HOWTO: Samba PDC with LDAP backend - Page 2

illex · #26 November 5th, 2011, 13:41

Oh,

Code:

max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)

It was fixed by editing a /boot/loader.conf. But WARNINGS still continuous.

Sylhouette · #27 November 5th, 2011, 15:33

/boot/loader.conf values are only read at bootup.
So you need to reboot the machine.

regards
Johan

illex · #28 November 5th, 2011, 16:20

Yeah, I fixed it. Now I have:

Code:

srv01# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

So how can I fix this WARNINGS? thx

Sylhouette · #29 November 5th, 2011, 20:12

I think you use a newer version of samba then 3.5.x.
Are you using samba 3.6.1?

If so, comment out by putting a # before the following lines.

Code:

     enable privileges = yes
      idmap backend                 = ldap:ldap://smb-server01.testdomain.com
      idmap uid                     = 10000-20000
      idmap gid                     = 10000-20000

That should get rid of the errors.

Gr
Johan

illex · #30 November 5th, 2011, 23:50

Yes, I'm using samba 3.6.1.
I've commented those lines and now it has no warnings, but does it's ok without those lines?

Now I have some problem with connection to domain:

Code:

srv01# net rpc join -S srv01 -U root
Connection failed: NT_STATUS_INVALID_PARAMETER
Enter root's password:
Could not connect to server srv01
Connection failed: NT_STATUS_INVALID_PARAMETER

Do you know how to fix it?
thx

Sylhouette · #31 November 6th, 2011, 09:05

No i have not used samba 3.6.1 before.
Maybe i have some time next week to try it, but i can not promise if i get to it.

Is everything running?
Cups, samba,(smbd, nmbd and winbind) slapd and so on.
Also try -Uroot without a space, i do not know if it makes a difference.

If you find the solution yourself, please let me know, then i can edit the howto.

regards
Johan

illex · #32 December 4th, 2011, 16:11

I guess the problem was because of I tried to install samba as pdc on computer with 2 ethernet card and PF firewall

Now it works!

I'm sorry for newbie question, but how should I add users? I've downloaded "LDAP Admin", but I'm not sure that it's right way. Maybe I should use some commands?

Sylhouette · #33 December 4th, 2011, 20:42

Hello, there are several ways.

one is LDAP Admin like you installed.

There is also ldap account manager also in the ports tree.

http://www.ldap-account-manager.org/

or you could use the command line.

http://clark-technet.com/linux-guide...-to-samba-ldap

The commands in your /usr/local/etc/smb.conf file can be used also from the command line.

Code:

add user script               = /usr/local/sbin/smbldap-useradd -m %u
      delete user script            = /usr/local/sbin/smbldap-userdel %u
      add group script              = /usr/local/sbin/smbldap-groupadd -p %g
      delete group script           = /usr/local/sbin/smbldap-groupdel %g
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m %u %g
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
      set primary group script      = /usr/local/sbin/smbldap-usermod -g %g %u
      add machine script            = /usr/local/sbin/smbldap-useradd -w %m

So the following comman will add the user illex to the system

Code:

/usr/local/sbin/smbldap-useradd -m illex

The following command will add a new group named experts

Code:

/usr/local/sbin/smbldap-groupadd -p experts

The following command will add the user illex to the group experts

Code:

/usr/local/sbin/smbldap-groupmod -m illex experts

So there are many ways

regards
Johan

Daren · #34 January 4th, 2012, 13:32

Hi

I know it's been a while since this has been updated, but firstly: thanks!

I am having a small issue regarding certain aspects of the "net rpc" command though.

If I do:

Code:

# net rpc info -U root%password

I get output as expected (listing domain name, sid, number of users etc.), however the following happens if I try to list groups, for instance:

Code:

# net rpc group list -U root%password
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_PARAMETER

I get something similar if I try the command relating to users, but with an additional error:

Code:

# net rpc user info darenr -U root%password
Connection to localhost failed (Error NT_STATUS_INVALID_PARAMETER)
Failed to get groups for 'darenr' with error: Failed to connect to IPC$ share on localhost.

I have tried a bit of googling, but nothing seems to come up (or I'm going blind

)

I have been able to successfully join a workstation to the domain, and login as a user I added via LAM, as well as successfully adding files to the test share I have set up.

If you could give any pointers or hints as to what I may have missed, I'd much appreciate it.

Thanks
Daren

Daren · #35 January 6th, 2012, 11:15

I found out my issue. Although I had looked at it so many times, I had missed a "0" on the end of the lo0 interface in smb.conf.

What an idiot I feel

bmmcwhirt · #36 June 25th, 2012, 21:28

I followed this and everything goes great. However in Win7pro64 you cant run usermgr.exe. So I use the /usr/local/sbin/smbldap-useradd -m %u command with my intended user name, then I use smbldap-passwd to set the password. The user remains unable to log into the domain. I can join a machine to the domain just fine and I can even login with "root" on the domain.

Samba error log for the machine:

Code:

[2012/06/25 19:56:46.381799,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2012/06/25 19:56:46.382697,  0] lib/util_sock.c:1441(get_peer_addr_internal)
  getpeername failed. Error was Socket is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Socket is not connected.

and this is in slapd.conf:

Code:

Jun 25 19:56:17 services slapd[723]: conn=1155 fd=23 ACCEPT from IP=192.168.11.7:44708 (IP=192.168.11.7:389)
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" method=128
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" mech=SIMPLE ssf=0
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 RESULT tag=97 err=0 text=
Jun 25 19:56:17 services slapd[723]: connection_input: conn=1155 deferring operation: binding
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH attr=supportedControl
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH attr=gidNumber sambaSID sambaGroupType
 sambaSIDList description displayName cn objectClass
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH base="sambaDomainName=KB9YEN,dc=kb9yen,dc=com"
 scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH attr=sambaPwdHistoryLength
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(uid=bmmcwhirt)(objectClass=sambaSamAccount))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory
 sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
 sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
 sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
 objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
 sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=homeDirectory loginShell gecos
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:46 services slapd[723]: conn=1155 op=5 UNBIND
Jun 25 19:56:46 services slapd[723]: conn=1155 fd=23 closed

And the relevant output of ldapsearch:

Code:

# bmmcwhirt, People, kb9yen.com
dn: uid=bmmcwhirt,ou=People,dc=kb9yen,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: bmmcwhirt
sn: bmmcwhirt
uid: bmmcwhirt
uidNumber: 10003
gidNumber: 513
homeDirectory: /home/bmmcwhirt
loginShell: /bin/sh
gecos: System User
givenName: bmmcwhirt
userPassword:: {deleted for security}
shadowLastChange: 15516
shadowMax: 10000

Any help or advice would be greatly appreciated.

gkontos · #37 October 16th, 2012, 21:02

Excellent how-to, works like a charm with some modifications for net/samba36

Thumbs up!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HOWTO: QEMU on FreeBSD	vermaden	Howtos & FAQs	53	June 28th, 2012 03:36
HOWTO: FreeBSD with CCACHE	vermaden	Howtos & FAQs	52	June 2nd, 2012 15:45
HOWTO: Setup a Pure-FTPd server with virtual users	tangram	Howtos & FAQs	38	April 25th, 2012 12:15
HOWTO: FreeBSD CPU Scaling and Power Saving	vermaden	Howtos & FAQs	47	December 30th, 2011 15:25
HOWTO: Install and setup MLDonkey on FreeBSD	tangram	Howtos & FAQs	0	November 17th, 2008 11:30