Comments on CentOS 5.x Samba Domain Controller With LDAP Backend
CentOS 5.x Samba Domain Controller With LDAP Backend This will show you how to set up a Samba Domain Controller with a local LDAP backend, using CentOS 5.x (tested on 5.3, still successfully running on 5.4). Includes a web-interface for managing LDAP users/groups/etc.January 2010 -- Now with support for Windows 7 domain logins (see end of guide).
34 Comment(s)
Comments
as "pierre73" suggest below, read more closely.
dn: dc=kaldom.local
and
dn: cn=root,dc=kaldom.local
need to be:
dn: dc=kaldom,dc=local
dn: cn=root,dc=kaldom,dc=local
#domain -> domain.com
dn: dc=domain,dc=com
objectclass: dcObject
objectclass: organization
o: Domain Server
dc: domain
dn: cn=root,dc=domain,dc=com
objectclass: organizationalRole
cn: root
Hi!
I followed the instructions above. But, somehow i'm stuck like them...
dn: dc=hit,dc=com
objectclass: dcObject
objectclass: organization
o: hit.com
dc: hit.com
dn: cn=root,dc=hit,dc=com
objectclass: organizationalRole
cn: root
I already installed Centos 3 times (from the scratch) but still i'm stuck on this section.
Please help.. :(
Hi,
This is how your setup is currently configured.
dn: dc=hit,dc=com
objectclass: dcObject
objectclass: organization
o: hit.com
dc: hit.com
dn: cn=root,dc=hit,dc=com
objectclass: organizationalRole
cn: root
Should be setup like this.
dn: dc=hit,dc=com
objectclass: dcObject
objectclass: organization
o: hit.com
dc: hit
dn: cn=root,dc=hit,dc=com
objectclass: organizationalRole
cn: root
Hope that helps you out, DC should just be HIT not HIT.Com
I figured it out... there must a blank line between dn entries. So the right form is:
dn: dc=hit,dc=com
objectclass: dcObject
objectclass: organization
o: hit.com
dc: hit
dn: cn=root,dc=hit,dc=com
objectclass: organizationalRole
cn: root
this is my file init.ldif
dn: dc=dominio,dc=com
objectclass: dcObject
objectclass: organization
o: PDC
dc: dominio
dn: cn=admin,dc=dominio,dc=com
objectclass: organizationalRole
cn: admin
when i run
# slapadd -l /etc/openldap/init.ldif
get the following error
str2entry: entry -l has multiple DNs "dc=dominio,dc=com" and "cn=admin,dc=dominio,dc=com"
slapadd: could not parse entry ( line=9 )
help!!!
check the reply right above you???
"there must a blank line between dn entries."
Please put a blank line after "dc: dominio " and "cn: admin" and try.
--------------------------------------------------
dn: dc=dominio,dc=com
objectclass: dcObject
objectclass: organization
o: PDC
dc: dominio
dn: cn=admin,dc=dominio,dc=com
objectclass: organizationalRole
cn: admin
--------------------------------------------------
i have the same problem :|
i tried to do follow this: https://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
Put a blank line before the dn: cn=admin,dc=dominio,dc=com line, otherwise slapadd thinks the entire block is one ldif entry when you really have two.
Here's my ldif:
[root@jpdsys3 ~]# cat /etc/openldap/init.ldif
dn: dc=jpdesignsinc,dc=com
objectclass: dcObject
objectclass: organization
o: jpdesignsinc
dc: jpdesignsinc
dn: cn=root,dc=jpdesignsinc,dc=com
objectclass: organizationalRole
cn: root
The message I'm getting is:
[root@jpdsys3 ~]# slapadd -l /etc/openldap/init.ldif
slapadd: line 6: database (dc=jpdesignsinc) not configured to hold "dc=jpdesignsinc,dc=com"
slapadd: line 6: database (dc=jpdesignsinc) not configured to hold "dc=jpdesignsinc,dc=com"
[root@jpdsys3 ~]#
I have this problem.
I have exactly same init.ldif file as in tutorial.
any help?
Thanks! slapadd -l /etc/openldap/init.ldif
<rootpw> can only be set when rootdn is under suffix
slapadd: bad configuration file!
You should pay attention to line spacing among LDAP entries in init.ldif.
The following init.ldif file worked for me:
dn: dc=EXAMPLE,dc=COM
objectclass: dcObject
objectclass: organization
o: EXAMPLE
dc: EXAMPLE
dn: cn=root,dc=EXAMPLE,dc=COM
objectclass: organizationalRole
cn: root
Cheers,
Thanks mate it worked... i was gettingthe error message below str2entry: entry -1 has multiple DNs "dc=logicalsteps,dc=net" and "cn=root,dc=logicalsteps,dc=net"
slapadd: could not parse entry (line=9)
fixed it by following ur suggestion.
My init.ldif looks like this. I have added line number for reference
1 dn: dc=domainname,dc=net
2 objectclass: dcObject
3 objectclass: organization
4 o: domainname
5 dc: domainname
6
7 dn: cn=root,dc=domainname,dc=net
8 objectclass: organizationalRole
9 cn: root
I liked the article very much, so it's already added to my library.
I get the error:
[root@linuxdc openldap]# slapadd -l /etc/openldap/init.ldif
str2entry: entry -1 has multiple DNs "dc=kaldom.local" and "cn=root,dc=kaldom.local"
slapadd: could not parse entry (line=9)
I have also tried with your example, and gets the answer.
My ldif file is as follows:
dn: dc=kaldom.local
objectclass: dcObject
objectclass: organization
o: CentOS Directory Server
dc: kaldom.local
dn: cn=root,dc=kaldom.local
objectclass: organizationalRole
cn: root
Some help here would be very appreciated.
Hello boss,
You need an space throw lines 5 and 6, like this:
dn: dc=kaldom.local
objectclass: dcObject
objectclass: organization
o: CentOS Directory Server
dc: kaldom.local
dn: cn=root,dc=kaldom.local
objectclass: organizationalRole
cn: root
Thats all...Ozkr
[root@centos openldap]# slapadd -l /etc/openldap/init.ldif
str2entry: entry -1 has multiple DNs "dc=example,dc=com" and "cn=admin,dc=example,dc=com"
slapadd: could not parse entry (line=9)
I'm stuck here. Please advise.
What does your /etc/openldap/init.ldif look like?
I have a same problem.
I have exactly same init.ldif file as in tutorial.
any help?
Thanks! H.
Great tutorial.Needs explanation on smb.conf, logon scripts adding users via ldap admin that will help more.
Thank you a lot.You made my life simpler.
Thanks, New Tuto en Frech for CentOS 5.4 :
http://reazy64.blogspot.com/
Hey there, this tutorial is great, in fact howtoforge rocks, I've learned so much by reading here.
Although I've stup my Samba to vbe PDC and works, when I try to implement instructions to use LDAP, at this step:
<code> slapadd -l /etc/openldap/init.ldif </code>
I get
<code>
[root@dbserver samba]# slapadd -l /etc/openldap/init.ldif
bdb(dc=DGHVOIP,dc=lan): no absolute path for the current directory: No such file or directory
bdb_db_open: Database cannot be opened, err 2. Restore from backup!
bdb(dc=DGHVOIP,dc=lan): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem
bdb(dc=DGHVOIP,dc=lan): txn_checkpoint interface requires an environment configured for the transaction subsystem
bdb_db_close: txn_checkpoint failed: Invalid argument (22)
backend_startup_one: bi_db_open failed! (2)
slap_startup failed
</code>
Dinda stuck here as server won't start or anything, I followed the tutorial but as you see I changed EXAMPLE for dc=DGHVOIP,dc=lan
Again GREAT tutorial.
Any hints would be appreciated.
Thanks
Thank you for this great Howto, I got it working finally.
However, there is now a big modification for CentOS 5.5 (maybe other releases, I don't know): you must not use the samba package, but the samba3x package. If samba is already installed, erase it and all its related packets and install samba3x.
Cheers !
can someone update the procedure with the samba3x info?
Trying to do a fresh install of Centos 5.5 and make it into the PDC
thanks
I am attempting to make an LDAP Samba PDC for one of our groups here at the workplace. My hang up is when I follow the tutorial above I run into some issues.
I understand the structure, sort of, but when I try and extend it to my network, I get all sort of errors. My domain is the following: *.la.asu.edu and of course I have a server set up with its own domain name, lets call is domaincontroller. So my FQDN is: domaincontroller.la.asu.edu. Now, in the set up I would assume the following configuration would work:
[init.ldif]:
dn: dc=la,dc=asu,dc=edu
objectclass: dcObject
objectclass: organization
o: PGG Domain Controller
dc: la.asu.edu
dn: cn=root,dc=la,dc=asu,dc=edu
objectclass: organizationalRole
cn: root
However, it doesn't like that dc: la.asu.edu line. I see in the example that is should just be dc: la, but shouldn't this be the FQDN? I guess I'm having trouble understanding how to set up the config files for a PDC that will run on the domain *.la.asu.edu. Can anyone clear this up for me? I don't have a simple example.com domain, so this is where my problem lies. When I try and run the slapadd it complains about the dc: la.asu.edu line, if I chage it to simply, dc: la, slapadd works, but then when I try to start the ldap service, I get a warning and ldap won't start.
Any help? Thanks so much and also for the great tutorial!
it doesn't work. my init.ldif file's configuration is:
dn: dc=youngasia,dc=tv
objectClass: dcObject
objectClass: organization
o: CentOS Directory Server
dc: youngasia
dn: cn=root,dc=youngasia,dc=tv
objectClass: organizationalRole
cn: root
~
~
ERROR is:
str2entry: entry -1 has multiple DNs "dc=youngasia,dc=tv" and "cn=root,dc=youngasia,dc=tv"slapadd: could not parse entry (line=9)
If anyone can pls help me:
All -
I'm starting to understand a lot more about LDAP. I would suggest that anyone who wants to implement a good solid PDC using Samba with an LDAP backend, first learn what LDAP is all about. Out of all the tutorials, including this one, I have seen, not much information is given about LDAP's inner workings. Go get yourself an LDAP book or better yet find one of the LinuxCBT tutorial videos on setting up LDAP. This is really the biggest part of the implementation and understanding it well will give you an edge on getting a PDC in the works. It will also give you a better background for troubleshooting and setting up nicer features to your PDC.
meant to post this awhile back, not sure if everyone gets the same issue, but after running the yum installs on the first step. Some JCode and Map8, Strings, etc perl mods are needed for smbldap-tools.
If anyone experiences that you can make sure all the RPM are installed before smbldap-tools by doing :
| yum install openldap openldap-clients openldap-servers nss_ldap samba samba-client httpd openssl mod_ssl mysql mysql-server php php-xml php-ldap php-mysql php-pdo php-cli php-common perl-LDAP smbldap-tools perl-Digest-SHA1 perl-Digest-SHA perl-Unicode-String perl-Unicode-Map8 perl-Unicode-Map perl-Unicode-MapUTF8 perl-Jcode screen systat dstat |
the last three packages are for my monitoring the servers. Hope this helps any one.
Hi. I'm trying to work thru this tutorial and I'm getting stuck here. I'm using Centos5.5
---------------------------------------------------------------------------------------------------
[root@myserver1 ~]# rpm -Uvh ftp://ftp.pbone.net/mirror/ftp.pld-linux.org/dists/3.0/PLD/noarch/RPMS/smbldap-tools-0.9.5-1.noarch.rpm
Retrieving ftp://ftp.pbone.net/mirror/ftp.pld-linux.org/dists/3.0/PLD/noarch/RPMS/smbldap-tools-0.9.5-1.noarch.rpm
warning: /var/tmp/rpm-xfer.1kSnFL: Header V3 DSA signature: NOKEY, key ID e4f1bc2d
error: Failed dependencies:
/usr/share/perl5/vendor_perl is needed by smbldap-tools-0.9.5-1.noarch
perl(Crypt::SmbHash) is needed by smbldap-tools-0.9.5-1.noarch
perl(Unicode::MapUTF8) is needed by smbldap-tools-0.9.5-1.noarch
rpmlib(PayloadIsLzma) <= 4.4.6-1 is needed by smbldap-tools-0.9.5-1.noarch
-------------------------------------------------------------------------------------------------
This may be an easy fix but I'm a newbie. I have found some of the dependencies but not sure
which versions to install. Thank you.
I was able to find most of the dependencies needed but the 2 below got me stumped.
I'm installing "smbldap-tools-0.9.5-1.noarch.rpm"
error: Failed dependencies:
/usr/share/perl5/vendor_perl is needed by smbldap-tools-0.9.5-1.noarch
rpmlib(PayloadIsLzma) <= 4.4.6-1 is needed by smbldap-tools-0.9.5-1.noarch
Thanks for any help or direction.
I have managed create "ldif"
then i got stuck here when run "service ldap start'
[root@homeshare openldap]# service ldap start
Checking configuration files for slapd: bdb_db_open: alock package is unstable
backend_startup_one: bi_db_open failed! (-1)
slap_startup failed (test would succeed using the -u switch)
[FAILED]
stale lock files may be present in /var/lib/ldap [WARNING]
Any idea why i cannot start the service?
Cheers,
you might try rechecking the ownership and permissions on /var/lib/ldap and the files within . If you run 'chmod -R 600 /var/lib/ldap ' , for instance , you will prevent access to that directory since the directory must have 755 permissions even if the files have 600 permissions . This is easy to miss and actually cost me a couple of hours running 'strace / db_recover / chcon / etc.' when the solution was much easier . My correct directory listing is below .
[~] # ll /var/lib/ldap
total 88040
drwxr-xr-x 2 ldap ldap 4096 Jul 18 16:43 .
drwxr-xr-x 31 root root 4096 Jul 18 16:47 ..
-rw------- 1 ldap ldap 2048 Jul 18 17:18 alock
-rw------- 1 ldap ldap 8192 Jul 18 16:43 cn.bdb
-rw------- 1 ldap ldap 24576 Jul 18 17:18 __db.001
-rw------- 1 ldap ldap 104857600 Jul 18 17:18 __db.002
-rw------- 1 ldap ldap 335552512 Jul 18 17:18 __db.003
-rw------- 1 ldap ldap 2359296 Jul 18 17:18 __db.004
-rw------- 1 ldap ldap 557056 Jul 18 17:18 __db.005
-rw------- 1 ldap ldap 24576 Jul 18 17:18 __db.006
-rw------- 1 ldap ldap 921 Jul 18 16:34 DB_CONFIG
-rw------- 1 ldap ldap 8192 Jul 18 16:43 dn2id.bdb
-rw------- 1 ldap ldap 32768 Jul 18 16:43 id2entry.bdb
-rw------- 1 ldap ldap 10485760 Jul 18 16:43 log.0000000001
-rw------- 1 ldap ldap 8192 Jul 18 16:43 objectClass.bdb
[~] #
Hi,
Thanks for an excellent howto. Just a small point of clarification though:
When setting up the init.ldif, I misunderstood the way that domains were created, so dived straight in with dc=location1,dc=company,dc=local, which meant I then struggled to create dc=location2,dc=company,dc=local, as I couldn't browse dc=company,dc=local or dc=local as I hadn't created them.
Once I realised my mistake, I removed all the files from /var/lib/ldap and started again with a fresh init.ldif file, creating dc=local, then dc=company,dc=local, and finally dc=location1,dc=company,dc=local and dc=location2,dc=company,dc=local.
I know it's a small point, but for people like me coming from MS where AD will automatically create all the containers necessary, it took a little bit of figuring out. Oh, and I managed to remiport all of the data I'd already input by doing slapcat -l /tmp/mydata.ldif and then doing a slapadd -l /tmp/mydata.ldif once I'd created dc= local and dc=company,dc=local.
Now I've just got to master replication across servers!