Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th April 2011, 12:44
jmangan jmangan is offline
Junior Member
 
Join Date: Dec 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default centos-5.x-samba-domain-controller-with-ldap-backend

I'm having trouble with this HowTo. I have tried it three times and I keep hitting the same problem with smbldap-populate:

Please provide a password for the domain root:
/usr/sbin/smbldap-passwd: user root doesn't exist


Sometimes I get other messages depending on how I've tried to hack about with the config files but this is the core issue.

I am using CentOS 5.6 virtual machines. I have tried twice with the rootdn: cn=admin,dc=mydomain,dc=local and once with cn=root,dc=mydomain,dc=local.

I have not had any problems with any of the intermediate tests but I keep hitting this roadblock and none of the other solutions I have seen appear to be relevant to this issue.

I can supply all of the config files I am using but I guess the most relevant are smbldap.conf:

# $Id: smbldap.conf 35 2011-02-23 09:07:36Z fumiyas $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.

# Purpose :
# . be the configuration file for all smbldap-tools scripts

################################################## ############################
#
# General Configuration
#
################################################## ############################

# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-2921960468-3928737370-2077895756"

# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
sambaDomain="PDC-SRV"

################################################## ############################
#
# LDAP Configuration
#
################################################## ############################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
slaveLDAP="CentOS5-DC.mydomain.local"

# Slave LDAP port
# If not defined, parameter is set to "389"
slavePort="389"

# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP="CentOS5-DC.mydomain.local"

# Master LDAP port
# If not defined, parameter is set to "389"
masterPort="389"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to "0"
ldapTLS="0"

# Use SSL for LDAP
# If set to 1, this option will use SSL for connection
# (standard port for ldaps is 636)
# If not defined, parameter is set to "0"
ldapSSL="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/pki/tls/certs/ldapserverca.pem"

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/pki/tls/certs/ldapclient.pem"

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/pki/tls/certs/ldapclientkey.pem"

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=mydomain,dc=local"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=People,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Group,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain}, ${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain}, ${suffix}"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="SSHA"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"

################################################## ############################
#
# Unix Accounts Configuration
#
################################################## ############################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Default mode used for user homeDirectory
userHomeDirectoryMode="700"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"

################################################## ############################
#
# SAMBA Configuration
#
################################################## ############################

# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome="\\PDC-SRV\%U"

# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile="\\PDC-SRV\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive="H:"

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain="mydomain.local"

################################################## ############################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
################################################## ############################

# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

# comment out the following line to get rid of the default banner
# no_banner="1"


and smbldap_bind.conf:

# $Id: smbldap_bind.conf 35 2011-02-23 09:07:36Z fumiyas $
#
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
# slaveDN="cn=Manager,dc=example,dc=com"
slaveDN="cn=root,dc=mydomain,dc=local"
# slavePw="secret"
slavePW="{SSHA}DhKGiA3LwvNVDuz2LtfE8aW0bbkvHwMO"
# masterDN="cn=Manager,dc=example,dc=com"
masterDN="cn=root,dc=mydomain,dc=local"
# masterPw="secret"
masterPW="{SSHA}DhKGiA3LwvNVDuz2LtfE8aW0bbkvHwMO"


Can anyone offer any ideas, troubleshooting procedure or any assistance. I've tried including the secrets as plain-text passwors, with quotes, without quotes. I've tried changing the Samba domain, I've left it at default. I'm out of ideas.

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 21st April 2011, 11:39
jmangan jmangan is offline
Junior Member
 
Join Date: Dec 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Anyone?

I've just had my fourth go and this time, based on a comment I had previously missed, I replaced samba with samb3x.

Same result! There must be some way to diagnose the issue so that I can work out how to fix it?
Reply With Quote
Reply

Bookmarks

Tags
centos, ldap, samba

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Roaming Profile Error with Samba Domain Controller Setup noahlau HOWTO-Related Questions 6 8th March 2008 19:33
Roaming Profile Error with Samba Domain Controller Setup singe Installation/Configuration 1 14th April 2007 08:47
samba domain controller - ubuntu eoij1 HOWTO-Related Questions 3 6th October 2006 15:35
SAMBA domain controller / CUPS gradedcheese HOWTO-Related Questions 14 8th March 2006 10:21
Samba as domain controller alex Suggest HOWTO 13 12th December 2005 15:00


All times are GMT +2. The time now is 02:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.