Mandriva Directory Server On Debian Etch - Page 6

19 MMC Webinterface

Now you can access the MMC webinterface via (http is not working at the moment). Log in as root. Later, when the nameserver and the dhcp-server are configured (and you are using them), you should connect via (the connection will automatically be diverted to https) or

Welcome to the Mandriva Management Console.


19.1 First Steps: DNS Zone

Click on "Network" in the main-menu at the top and afterwards on "Add DNS Zone" in the left menu. Edit the settings as shown on the screenshot below. Click on "Create" to save the settings. Note: A DHCP subnet with basic settings will be created - you'll edit it in the next step (19.2).

Now you have to add an alias to the first member of the DNS zone to make the Squid redirect-VHost accessible. Click on "DNS zones" on the left side and then on the little magnifier next to the zone entry.

Click on the "pen & paper" symbol next to the host entry.

Insert "blocked" as hostname alias and confirm the setting.


19.2 First Steps: DHCP Subnet Configuration

Now you have to edit the DHCP subnet. Click on "DCHP subnets" on the left side and afterwards on the "pen & paper" symbol next to the subnet entry.

Edit the settings as shown on the screenshots below. Maybe you want to use another ip-range for the address pool or other lease-times. Click on "Confirm" to save the settings. Note: The domain name servers are separated by a comma - without spaces.

Now the DHCP settings are complete and you can start the DHCP server. Click on "Network services management" on the left side and afterwards click on the green triangle to start the DHCP server. Note: Whenever you create/delete/change DHCP subnets you have to restart the DHCP server.


19.3 First Steps: Domain Administrator Mailaccount

If you want to use the Administrator mailaccount you have to enable it. Click on "Users" in the main menu on the top - you'll see the users list. Click on the "pen & paper" symbol next to the Administrator entry.

Enter a mail address into the corresponding field.

Enable the mail plugin, enter a desired quota and save the settings.
* Maybe you have to insert the quota once again (because the MMC overwrote the quota with the default value) and save the settings. (I had to do so)


19.4 First Steps: First Domain User Account

Time to create the first domain user account. Click on "Add" on the left side and create a user as shown on the screnshots below. Keep in mind, that you probably have to edit the quota twice. Note: Some settings have a red underline - when you hover over them you'll see a short description about this setting.

Share this page:

26 Comment(s)

Add comment


From: at: 2009-05-07 23:34:28

i followed literally the first age of howto and i got this error:

May  8 03:21:20 pdc slapd[2396]: /etc/ldap/slapd.conf: line 24: unknown directive <schemacheck> outside backend info and database definitions.

i fixed commenting this line

 after fixed, retarted slapd and got:

 /etc/ldap/slapd.conf: line 47: unknown directive <checkpoint> outside backend info and database definitions.
fixed this, too, commentig it


debian lenny with all packages updated

From: Alder at: 2009-05-29 09:19:14

Simply delete schemacheck on. 

my system debian lenny with all packages updated

From: at: 2009-04-12 19:21:35

Hi NOKSY Sorry to being late at your answer. I've been doing this server for about a 2 years and it's just no a normal issue setting up this server. About this error I could say that you' re missing some part of the tutorial, as I've done this server again perfectly 2 days ago. Try to read all the tutorial first, then you proceed to install it. It's very confuse, but at the end you will discover its a very functional tool that saves a lot of time.

From: at: 2008-02-26 20:31:41

Hi Álvaro,

for security reasons I configured the system that it is only accessible from the local network.

If you want to access the MMC from outside, you have to modify the settings for the https vhost (step 16.3.2). Change "Allow from" to "Allow from all". Afterwards restart the webserver (/etc/init.d/apache2 restart). Additionally you have to adjust the firewall settings that port 443 will be forwarded to the MDS.

Best regards,


From: at: 2008-03-07 03:14:02

Just passing by to say that tool is fantastic!!!! I've good things coming up here; think to the possibility to come to Brazil and make like a partnership program with us.....We'll work with a lot of big companies and I think to implement this tool.....Acctually I've been asked about this tool, and its great the fact we could make a very powerfull server with a lot of resources, using low hardware and high space.......Well, anyway I would like to say that you're invite come to Brazil anytime.......


My Best regards,


From: at: 2008-03-02 01:02:20

Thanks for this solution Oliver,

 This help me a lot..........Feel free if you need anything (like test some solution, whatever) to contact me anytime

My best regards, 

From: Peter at: 2009-08-16 01:31:30

I got stuck on this and need some help:

/etc/ldap/slapd.conf is missing in my system. I get slapd.d in /etc/ldap/ but nothig like slapd.conf. Can anyone help ?

From: at: 2008-02-22 19:57:46

Hi o.meyer,

 I've got some questions about your installation, but I know it that is me the wrong part, but let me understand something: When I just finish to update the system, and step over to install LDAP, after the install I've got some error messages at the boot time. Is it normal? It says ldap:// - could not connect - Invalid Credentials .

Wich file do I have deal to stop this problem? Can I set my ip address to instead of

Another question is: Where I find "", I've tried to change the names using my account on . Is there any problems?

And the file that controls SAMBA and LDAP servers (smb.conf) says at the first line: workgroup = DYNDNS. Can I use that way??


Alvaro Gomes

(Ps.: Your article is a great and fantastic tool that helps a lot o people over the world, when the subject is Technology of servers. Thanks again for the article, it was great)

From: at: 2008-02-24 12:59:21

Hi Alvaro Gomes,

1.) Yes, the error messages are normal - it's an old udev-bug known since 2006 or earlier. Simply ignore it.

2.) You can change your hostname to whatever you want (in a LAN) :) Have a look at step 1.2 .

3.) Edit the workgroup as you like - but keep in mind that you have to replace some commands in this howto, that they fit to your workgroup.

Best regards,


From: at: 2008-02-25 15:11:54

Thanks for your answer, and again I did raise another question about this system, please don't take me on the wrong way, what I just trying to do is get this solution (for me specially) on the framework, so this way we could install this solution in big scale (production)

Well, about the management of the LDAP Server based on Mandriva directory server, I wish I could have the management out of the site, so this way we can control everything (remote management). I did open the port on the firewall side (smoothwall, port 443) but I'm still stucked c'ause when I try to access it I've got the message: Forbidden. I tried to review the configuration, but nothing yet...Could you help me on this issue:? Thanks again

 Best regards,


Álvaro Gomes

From: at: 2008-04-06 05:06:13

Hi Oliver, how's everything?

I 've got taked a look at my memory status and its seems that processing jobs be a little bit up, is that normal? I 've got a 3.0 GB virtualized memory and its seems to be anormal, and please if you have a suggestion please show me A.S.A.P. Thanks...

From: at: 2008-05-30 18:48:25

It seems to have some kind of error at the end of this installation. Before, I've finished everything just fine, but in about 2 days ago, I didn't get my server done in any way I tried. Its seems to be a error on the Samba Schema or something. I wish I had that log to show you.....if you notice something, please let me know, ok?

Thanks a lot 

From: at: 2008-06-01 19:53:17

Could you take a look at this output from my server and tell me what could be wrong?? This output came from the last step of MDS Server Setup, and its killing me !! Thanks man, I'll really appreciate your help on this....

PS: I've tried to send you a PM, but it says that I don't have 3 counts on my posts, I really didn't get that, but, whatever, you should ignore this comment and just send me a answer by mail, thanks!

No option 'bindgroup' in section: 'dns'
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/mmc/", line 339, in agentService
    if (func()):
  File "/var/lib/python-support/python2.4/mmc/plugins/network/", line 50, in activate
    config = NetworkConfig("network")
  File "/var/lib/python-support/python2.4/mmc/support/", line 81, in __init__
  File "/var/lib/python-support/python2.4/mmc/plugins/network/", line 340, in readConf
    self.bindGroup = self.get("dns", "bindgroup")
  File "", line 520, in get
    raise NoOptionError(option, section)
NoOptionError: No option 'bindgroup' in section: 'dns'
Error while trying to load plugin samba
{'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}
Traceback (most recent call last):
  File "/var/lib/python-support/python2.4/mmc/", line 339, in agentService
    if (func()):
  File "/var/lib/python-support/python2.4/mmc/plugins/samba/", line 129, in activate
    samba.addOu(ouName, path)
  File "/var/lib/python-support/python2.4/mmc/plugins/base/", line 1718, in addOu
  File "/usr/lib/python2.4/site-packages/ldap/", line 163, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.4/site-packages/ldap/", line 405, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/", line 409, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/", line 415, in result3
    rtype, rdata, rmsgid, serverctrls = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.4/site-packages/ldap/", line 94, in _ldap_call
    result = func(*args,**kwargs)
UNWILLING_TO_PERFORM: {'info': 'no global superior knowledge', 'desc': 'Server is unwilling to perform'}

From: at: 2009-02-05 09:52:28

Hi all,

I'm following this "Howto" step by step, but when i  enter this command :

chown -R :"Domain Users" /home/samba/

I have this error message : chown : ':Domain Users' : Invalid group


Do you have an idea please ?



From: Alder at: 2009-05-29 09:20:41

Try this 

chown -R "Domain Users" /home/samba/

debian lenny

From: Anonymous at: 2009-10-23 06:35:17

I can't authenticate any mail user 

telnet x.x.x.x 110

USER user

PASS pass

-ERR Authentication Failed

 My dovecot-ldap.conf

hosts = x.x.x.x
auth_bind = yes
#auth_bind = no
ldap_version = 3
base = dc=test,dc=local
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,mailbox=mail,mailuserquota=quota=maildir:storage
user_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=mailAccount)(mail=%u)(mailenable=OK))
default_pass_scheme = CRYPT
user_global_gid = mail


Any ideas? :)


From: at: 2010-02-08 00:02:11

 Hi Oliver,

 Sorry to botther you putting this comment asking for help, but since Dovecot had a upgraded version, the last line at /etc/dovecot/dovecot-ldap.conf that says "user_global_gid=mail" its not longer usefull, as I've trying to put dovecot to run and I receive this message (at log file): Error: Error in configuration file /etc/dovecot/dovecot-ldap.conf line 11: Unknown setting: user_global_gid.

Do you have any ideas about this problem? If is there any help you could give me on this problem, I'd be appreciated...

Also, when I try to connect using the Microsoft outlook client mail, its just not working either...I know its because dovecot its not runnig, but since I commented in the line "user_global_gid=mail" and get dovecot running again, the service still not working......




From: carlitus at: 2011-10-25 16:41:19

Hi folks! I know, this howto is pretty old but still applicable. Let me give my 2 cents...

I installed it on Debian Lenny, and works great. But you should edit /etc/apt/preferences and add this, before installing required packages:

Package: *
Pin: origin
Pin-Priority: 1001;
This should give priority to MDS packages, and force it to install bind9 from MDS repository instead Lenny's package. If bind9 .deb from Lenny sources is installed, you'll get DNS failures, bind9 will not load internal DNS zones because it doesn't have ldap support. 
Sorry if I did some grammar mistakes, this is not my native language and I need more English lessons. :)

From: jmark at: 2009-01-15 10:28:55

Hi there,

i've tried this tutorial and everything goes right until i reboot my system. After the reboot i was no longer able to log on to the system. I use the latest release of debian. Can someone pointing me how to fix this our a resolution?

P.S: other thing, the package dcc-client is not available on debian 4.01r6? is this important? how to get in?

Thanks in advance..... 

From: at: 2009-06-15 05:02:16

Well, it's an old comment but still relevant:

Do not add password required to your auth-* file. You'll lock yourself out from SSH and some other services.

Also, you need to do step 5.4 after step 6 or you will end up with an unknown group "Domain Users" (as noted on the first page comments).

From: at: 2009-08-16 15:34:26

i would notify a typo:

 add group script = /usr/sbin/ambldap-groupadd -p "%g"

should be

 add group script = /usr/sbin/smbldap-groupadd -p "%g"

From: Anonymous at: 2009-11-24 08:07:52

hi, i have the same error message "chown: invalid group: `:Domain Users ".

could you post the right typo please?

From: Mike at: 2009-10-14 09:22:44

I get 2 errors:

 1) #net -U Administrator rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege

Enter Administrator's password:
Could not connect to server
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE


2) # chown -R :"Domain Users" /home/samba/

chown: invalid group: `:Domain Users


I have also done first the 6 and then the 5.4 step, but I still get the same error.


From: Anonymous at: 2009-10-15 12:55:33

ok I found the solution. It had to do with the localhost configuration and some syntax errors

From: Anonymous at: 2010-03-25 12:17:04

about : chown: invalid group: `:Domain Users

Try this:

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/libnss-ldap.secret (mode 600)
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
# of an editor to create the file.

1. delete /etc/libnss-ldap.secret

2. echo -n "mypassword" > /etc/libnss-ldap.secred


From: yosemity at: 2010-06-16 17:04:34

in /etc/libnss-ldap.conf

change ldapi:// to ldap://