OpenLDAP + Samba Domain on Ubuntu 7.10

Discussion in 'HOWTO-Related Questions' started by ca_grover, Jan 19, 2008.

  1. ca_grover

    ca_grover New Member

    I followed the How-To just fine, right through to step # 9, where it asks you to reboot your server and confirm you can still login. (http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10-p2)

    So, what do you do when you can no longer login? Console login AND SSH login are both just hanging and/or timing out. (root just hangs, user account times out).

    Short of using a live cd type thing (I'm using a virtual machine) and resetting everything, is there an easy way to fix things? I ran into NO issues at all in the previous steps.

    Unfortunately I can't post the contents of any file to help - becasue I can't log in. :)

    Tips are appreciated.
     
  2. ca_grover

    ca_grover New Member

    Got access, so can post any pertinent files/command output. (rebooted, went to the "recovery" kernel from the Grub menu... I'm trying to back out some of the more recent changes... But can still use some help here... Thanks.
     
  3. falko

    falko Super Moderator

    Are there any errors in your log files?
     
  4. ca_grover

    ca_grover New Member

    Nope. Nothing obvious in any of the log files (messages, syslogd, etc.).

    I stepped back the last couple of changes and then tried to apply them again, thinking I may have messed up one of these steps. I'm getting the same behavior. Console login with root is hanging. SSH connections are being refused. console login with regular user is timing out/hanging.

    I'm stumped. One one hand, I don't really need LDAP authentication to the server itself. On the otherhand, if that isn't working, it suggests setting up a workstation to authenticate against it will fail too. So.... Guess I'm off to learn about PAM.
     
  5. ca_grover

    ca_grover New Member

    Just for completeness, here's the only thing I'm seeing that could be indicative of issues:

    [ 52.715964] Failure registering capabilities with primary security module.

    - in the "dmesg" output.

    I noticed as well that if I use the recovery kernel, I *can* login just fine without having to override anything. slapd is started. But, I'm not totally clear what the recovery kernel is setting up (yet), so suspect the LDAP authentications are not being used.

    On a hunch, I checked if Open LDAP is starting when I use the normal kernel - nope. Well thar's the problem... now if I can just figure out why it starts with the recovery kernel, but not the normal kernel... sighs...

    Found a thread on this - seems to be a bug with Ubuntu Gutsy:
    https://bugs.launchpad.net/ubuntu/ source/libnss-ldap/ bug/155947
     
  6. falko

    falko Super Moderator

    Do you get any errors when you start OpenLDAP manually?
     
  7. ca_grover

    ca_grover New Member

    No errors starting LDAP. The problem seems to be in the changes to the authentication files (i.e. /etc/pam.d/* and /etc/nsswitch.conf).
     
  8. falko

    falko Super Moderator

    Seems as if some other service is already listening on a port that the system is trying to bind to: http://ubuntuforums.org/showthread.php?t=604312
     
  9. alshira

    alshira New Member

    Vista login in domain

    When i tried to join a Vista PC in domain show the following message:
    The join operation was not successful. This could be because an existing computer account having name "name_of_machine" was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any state conflict account. The error was: Access id Denied

    Thanks for the help that you can bring me.
    Edit/Delete Message
     
  10. alshira

    alshira New Member

    Solve

    The problem was i didn't comment the line:
    invalid users = root

    in the /etc/samba/smb.conf
     
  11. Linocks

    Linocks New Member

    Step 11: Configure our primary DNS Zone using WebMin

    I am trying to do my first installation of an LDAP server according to the 'Howto' at Step 11: Configure our primary DNS Zone using WebMin and when I get to that part of the instructions Click "Apply Changes" button, I get an error message as shown in the attached image.

    I have followed the instructions but made the following changes : -
    1. The server installation (as assumed on page 1) was done in accordance with the The Perfect Server - Ubuntu Hardy Heron (Ubuntu 8.04 LTS Server)
    2. I used 8.04 (Hardy Heron) instead of using 7.10 (Gutsy Gibbon)
    3. I used webmin_1.420_all.deb instead of webmin_1.380_all.deb

    I thought I was doing so well and I did not receive any error messages before that stage.:confused:

    Can anyone assist?:(

    Hello,

    I entered the following commands and my problem was solved : -

    1. /etc/init.d/bind9 stop
    2. /etc/init.d/sysklogd restart
    3. /etc/init.d/bind9 start

    I got to the next stage.

    Thanks!
     

    Attached Files:

    Last edited: Jun 14, 2008
  12. Linocks

    Linocks New Member

    Attached Files:

  13. alshira

    alshira New Member

    RE: Step 14: Configure your Windows XP Professional Client

    the answer for your question:

    Step 14: Configure your Windows XP Professional Client
    Now I'm getting this error message when I try to add a computer to the Domain
    as per Step 14: Configure your Windows XP Professional Client when it should say "Welcome to the example domain." : -
    14th June 2008 05:42

    In the smb.conf

    you must change the vales:
    workgroup = EXAMPLE
    # Begin: Custom LDAP Entries
    #
    ldap admin dn = cn=admin,dc=example,dc=local
    ldap suffix = dc=example, dc=local


    to your names domain.
     
  14. Linocks

    Linocks New Member

    RE: Step 14: Configure your Windows XP Professional Client

    I did do that!! :confused:
     
  15. Linocks

    Linocks New Member

    Step 8: Add an LDAP user to the system

    I decided to start again!

    This time I got to Step 8: Add an LDAP user to the system!

    I got the below error message : -

    Code:
    root@server1:/etc/smbldap-tools# smbldap-useradd -a -m -M ricky -c "Richard M" ricky
    Could not find base dn, to get next uidNumber at /usr/share/perl5/smbldap_tools.pm line 1073.
    What went wrong this time?? :confused:

    It will suffice to say the installation has stopped (well I've decided not to go any further) until I have obtained a solution.

    On this occasion I decided to install with no 'previous' server installations. I followed the installation instructions but used Ubuntu 8.04 (Hardy Heron).

    Thanks in advance. :cool:
     
  16. Linocks

    Linocks New Member

    Re Step 8: Add an LDAP user to the system

    In the example above I have edited the smbldap.conf file as follows : -
    Code:
    # Where to store next uidNumber and gidNumber available for new users and groups
    # If not defined, entries are stored in sambaDomainName object.
    # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
    # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
    sambaUnixIdPooldn="[B][I]sambaDomainName=EXAMPLE,${suffix}[/I][/B]"
    When I edit it as below : -
    Code:
    # Where to store next uidNumber and gidNumber available for new users and groups
    # If not defined, entries are stored in sambaDomainName object.
    # Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
    # Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
    sambaUnixIdPooldn="[B][I]sambaDomainName=[COLOR="Red"]$[/COLOR]EXAMPLE,${suffix}[/I][/B]"
    I got this error message : -
    Code:
    root@niro1:/etc/smbldap-tools# smbldap-useradd -a -m -M ricky -c "Richard M" ricky
    
    Error looking for next uid in sambaDomainName=$EXAMPLE,dc=EXAMPLE,dc=local:No 
    such object at /usr/share/perl5/smbldap_tools.pm line 1071.
    So I'm getting an error message with or without the $.:confused:

    There is no $ in the 'Howto' but the smbldap.conf file defaults to a $ before the Domain prior to editing it.
     
  17. sangamc

    sangamc New Member

    i too have the same problem once in a while and usually cant find out what caused the problem. i use fedora and FDS, and have sucessfully installed a complete pdc and gotten passed this step, but cant for the life of me find a solid answer. sometimes defining the indexes uidNumber and gidNumber in the database will work, but if they have been defined already i get stuck
     
  18. SOaD!

    SOaD! New Member

    Hi,

    You should try : sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
     
  19. sangamc

    sangamc New Member

    i ended up switching to centos and using centos-ds (which is basically the same thing as fedora-ds) and it works alot better. i also do the following

    Import NextFreeUserId ldif

    dn: cn=NextFreeUnixId,dc=example,dc=com
    objectClass: inetOrgPerson
    objectClass: sambaUnixIdPool
    uidNumber: 1000
    gidNumber: 1000
    cn: NextFreeUnixId
    sn: NextFreeUnixId

    ldapadd -x -c -D 'cn=Directory Manager' -W -f /tmp/nextusrid.ldif
    Enter LDAP Password:

    and no longer have the described problem anymore
     
  20. mperreault

    mperreault New Member

    Trouble with getting XP to join Domain..

    I've been trying to follow this http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10-p Tutorial on and off for the past 2 months. I work in a school and as we have run out of CAL's for the Windows 2003 SBS I would rather replace the domain controller with something free as we can't afford to buy the CAL's...

    Anyway I've reached the point where I get the XP machine to join the domain. I type "root" as the username and "12345" as the password and I get..

    The following error occurred attempting to join the domain "example":

    The user name could not be found.


    I've tried using sysadmin for the user. and it also doesn't work...

    Any ideas?
     

Share This Page