HOWTO: Samba PDC with LDAP backend

Since the first post was radically altered, the entire thread following it became 'orphaned', so we may as well start over again with the new information in the first post as a starting point.
 
What do you get when you do a pkg_info

Also have you tried pkg_delete openldap-server-<version>
And the a reinstall.
you can also try pkg_add -r openldap-server, this way you install a package.
If that one also crash, something else is going on.

regards,
Syl
 
Hi! I followed the HOWTO (thank you very much for your efforts!!) but I have a little issue. After applying changes to nsswitch.conf I get: nss_ldap could not search LDAP server. Slapd is up and running. Any ideas?
 
Thank you for the good job on that howto.

I setup a 8.1 box based on this config using Nov 1st 2010 ports...

I think I ended up using a newer version of perl.. but it all went fairly smooth and it seems to work.

I joined a XP box to the domain, successfully logged in as root and I decided to download Usermgr.exe as mentioned in the howto. I downloaded usermgr.exe from Microsoft.... I can see the accounts but once I try to do anything. it says
Code:
A device attached to the system is not functioning
Nothing strange on the workstation/firewall or whatnots.. and nothing odd in the logs, that I can tell.

Anyone experience this that knows a quick fix?

Cheers

- Chris
 
Did you do the last step,
Code:
net rpc join -S smb-server01 -Uroot

Also you can try to use quotes around the %x settings in the smb.conf file like below, and reload/restart samba

Code:
# scripts invoked by samba
      add user script               = /usr/local/sbin/smbldap-useradd -m "%u"
      delete user script            = /usr/local/sbin/smbldap-userdel "%u"
      add group script              = /usr/local/sbin/smbldap-groupadd -p "%g"
      delete group script           = /usr/local/sbin/smbldap-groupdel "%g"
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
      set primary group script      = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
      add machine script            = /usr/local/sbin/smbldap-useradd -w "%m"

regards,
Johan
 
Tried following this a few times, always running into some sort of error.

Cleaned 8.1 FreeBSD install and I followed the guide until I get to the part about starting slapd and get the following error:
Code:
# /usr/local/etc/rc.d/slapd start
Starting slapd.
Unrecognized database type (bdb)
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd

I can't see to figure out how to fix it. I watched it install BDB, so I'm not sure why it's complaining. I ended up using Samba 3.4.8 because apparently I can't figure out how to get the newest version to appear in /usr/ports/. Hopefully that won't matter...
 
fuzzy-hat -
Samba 3.5.6 was in ports 2 weeks back.. now it is a bad plist.

I had the same issue make sure you have the following line in your slapd.conf:

Code:
moduleload back_bdb

Sylhouette -

I did the net join command first time around.. I havn't been able to test the quotes yet.. let you know if that fixes it.

Thanks,

- Chris
 
About the moduleload back_bdb in the slapd.conf file, i had to remover it.
If i did leave it in there, it would not start, and errors out with something like module BDB already loaded.(out of my head)


I will add it to the howto.

Gr
Syl
 
Syl, i think its the way the newer version is built in ports..

I tried to use quotes around the %x settings in the smb.conf but unfortunately still getting the same error as posted earlier.
- Chris
 
I know i had this error message once.
I do not remember what i did to resolv this.

Could it be that cups is not running?
If my memory serves me well, it had something to do with a service that is not running, but i could be wrong.

If i have some more time, i will look into this.

Gr
Syl
 
I'd like to start by pointing out I'm an idiot. I've found some of my mistakes. So for anyone else reading this

fuzzy-hat said:
# /usr/local/etc/rc.d/slapd start
Starting slapd.
Unrecognized database type (bdb)
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd

I can't see to figure out how to fix it. I watched it install BDB, so I'm not sure why it's complaining.
This is actually addressed in the HOW TO. It's possible it wasn't there until recently but more likely I skimmed over it because I've never had to change that value before. All I had to do was actually read the guide and uncomment
Code:
moduleload back_bdb
in the slapd.conf file to make it work.

fuzzy-hat said:
I ended up using Samba 3.4.8 because apparently I can't figure out how to get the newest version to appear in /usr/ports/.
As for this, from what I understood from googling, the way to update your ports tree was to use csup or cvsup (I think I tried something else as well). It of course looked like it was updating to me, but nothing ever changed.

Today I finally found out that you run:
[CMD=]portsnap fetch[/cmd]
[cmd=]portsnap extract[/CMD]

to update your ports tree.

Next time I will try to read better. Sorry for wasting people's time.
 
Hello, if I want to add a FreeBSD ZFS file server to a Windows 2003 AD domain, could anybody point out what modifications I need to make to this how-to (obviously I won't need LDAP, DHCP etc...)
 
Hi

First of all, thank you for the HowTO!

I have some little problems with my config. I try to get my ldap into a jail, so my network config of the host is:
Code:
fxp0 192.168.1.66
with alias for the jail on 192.168.100.1 the jail is called "ldap-jail"

So the first problem I have, is running slapd with
Code:
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/ ldap://192.168.100.1/"'

Without the parameter ldap://192.168.100.1 slapd starts without problems, but with the parameter I get:
Code:
Mar 18 21:28:39 LDAP slapd[25467]: @(#) $OpenLDAP: slapd 2.4.24 (Mar 18 2011 16:32:42) $ 	root@LDAP:/usr/ports/net/openldap24-
server/work/openldap-2.4.24/servers/slapd
Mar 18 21:28:39 LDAP slapd[25467]: daemon: bind(8) failed errno=48 (Address already in use)
Mar 18 21:28:39 LDAP slapd[25467]: slapd stopped.
Mar 18 21:28:39 LDAP slapd[25467]: connections_destroy: nothing to destroy.

So I proceed without this parameter, but at the end of the samba section I have another problem when I try to populate the database:

Code:
smb-server01# smbldap-populate -u 10000 -g 10000 -r 10000
Populating LDAP directory for domain TESTDOMAIN (S-1-5-21-3989252577-37338151-2932095156)
(using builtin directory structure)

adding new entry: dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 7.
adding new entry: ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 12.
adding new entry: ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 17.
adding new entry: ou=Computers,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 22.
adding new entry: ou=Idmap,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 27.
adding new entry: uid=root,ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 58.
adding new entry: uid=nobody,ou=People,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 89.
adding new entry: cn=Domain Admins,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Groups,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 234.
adding new entry: sambaDomainName=TESTDOMAIN,dc=testdomain,dc=com
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 242.

Please provide a password for the domain root: 
No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.

Now I don't know how to resolve this issue and proceed... any ideas?

Thank you

P.S. at the end of smbldap.conf there is
Code:
smbpasswd="/usr/local/bin/smbpasswd"
that should be
Code:
smbpasswd="/usr/local/[B]s[/B]bin/smbpasswd"
 
Sorry for the double-post.

The second issue I had is now solved, I forgot a "{" in my configuration file. Unfortunately I'm still not able to join my domaincontroller.

Code:
smb-server01# net rpc join -S smb-server01 -Uroot
Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Enter root's password:
Could not connect to server smb-server01
Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE

It also fails, when I'm trying do join from a Windows-Client, maybe the reason is the missing parameter 192.168.100.1 in the /etc/rc.conf? :\
 
Hello,

I'm running into the same error as padrino. I followed the tutorial for setting up a Samba PDC with LDAP backend from Sylhouette quite strictly.

Code:
Please provide a password for the domain root:
No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.

Can anyone point me into the right direction to righting this dilemma?

Thanks in advance.
 
Hi Padrino.

padrino said:
Sorry for the double-post.

The second issue I had is now solved, I forgot a "{" in my configuration file. Unfortunately I'm still not able to join my domaincontroller.

Please, could you tell me in what configuration file did you forgot the "{"? I'm also following the same URL to FreeBSD+Samba+PDC and have the same issue as you.

Thank you!!
 
Hi, I followed the howto until net getlocalsid but here I am getting following output:
Code:
net getlocalsid
[2011/01/15 14:18:01.950062,  0] lib/smbldap.c:1151(smbldap_connect_system)
  failed to bind to server ldap://192.168.178.4/ with dn="cn=Manager,dc=fritz,dc=box" Error: Can't contact LDAP server
  	(unknown)
SID for domain SAMBA_SERVER is: S-1-5-21-995152089-1900560301-1122320211
Can I ignore this or is this more then just a warning?

Regards
 
Yes you can, i did a little upgrade to the howto and use the smbldap config script.

It times out because the ldap server is not running.

regards
Johan
 
testparm warnings

Hi! When I used the testparm command, I received some warrnings. Can somebody help me with that? And thanks for HOWTO.


Code:
srv01# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
 
Back
Top