Previous Tutorial :
- Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 1, Installing Base System & Configuring Samba
- Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 2, Configuring OpenLDAP
CONFIGURING SMBLDAP-TOOLS
Smbldap-tools are a CLI (Command Line Interface) and used as a command tools for insert, update or delete a data on Samba and LDAP. Installing smbldap-tools on openSUSE only need a few step because the package already available on openSUSE Build Service. Let’s do it.
- Goto openSUSE Build Service Package Search.
- Install the updated smbldap-tools version with one-click-install
- Edit /etc/smbldap-tools/smbldap.conf with the following content (don’t forget to replace the Samba SID and domain name, see previous tutorial):
SID="S-1-2-33-4444444444-555555555-6666666666" sambaDomain="VAVAI.NET" slaveLDAP=127.0.0.1 slavePort="389" masterLDAP="127.0.0.1" masterPort="389" ldapTLS="0" verify="" cafile="" clientcert="" clientkey="" suffix="dc=vavai,dc=net" usersdn="ou=People,ou=Users,${suffix}" computersdn="ou=Computers,ou=Users,${suffix}" groupsdn="ou=Groups,${suffix}" idmapdn="ou=Idmap,${suffix}" sambaUnixIdPooldn="sambaDomainName=VAVAI.NET,ou=Domains,${suffix}" scope="sub" hash_encrypt="MD5" crypt_salt_format="" userHome="/data/home/%U" userHomeDirectoryMode="700" userGecos="System User" defaultUserGid="513" defaultComputerGid="515" skeletonDir="/etc/skel" defaultMaxPasswordAge="45" userSmbHome="\\server\%U" userProfile="\\server\profiles\%U" userHomeDrive="H:" userScript="logon.bat" mailDomain="vavai.net" with_smbpasswd="0" smbpasswd="/usr/bin/smbpasswd" with_slappasswd="0" slappasswd="/usr/sbin/slappasswd" # comment out the following line to get rid of the default banner # no_banner="1" - Edit /etc/smbldap-tools/smbldap_bind.conf and copy-paste the following content :
slaveDN="cn=Manager,dc=vavai,dc=net" slavePw="zezevavai26032006" masterDN="cn=Manager,dc=vavai,dc=net" masterPw="zezevavai26032006"
- Starting Samba service
service smb restart service nmb restart service ldap restart service winbind restart
- Insert default password for Samba-LDAP
su smbldap-useradd -m -a root smbldap-passwd root smbpasswd -a smbldap-groupmod -m root Domain\ Admins
CONFIGURING LDAP ACCOUNT MANAGER (LAM)
LDAP account manager has similar function with smbldap-tools but provided a web interface to manage the LDAP data. You should have a running Apache server for host the LAM service. Click here if you need a tutorial to setting up Apache web server on openSUSE.
- Goto Packman page for LDAP Account Manager and install the LAM package with one-click-install (or by using zypper using Packman Repository)
- Backup & create the lam configuration
su mv /srv/www/htdocs/lam/config/config.cfg_sample /srv/www/htdocs/lam/config/config.cfg touch /srv/www/htdocs/lam/config/lam.conf chown wwwrun:www /srv/www/htdocs/lam/config/lam.conf
- Copy-paste the following content for LAM configuration : /srv/www/htdocs/lam/config/lam.conf
# LDAP Account Manager configuration serverURL: ldap://localhost:389 admins: cn=Manager,dc=vavai,dc=net # password to change these preferences via webfrontend (default: lam) passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA== treesuffix: dc=vavai,dc=net # default language (a line from config/language) defaultLanguage: en_GB.utf8:UTF-8:English (Great Britain) # Path to external Script scriptPath: # Server of external Script scriptServer: # Access rights for home directories scriptRights: 750 # Number of minutes LAM caches LDAP searches. cachetimeout: 5 # Module settings modules: posixAccount_minUID: 10000 modules: posixAccount_maxUID: 20000 modules: posixAccount_minMachine: 10000 modules: posixAccount_maxMachine: 20000 modules: posixGroup_minGID: 10000 modules: posixGroup_maxGID: 20000 modules: posixGroup_pwdHash: SSHA modules: posixAccount_pwdHash: SSHA # List of active account types. activeTypes: user,group,host,smbDomain types: suffix_user: ou=People,dc=vavai,dc=net types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount types: suffix_group: ou=group,dc=vavai,dc=net types: attr_group: #cn;#gidNumber;#memberUID;#description types: modules_group: posixGroup,sambaGroupMapping types: suffix_host: ou=machines,dc=vavai,dc=net types: attr_host: #cn;#description;#uidNumber;#gidNumber types: modules_host: account,posixAccount,sambaSamAccount types: suffix_smbDomain: ou=domains,dc=vavai,dc=net types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID types: modules_smbDomain: sambaDomain - Restart Apache service
service apache2 restart
- Access the LAM service from http://yourhostname/lam or http://your-server-ip/lam, ex : http://server.vavai.net/lam or http://192.168.1.254/lam
Next Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 4, Configuring Dynamic DHCP & DNS
Related Entries
Hi,
when im trying smbldap-useradd -m -a root have got error:
Error looking for next uid in sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local:invalid DN at /usr/sbin//smbldap_tools.pm line 1174, line 466.
in /var/log/messages:
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can’t contact LDAP server
Jun 9 21:13:08 osiol slapd[3549]: nss_ldap: could not search LDAP server – Server is unavailable
Jun 9 21:13:08 osiol slapd[3550]: hdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jun 9 21:13:08 osiol slapd[3550]: slapd starting
Jun 9 21:34:14 osiol slapd[3550]: conn=266 op=2 do_search: invalid dn (sambaDomainName=NAZA.LOCAL,ou=Domains,dc=naza,dc=local)
in smbd.log
[2010/06/09 21:29:13, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 12 try!
[2010/06/09 21:29:14, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 13 try!
[2010/06/09 21:29:15, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 14 try!
[2010/06/09 21:29:16, 1] lib/smbldap.c:another_ldap_try(1178)
Connection to LDAP server failed for the 15 try!
[2010/06/09 21:29:17, 0] lib/fault.c:fault_report(40)
where could be mistake?
Hi,
I have this problem;
lsserver:~ # smbldap-useradd -m -a root
Can’t locate Unicode/String.pm in @INC (@INC contains: /usr/sbin/ /usr/lib/perl5/5.10.0/i586-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
BEGIN failed–compilation aborted at /usr/lib/perl5/vendor_perl/5.10.0/Unicode/MapUTF8.pm line 5, line 275.
Compilation failed in require at /usr/sbin//smbldap_tools.pm line 28, line 275.
BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.
lsserver:~ # tail -100 /var/log/messages
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: failed to bind to LDAP server ldap://lsserver.it.orsa: Can’t contact LDAP server
Jul 26 08:27:34 lsserver worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 08:27:34 lsserver slapd[20638]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Jul 26 08:27:34 lsserver slapd[20638]: slapd starting
where could be mistake?
@Jorge,
Install perl-Unicode-MapUTF8 package. Look at the troubleshooting area on part 6 of the tutorial series.
http://vavai.net/2010/01/29/tutorial-samba-pdc-openldap-on-opensuse-11-1-%E2%80%93-part-6/
Hi Vavai, thanks for your answer.
I have reinstall perl-Unicode-MapUTF8 and perl-ldap, but the problem persists, my version of openSUSE is 11.2
Hi, I config again from first step, and this are the log from:
server:~ # tail -20 /var/log/messages
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: failed to bind to LDAP server ldap://server.vavai.net: Can’t contact LDAP server
Jul 26 14:30:01 server worker_nscd: nss_ldap: could not search LDAP server – Server is unavailable