1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HOWTO: Samba PDC with LDAP backend

Discussion in 'Howtos and FAQs (Moderated)' started by Sylhouette, Dec 3, 2008.

  1. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    Hello all.
    I have put this Howto in an HTML on the web.

    This makes it easier to edit it, and keep it up to date.

    you can find it here
    http://www.xs4all.nl/~doub/samba-ldap/index.html

    I updated it.
    This howto uses FreeBSD 8.1 with the ports tree from 12-10-2010


    I put in the BIND and DHCP config also.

    regards,
    Johan
     
    Daren, royvandam, Bink and 6 others thank for this.
  2. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,765
    Thanks Received:
    1,870
    Since the first post was radically altered, the entire thread following it became 'orphaned', so we may as well start over again with the new information in the first post as a starting point.
     
  3. fdge

    fdge New Member

    Messages:
    3
    Thanks Received:
    0
    I keep getting "segmentation fault" with slapd and I'm just lost now with what could be wrong.
     
  4. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    What do you get when you do a pkg_info

    Also have you tried pkg_delete openldap-server-<version>
    And the a reinstall.
    you can also try pkg_add -r openldap-server, this way you install a package.
    If that one also crash, something else is going on.

    regards,
    Syl
     
    fdge thanks for this.
  5. fdge

    fdge New Member

    Messages:
    3
    Thanks Received:
    0
  6. alisel

    alisel New Member

    Messages:
    1
    Thanks Received:
    0
    Hi! I followed the HOWTO (thank you very much for your efforts!!) but I have a little issue. After applying changes to nsswitch.conf I get: nss_ldap could not search LDAP server. Slapd is up and running. Any ideas?
     
  7. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    Did you fill the database..

    Also make sure the ldap.conf file is correct.!

    Gr
    Syl
     
  8. TitanIT

    TitanIT New Member

    Messages:
    5
    Thanks Received:
    1
    Thank you for the good job on that howto.

    I setup a 8.1 box based on this config using Nov 1st 2010 ports...

    I think I ended up using a newer version of perl.. but it all went fairly smooth and it seems to work.

    I joined a XP box to the domain, successfully logged in as root and I decided to download Usermgr.exe as mentioned in the howto. I downloaded usermgr.exe from Microsoft.... I can see the accounts but once I try to do anything. it says
    Code:
    A device attached to the system is not functioning
    Nothing strange on the workstation/firewall or whatnots.. and nothing odd in the logs, that I can tell.

    Anyone experience this that knows a quick fix?

    Cheers

    - Chris
     
  9. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    Did you do the last step,
    Code:
    net rpc join -S smb-server01 -Uroot
    


    Also you can try to use quotes around the %x settings in the smb.conf file like below, and reload/restart samba

    Code:
    # scripts invoked by samba
          add user script               = /usr/local/sbin/smbldap-useradd -m "%u"
          delete user script            = /usr/local/sbin/smbldap-userdel "%u"
          add group script              = /usr/local/sbin/smbldap-groupadd -p "%g"
          delete group script           = /usr/local/sbin/smbldap-groupdel "%g"
          add user to group script      = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
          delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
          set primary group script      = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
          add machine script            = /usr/local/sbin/smbldap-useradd -w "%m"
    


    regards,
    Johan
     
  10. fuzzy-hat

    fuzzy-hat New Member

    Messages:
    3
    Thanks Received:
    0
    Tried following this a few times, always running into some sort of error.

    Cleaned 8.1 FreeBSD install and I followed the guide until I get to the part about starting slapd and get the following error:
    Code:
    # /usr/local/etc/rc.d/slapd start
    Starting slapd.
    Unrecognized database type (bdb)
    /usr/local/etc/rc.d/slapd: WARNING: failed to start slapd
    


    I can't see to figure out how to fix it. I watched it install BDB, so I'm not sure why it's complaining. I ended up using Samba 3.4.8 because apparently I can't figure out how to get the newest version to appear in /usr/ports/. Hopefully that won't matter...
     
  11. TitanIT

    TitanIT New Member

    Messages:
    5
    Thanks Received:
    1
    fuzzy-hat -
    Samba 3.5.6 was in ports 2 weeks back.. now it is a bad plist.

    I had the same issue make sure you have the following line in your slapd.conf:

    Code:
    moduleload back_bdb


    Sylhouette -

    I did the net join command first time around.. I havn't been able to test the quotes yet.. let you know if that fixes it.

    Thanks,

    - Chris
     
    fuzzy-hat thanks for this.
  12. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    About the moduleload back_bdb in the slapd.conf file, i had to remover it.
    If i did leave it in there, it would not start, and errors out with something like module BDB already loaded.(out of my head)


    I will add it to the howto.

    Gr
    Syl
     
  13. TitanIT

    TitanIT New Member

    Messages:
    5
    Thanks Received:
    1
    Syl, i think its the way the newer version is built in ports..

    I tried to use quotes around the %x settings in the smb.conf but unfortunately still getting the same error as posted earlier.
    - Chris
     
  14. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    I know i had this error message once.
    I do not remember what i did to resolv this.

    Could it be that cups is not running?
    If my memory serves me well, it had something to do with a service that is not running, but i could be wrong.

    If i have some more time, i will look into this.

    Gr
    Syl
     
  15. fuzzy-hat

    fuzzy-hat New Member

    Messages:
    3
    Thanks Received:
    0
    Thanks for the suggestion.
    I'm going to give it another go.
     
  16. fuzzy-hat

    fuzzy-hat New Member

    Messages:
    3
    Thanks Received:
    0
    I'd like to start by pointing out I'm an idiot. I've found some of my mistakes. So for anyone else reading this

    This is actually addressed in the HOW TO. It's possible it wasn't there until recently but more likely I skimmed over it because I've never had to change that value before. All I had to do was actually read the guide and uncomment
    Code:
    moduleload back_bdb

    in the slapd.conf file to make it work.

    As for this, from what I understood from googling, the way to update your ports tree was to use csup or cvsup (I think I tried something else as well). It of course looked like it was updating to me, but nothing ever changed.

    Today I finally found out that you run:
    portsnap fetch
    portsnap extract

    to update your ports tree.

    Next time I will try to read better. Sorry for wasting people's time.
     
  17. tanked

    tanked Member

    Messages:
    106
    Thanks Received:
    1
    Hello, if I want to add a FreeBSD ZFS file server to a Windows 2003 AD domain, could anybody point out what modifications I need to make to this how-to (obviously I won't need LDAP, DHCP etc...)
     
  18. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    tanked thanks for this.
  19. padrino

    padrino New Member

    Messages:
    2
    Thanks Received:
    0
    Hi

    First of all, thank you for the HowTO!

    I have some little problems with my config. I try to get my ldap into a jail, so my network config of the host is:
    Code:
    fxp0 192.168.1.66
    with alias for the jail on 192.168.100.1 the jail is called "ldap-jail"

    So the first problem I have, is running slapd with
    Code:
    slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://127.0.0.1/ ldap://192.168.100.1/"'


    Without the parameter ldap://192.168.100.1 slapd starts without problems, but with the parameter I get:
    Code:
    Mar 18 21:28:39 LDAP slapd[25467]: @(#) $OpenLDAP: slapd 2.4.24 (Mar 18 2011 16:32:42) $ 	root@LDAP:/usr/ports/net/openldap24-
    server/work/openldap-2.4.24/servers/slapd
    Mar 18 21:28:39 LDAP slapd[25467]: daemon: bind(8) failed errno=48 (Address already in use)
    Mar 18 21:28:39 LDAP slapd[25467]: slapd stopped.
    Mar 18 21:28:39 LDAP slapd[25467]: connections_destroy: nothing to destroy.
    


    So I proceed without this parameter, but at the end of the samba section I have another problem when I try to populate the database:

    Code:
    smb-server01# smbldap-populate -u 10000 -g 10000 -r 10000
    Populating LDAP directory for domain TESTDOMAIN (S-1-5-21-3989252577-37338151-2932095156)
    (using builtin directory structure)
    
    adding new entry: dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 7.
    adding new entry: ou=People,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 12.
    adding new entry: ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 17.
    adding new entry: ou=Computers,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 22.
    adding new entry: ou=Idmap,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 27.
    adding new entry: uid=root,ou=People,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 58.
    adding new entry: uid=nobody,ou=People,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 89.
    adding new entry: cn=Domain Admins,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 101.
    adding new entry: cn=Domain Users,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 112.
    adding new entry: cn=Domain Guests,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 123.
    adding new entry: cn=Domain Computers,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 134.
    adding new entry: cn=Administrators,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 179.
    adding new entry: cn=Account Operators,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 201.
    adding new entry: cn=Print Operators,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 212.
    adding new entry: cn=Backup Operators,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 223.
    adding new entry: cn=Replicators,ou=Groups,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 234.
    adding new entry: sambaDomainName=TESTDOMAIN,dc=testdomain,dc=com
    failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 500, <GEN1> line 242.
    
    Please provide a password for the domain root: 
    No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.
    


    Now I don't know how to resolve this issue and proceed... any ideas?

    Thank you

    P.S. at the end of smbldap.conf there is
    Code:
    smbpasswd="/usr/local/bin/smbpasswd"
    that should be
    Code:
    smbpasswd="/usr/local/sbin/smbpasswd"
     
  20. padrino

    padrino New Member

    Messages:
    2
    Thanks Received:
    0
    Sorry for the double-post.

    The second issue I had is now solved, I forgot a "{" in my configuration file. Unfortunately I'm still not able to join my domaincontroller.

    Code:
    smb-server01# net rpc join -S smb-server01 -Uroot
    Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
    Enter root's password:
    Could not connect to server smb-server01
    Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
    


    It also fails, when I'm trying do join from a Windows-Client, maybe the reason is the missing parameter 192.168.100.1 in the /etc/rc.conf? :\
     
  21. CKeoni86

    CKeoni86 New Member

    Messages:
    1
    Thanks Received:
    0
    Hello,

    I'm running into the same error as padrino. I followed the tutorial for setting up a Samba PDC with LDAP backend from Sylhouette quite strictly.

    Code:
    Please provide a password for the domain root:
    No such object at /usr/local/lib/perl5/site_perl/5.12.3/smbldap_tools.pm line 409.
    


    Can anyone point me into the right direction to righting this dilemma?

    Thanks in advance.
     
  22. toomanysecrets

    toomanysecrets New Member

    Messages:
    25
    Thanks Received:
    2
    Hi Padrino.

    Please, could you tell me in what configuration file did you forgot the "{"? I'm also following the same URL to FreeBSD+Samba+PDC and have the same issue as you.

    Thank you!!
     
  23. bsus

    bsus New Member

    Messages:
    299
    Thanks Received:
    0
    Hi, I followed the howto until net getlocalsid but here I am getting following output:
    Code:
    net getlocalsid
    [2011/01/15 14:18:01.950062,  0] lib/smbldap.c:1151(smbldap_connect_system)
      failed to bind to server ldap://192.168.178.4/ with dn="cn=Manager,dc=fritz,dc=box" Error: Can't contact LDAP server
      	(unknown)
    SID for domain SAMBA_SERVER is: S-1-5-21-995152089-1900560301-1122320211
    

    Can I ignore this or is this more then just a warning?

    Regards
     
  24. Sylhouette

    Sylhouette Member

    Messages:
    186
    Thanks Received:
    23
    Yes you can, i did a little upgrade to the howto and use the smbldap config script.

    It times out because the ldap server is not running.

    regards
    Johan
     
  25. illex

    illex New Member

    Messages:
    5
    Thanks Received:
    0
    testparm warnings

    Hi! When I used the testparm command, I received some warrnings. Can somebody help me with that? And thanks for HOWTO.


    Code:
    srv01# testparm /usr/local/etc/smb.conf
    Load smb config files from /usr/local/etc/smb.conf
    max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
    rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
    WARNING: The "enable privileges" option is deprecated
    WARNING: The "idmap backend" option is deprecated
    WARNING: The "idmap uid" option is deprecated
    WARNING: The "idmap gid" option is deprecated
    Processing section "[netlogon]"
    Processing section "[homes]"
    Processing section "[Profiles]"
    Processing section "[printers]"
    Processing section "[print$]"
    Processing section "[data]"
    Loaded services file OK.
    Server role: ROLE_DOMAIN_PDC
    Press enter to see a dump of your service definitions