterLDAP=”127.0.0.1″
masterPort=”389″
ldapTLS=”0″
verify=””
cafile=””
clientcert=””
clientkey=””
suffix=”dc=vavai,dc=net”
usersdn=”ou=People,ou=Users,${suffix}”
computersdn=”ou=Computers,ou=Users,${suffix}”
groupsdn=”ou=Groups,${suffix}”
idmapdn=”ou=Idmap,${suffix}”
sambaUnixIdPooldn=”sambaDomainName=VAVAI.NET,ou=Domains,${suffix}”
scope=”sub”
hash_encrypt=”MD5″
crypt_salt_format=””
userHome=”/data/home/%U”
userHomeDirectoryMode=”700″
userGecos=”System User”
defaultUserGid=”513″
defaultComputerGid=”515″
skeletonDir=”/etc/skel”
defaultMaxPasswordAge=”45″
userSmbHome=”\server%U”
userProfile=”\serverprofiles%U”
userHomeDrive=”H:”
userScript=”logon.bat”
mailDomain=”vavai.net”
with_smbpasswd=”0″
smbpasswd=”/usr/bin/smbpasswd”
with_slappasswd=”0″
slappasswd=”/usr/sbin/slappasswd”
# comment out the following line to get rid of the default banner
# no_banner=”1″
[/code] - Edit /etc/smbldap-tools/smbldap_bind.conf and copy-paste the following content :
[code language=’cpp’]
slaveDN=”cn=Manager,dc=vavai,dc=net”
slavePw=”zezevavai26032006″
masterDN=”cn=Manager,dc=vavai,dc=net”
masterPw=”zezevavai26032006″
[/code] - Starting Samba service
[code language=’cpp’]
service smb restart
service nmb restart
service ldap restart
service winbind restart
[/code] - Insert default password for Samba-LDAP
[code language=’cpp’]
su
smbldap-useradd -m -a root
smbldap-passwd root
smbpasswd -a
smbldap-groupmod -m root Domain Admins
[/code]
CONFIGURING LDAP ACCOUNT MANAGER (LAM)
LDAP account manager has similar function with smbldap-tools but provided a web interface to manage the LDAP data. You should have a running Apache server for host the LAM service. Click here if you need a tutorial to setting up Apache web server on openSUSE.
- Goto Packman page for LDAP Account Manager and install the LAM package with one-click-install (or by using zypper using Packman Repository)
- Backup & create the lam configuration
[code language=’cpp’]
su
mv /srv/www/htdocs/lam/config/config.cfg_sample /srv/www/htdocs/lam/config/config.cfg
touch /srv/www/htdocs/lam/config/lam.conf
chown wwwrun:www /srv/www/htdocs/lam/config/lam.conf
[/code] - Copy-paste the following content for LAM configuration : /srv/www/htdocs/lam/config/lam.conf
[code language=’cpp’]
# LDAP Account Manager configuration
serverURL: ldap://localhost:389
admins: cn=Manager,dc=vavai,dc=net
# password to change these preferences via webfrontend (default: lam)
passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==
treesuffix: dc=vavai,dc=net
# default language (a line from config/language)
defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain)
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# Module settings
modules: posixAccount_minUID: 10000
modules: posixAccount_maxUID: 20000
modules: posixAccount_minMachine: 10000
modules: posixAccount_maxMachine: 20000
modules: posixGroup_minGID: 10000
modules: posixGroup_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group,host,smbDomain
types: suffix_user: ou=People,dc=vavai,dc=net
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
types: suffix_group: ou=group,dc=vavai,dc=net
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup,sambaGroupMapping
types: suffix_host: ou=machines,dc=vavai,dc=net
types: attr_host: #cn;#description;#uidNumber;#gidNumber
types: modules_host: account,posixAccount,sambaSamAccount
types: suffix_smbDomain: ou=domains,dc=vavai,dc=net
types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID
types: modules_smbDomain: sambaDomain
[/code] - Restart Apache service
[code language=’cpp’]
service apache2 restart
[/code] - Access the LAM service from http://yourhostname/lam or http://your-server-ip/lam, ex : http://server.vavai.net/lam or http://192.168.1.254/lam
Next Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4, Configuring Dynamic DHCP & DNS
Hi,
when im trying smbldap-useradd -m -a root have got error:
Error looking for next uid in sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local:invalid DN at /usr/sbin//smbldap_tools.pm line 1174, line 466.
in /var/log/messages:
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
Jun 9 21:13:08 osiol slapd[3550]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jun 9 21:13:08 osiol slapd[3550]: slapd starting
Jun 9 21:34:14 osiol slapd[3550]: conn=266 op=2 do_search: invalid dn (sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local)
in smbd.log
[2010/06/09 21:29:13, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 12 try!
[2010/06/09 21:29:14, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 13 try!
[2010/06/09 21:29:15, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 14 try!
[2010/06/09 21:29:16, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 15 try!
[2010/06/09 21:29:17, 0] lib/fault.c:fault_report(40)
where could be mistake?
Hi,
I have this problem;
lsserver:~ # smbldap-useradd -m -a root
Can’t locate Unicode/String.pm in @INC (@INC contains: /usr/sbin/ /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
BEGIN failed–compilation aborted at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
Compilation failed in require at /usr/sbin//smbldap_tools.pm line 28, line 275.
BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.
lsserver:~ # tail -100 /var/log/messages
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver slapd[20638]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jul 26 08:27:34 lsserver slapd[20638]: slapd starting
where could be mistake?
Hi,
I have this problem;
lsserver:~ # smbldap-useradd -m -a root
Can’t locate Unicode/String.pm in @INC (@INC contains: /usr/sbin/ /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
BEGIN failed–compilation aborted at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
Compilation failed in require at /usr/sbin//smbldap_tools.pm line 28, line 275.
BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.
lsserver:~ # tail -100 /var/log/messages
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver slapd[20638]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jul 26 08:27:34 lsserver slapd[20638]: slapd starting
where could be mistake?
@Jorge,
Install perl-Unicode-MapUTF8 package. Look at the troubleshooting area on part 6 of the tutorial series.
http://v2.vavai.net/2010/01/29/tutorial-samba-pdc-openldap-on-opensuse-11-1-%E2%80%93-part-6/
@Jorge,
Install perl-Unicode-MapUTF8 package. Look at the troubleshooting area on part 6 of the tutorial series.
http://v2.vavai.net/2010/01/29/tutorial-samba-pdc-openldap-on-opensuse-11-1-%E2%80%93-part-6/
Hi Vavai, thanks for your answer.
I have reinstall perl-Unicode-MapUTF8 and perl-ldap, but the problem persists, my version of openSUSE is 11.2
Hi, I config again from first step, and this are the log from:
server:~ # tail -20 /var/log/messages
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Hi, I config again from first step, and this are the log from:
server:~ # tail -20 /var/log/messages
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Hello.
Have to add :
ldap ssl = off
in smb.conf.
Otherwise I am not able to do the command :
smbpasswd -a
“Failed to issue the StartTLS instruction: Protocol error
Connection to LDAP server failed for the 1 try!”