Spirit of Change » OpenSUSE

Improving Indonesian openSUSE Community Website

Masim "Vavai" Sugianto — Tue, 13 Apr 2010 02:26:59 +0000

Indonesian openSUSE Community website has been activated since July 2007 and provide news update, information, tutorial, tips & trick regarding openSUSE using Bahasa Indonesia as main language. I think it would be better to provide a major changes & improvement for main site, especially for content integration and daily update.

I’m also invited some openSUSE ambassador and folks on the community to joins the editorial team, so we can increase the tutorial and article and at the end give the best documentation for openSUSE users.

Random Post

User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES Part 2 (Finish)

Masim "Vavai" Sugianto — Wed, 31 Mar 2010 10:08:47 +0000

This is part 2 of 2 article. Previous article : User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES Part 1

MANAGING SAMBA DOMAIN WITH ZIMBRA ADMIN

Restart samba service with the following command :

service smb restart

Login to Zimbra Admin and see that these are 2 new entry on left panel menu : Posix Groups and Samba Domain. If you click on Samba Domain, there should be existing entry, your Samba domain (in my sample : vavai.co.id). Please restart your computer if you found nothing on the Samba Domain menu.
`

MANAGING LINUX AND SAMBA GROUPS USING ZIMBRA ADMIN

Login to Zimbra Admin
Choose Posix Groups
Click New. Fill in you new group, ie : Accounting. Move to Samba Group tab and choose your domain from combo box. Fill in 2 (default entry for group) on group type text box.
Click Save

Test the configuration whether Samba successfully read new added groups or no by using this command on konsole/terminal :

su
getent group

Samba should be response by display list of groups and your new group should be listed on the list.

Create new user account by using following procedure :

Open Zimbra Admin
Click Account
Click New
Fill in account profile and description. Account name, First Name, Last Name and Password are mandatory, mark with *. Scroll down to bottom of account wizard to change password.
Click Next until finish. These are should be 2 add-on tabs/wizard at the end of Account configuration: Posix Groups and Samba Domain. Add your new account as your new group member and Samba domain member
Click finish

Test the configuration whether Samba successfully read new added user account or no by using following command on konsole/terminal :

su
getent passwd

Samba should be response by display list of user account and your new user should be listed on the user list.

UPDATE PROFILE FOR EXISTING ACCOUNT

Run the following command to update profile of existing Zimbra user (user created before Samba-Zimbra joined). Replace Samba SID with your own (Look at Zimbra Admin | Samba Domain) :

zmprov ma admin@vavai.co.id +objectClass posixAccount uidNumber 10003 gidNumber 10001 homeDirectory /home/admin loginShell /bin/bash
zmprov ma admin@vavai.co.id +objectClass sambaSamAccount sambaDomainName vavai.co.id sambaSID S-1-5-21-3745602466-621825477-2613676135-21006 sambaAcctFlags [UX]

MAKING WINDOWS NT DOMAIN GROUP

We will use this group as Administrative user for join client as domain member :

Login to Zimbra Admin
Choose Posix Groups, click New
Fill ini group name : Domain Admins. Move to Samba tab, pick your domain name from combo box and then choose Special Windows group – Domain Admins
Click Save
Run the following command to give this group domain administrative permission :

net rpc rights grant "vavai.co.id\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege

Create a new user with Zimbra domain and add it as “Domain Admins” group member

ADDING WINDOWS NT/2000/XP MACHINE TO SAMBA DOMAIN

Login to your Windows workstation with your Administrator user/permission
Right click on My Computer
Choose Properties
Move to Computer Name tab
Click Change
Fill in your computer name
Fill in vavai.co.id as member of domain (not workgroup. Replace vavai.co.id with your domain name)
Click OK
Windows will be asked about Administrator user name and password. Use Zimbra user and password who is joined as Domain Admin group member

Finish. You should be able to restart your computer and then login with Zimbra user name and password. You may also use LDAP client as user authentication on Linux client. Modify share permission, share folder, profile, etc to fit with your environment setting.

Related Entries

User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES

Masim "Vavai" Sugianto — Wed, 31 Mar 2010 02:33:08 +0000

Note : This is part one of 2 article. I decided to split the tutorial to make it easier to read (and to write )

This tutorial describes how you can configure Zimbra Mail Server & Collaboration Suite and Samba to act as a primary domain controller (PDC) that uses Zimbra LDAP (Lightweight Directory Access Protocol) as a central password database for authenticating users on Linux and Windows desktops. The integration process will make it easier for administrators to manage Zimbra Mail Server and Samba PDC / Active Directory account because it use same LDAP database. If applied in corporate environments or institutions who have been using Windows Server, this guide can be used to set up Linux servers to replace the Windows Active Directory Server and Microsoft Exchange Server.

The setup described in this document is not the only possible way to make Samba and Zimbra use the same user database for authentication. You may also use Zimbra External Authentication with Samba PDC. External authentication are a little bit easy to be setting up, but we must manage the mailbox profile in Zimbra and it doesn’t seamlessly integrate Zimbra into Samba PDC+OpenLDAP. It is highly recommended to get familiar with Zimbra, Samba, LDAP and PAM, before you start the installation.

This tutorial are based on Zimbra wiki article : UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 but has been tune up to works successfully on openSUSE/SLES environment. The original wiki using Ubuntu/RedHat environment which doesn’t automatically fit with openSUSE/SLES configuration.

I’m using Zimbra Mail Server 6.0.5 64 bit with the following configuration :

Domain & Hostname

Domain   : vavai.co.id
Hostname : zcspdc.vavai.co.id

IP Address

IP Address    : 192.168.10.1
Name Server 1 : 192.168.10.1
Name Server 2 : 8.8.8.8  (Google public DNS Server)
Name Server 3 : 208.67.222.222 (OpenDNS public DNS Server)
Router        : 192.168.10.254 (ADSL Modem)

File /etc/hosts

127.0.0.1       localhost
192.168.10.1    zcspdc.vavai.co.id zcspdc

ZIMBRA INSTALLATION

Please use following article to install Zimbra on SLES 11 : Installing Zimbra 6.0.5 64 bit on SUSE Linux Enterprise Server (SLES) 11 64 bit or use this tutorial : Installing Zimbra 6.0.4 on openSUSE 11.1 64 bit for Zimbra+openSUSE version.

ZIMBRA LDAP CONFIGURATION

The following script will automatically configure Zimbra LDAP as below :

Add Samba Schema into Zimbra LDAP
Add proper index into Zimbra LDAP Schema
Add 2 user (zmposix and zmposixroot) as Zimbra LDAP Administrative Account with default password : rahasia
Adjust Zimbra LDAP ACL to allow administrative task regarding Samba-Zimbra integration
Add Admin Extension Zimbra Posfix Account and Zimbra Samba Extension

Thanks to Peracchi and Lithorus on the following thread on Zimbra Forum for idea and a great script.

To run the automated script, run the following commandon console/terminal :

su
cd /srv
wget -c http://vavai.com/wp-content/uploads/zcs-samba.tar.gz
tar -zxvf zcs-samba.tar.gz
su - zimbra
cd /srv/zcs-samba
./zcs-samba.sh

NOTE : The script will automatically use ‘rahasia’ (Indonesian word means ‘secret’ ) as default password for zmposixroot and zmposix password. Please modify script to use your own password by change the following code on /srv/zcs-samba/zcs-samba.sh :

# set password for the posix ldap accounts
ZMPOSIX_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s rahasia`
ZMPOSIXROOT_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s rahasia`
echo "Domain : $DOMAIN"
echo "Hostname : $HOSTNAME"
echo "Zimbra LDAP Password : $ZIMBRA_LDAP_PASSWORD"
echo "LDAP Prefix : $LDAP_PREFIX"
echo "ZMPOSIX_LDAP_PASSWORD : rahasia"

Change ‘rahasia’ on the above line with your own password.

SAMBA INSTALLATION

Open YAST | Network Service | Samba Server. YAST will automatically added Samba package if you never install it.
On the first wizard, fill in the workgroup/domain name. I’m using vavai.co.id as my domain name as shown on top of the tutorial. Click Next.
On Samba Server Type, Choose Primary Domain Controller (PDC) and then click Next
On start-up, choose Service Start During Boot so Samba will automatically be activated during boot. Don’t forget to open your Firewall port
Move to LDAP Setting tab.
Click on Use LDAP Password Back-End option
Change LDAP Server URL from default entry ldap://127.0.0.1 to be ldap://192.168.10.1 (remember my IP address configuration above). Use same address to IdMap Back-End
Change Search Base DN to Zimbra LDAP DN, mine are dc=vavai,dc=co,dc=id
Fill in Administrator DN and the password: uid=zmposixroot,cn=appaccts,cn=zimbra). Click Test Connection to test the connection between Zimbra and Samba machine.
Click Advanced Setting | Expert LDAP Setting
Change user suffix to be ou=people
Change group suffix to be ou=groups
Change Machine suffix to be ou=machines
Click OK to close Expert LDAP Setting windows
Click OK to close Samba Server wizard. Fill in password for Samba root /Administrator password. To prevent any confused setting, I’m using same password between zmposixroot, zmposix and Samba root password

SAMBA CONFIGURATION

Open /etc/samba/smb.conf with your preferred text editor (vi, gedit, kate or kwrite)
Give it a # (comment mark) on the following line (if you do not use dhcp on your Samba configuration) :

include = /etc/samba/dhcp.conf

Save the configuration

LDAP CLIENT CONFIGURATION

Click YAST | Network Services | LDAP Client
Click Use LDAP on User Authentication
Change Address to use Zimbra IP (192.168.10.1)
Fill in LDAP Base DN (dc=vavai,dc=co,dc=id)
Leave others as is
Click Advanced Configuration
Change Password Change Protocol to MD5
Leave Group Member Attribute = Member setting
Click on Administration Setting tab
Fill in uid=zmposixroot,cn=appaccts,cn=zimbra on Administrator DN text box. Leave Append Base DN setting unchecked
Leave Create Default Configuration Objects setting unchecked
Click OK
Click OK

NSS-LDAP & PAM-LDAP CONFIGURATION

Open file /etc/ldap.conf with your preferred text editor and change the following line (remove # mark)

host 192.168.10.1
base dc=vavai,dc=co,dc=id
binddn uid=zmposix,cn=appaccts,cn=zimbra
bindpw rahasia
rootbinddn uid=zmposixroot,cn=appaccts,cn=zimbra
port 389
bind_policy soft
nss_reconnect_tries 2
uri ldap://192.168.10.1/
ssl start_tls
tls_cacertdir /opt/zimbra/conf/ca
tls_checkpeer no
pam_password md5
nss_base_passwd         ou=people,dc=vavai,dc=co,dc=id?one
nss_base_shadow         ou=people,dc=vavai,dc=co,dc=id?one
nss_base_group          ou=groups,dc=vavai,dc=co,dc=id?one
nss_base_hosts          ou=machines,dc=vavai,dc=co,dc=id?one

Save the configuration
Edit /etc/nsswitch.conf and change the following line :

passwd: compat
group: compat

with

passwd: files ldap
group: files ldap

Edit /etc/pam.d/common-account and change the configuration as below :

account sufficient pam_unix.so
account sufficient pam_ldap.so

Edit /etc/pam.d/common-auth and change the configuration as below :

auth sufficient pam_ldap.so
auth sufficient pam_unix.so

Edit /etc/pam.d/common-password and change the configuration as below :

password sufficient pam_unix.so
password sufficient pam_ldap.so

Edit /etc/pam.d/common-session and change the configuration as below :

session sufficient pam_unix.so
session sufficient pam_ldap.so

Tutorial will be continue to part 2 of User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE / SLES.

Related Entries

How To : Samba PDC+OpenLDAP on openSUSE/SLES Part 2 (Finish)

Masim "Vavai" Sugianto — Tue, 30 Mar 2010 08:52:46 +0000

Previous tutorial : Samba PDC+OpenLDAP on openSUSE/SLES Part 1, Setting LDAP Server

SETTING LDAP CLIENT

Click YAST | Network Services | LDAP Client
Click Use LDAP pada User Authentication
Fill in Address with server IP or by using 127.0.0.1 as default address
Mark LDAP TLS/SSL option checked if you choose to use TLS/SSL on previous tutorial, or vice versa, leave it unchecked if you choose to not use TLS on previous tutorial
Fill in LDAP Base DN (dc=namadomain, dc=tld, ex : dc=vavai,dc=co,dc=id). You may also get the LDAP Base DN by clicking Fetch DN button
Leave others option as is
`
Click Advanced Configuration
Change Password Change Protocol to MD5
Leave option Group Member Attribute = Member unchanged
`
Click Administration Setting
Fill in cn=Administrator on Administrator DN. Don’t forget to give a check on Append Base DN option
Mark a check on Create Default Configuration Objects option
`
Click OK
Click OK

SETTING SAMBA SERVER PRIMARY DOMAIN CONTROLLER (PDC)

Open YAST | Network Services | Samba Server
Fill in workgroup/domain name on first wizard. I’m usingdomain vavai.co.id as my workgroup name. Click Next
`
On Samba Server Type option, choose Primary Domain Controller (PDC). Click Next
On start-up tab, choose Service Start During Boot option, so Samba will automatically started on boot. Don’t forget to click Open Port in Firewall if you use firewall on intranet zone
`
Move to LDAP Setting tab.
Click on Use LDAP Password Back-End
Fill in Administrator DN and password setting (cn=Administrator,dc=vavai,dc=co,dc=id, adjust it with your domain name). Click Test Connection to test LDAP server connection. If test result is failed, recheck your configuration setting.
`
Click OK and then fill in Samba root /Administrator password
`

SETTING USER NAME & PASSWORD

Click on YAST | Security and Users | User & Group Management
Click Expert Options | LDAP User & Group Configuration option on bottom-right-corner menu
Fill in LDAP Admin password (see whether your bind DN configuration has setup correctly)
Move to Configuration Module, and then choose userconfiguration
`
Change susemaxpasswordlength with your maximum password length
Change suseminpasswordlength with your minimum password length
Change susepasswordhash from SSHA to SMD5
Click OK
Click on Set Filter option on top-right-corner menu and choose LDAP Users. This will display all LDAP user list, currently are empty because we have create any user yet
Click Add
Fill in user profile and password
`
Click OK

Restart all service (or reboot your computer) to test all the service. f you wish to join Windows workstation into Samba PDC+LDAP domain, use the Samba root user name and password as Administrator user. Share folder, Profile, netlogon and custom setting could be modified within YAST | Network Services | Samba Server. Samba LDAP user could be added or modify with the above procedure using YAST | Security & Users | User & Group Management.

Related Entries

How To : Samba PDC+OpenLDAP on openSUSE/SLES Part 1

Masim "Vavai" Sugianto — Tue, 30 Mar 2010 03:40:49 +0000

I have written Samba PDC+OpenLDAP tutorial on openSUSE on previous article but the tutorial are based on manual configuration and need too many steps to make it usable. Now, I want to share how to make Samba PDC+OpenLDAP on openSUSE or SLES with automatic configuration using the YAST way . The tutorial should be easy to understand and and need a few step to make it ready for testing.

INSTALLING OPENSUSE

Install openSUSE 11.2 with or without GUI, choose which one suitable for your purpose. I’m using a GUI example because this tutorial intended for student . a Minimal server selection (text mode) maybe a better option for production server. Please refer to openSUSE 11.2 installation guide if you need an assistance regarding openSUSE installation.

Lucky for Indonesian , I’ve written a PDF tutorial with clear explanation regarding openSUSE installation for this purpose : Tutorial Instalasi openSUSE 11.2 Versi Server Berbasis GUI

INSTALLING LDAP SERVER

Follow these wizard to install and configure LDAP server :

Open YAST | Software | Software Management
`
Choose View | Pattern
Scroll to Server Function
Give a checked mark on File Server, DHCP and DNS Server, Directory Server (LDAP)
`
Click Accept
openSUSE should be automatically detect dependency package. Click Continue to install selected package
`
Close YAST and then open again. I take this step to make sure YAST refresh new package installation and add to it’s menu
Choose YAST | Network Service | LDAP Server
Click Yes on Start LDAP Server. Give it a check mark on Open Port in Firewall if you use firewall. Leave others as is and then click Next
`
Click Enable TLS and then create TLS Certificate by using Launch CA Management Module button and follow the wizard. Leave it unchecked if you wish to use LDAP without TLS connection.
`

On basic database setting fill in the default database setting :

Database Type : hdb
Base DN : dc=domainname, dc=tld
Example :
If my  domain = vavai.co.id, configuration will be like this : Base DN = dc=vavai, dc=co, dc=id
If my domain = vavai.com, configuration will be like this : Base DN = dc=vavai, dc=com
Administrator DN : cn= Administrator. Leave  Append Base DN option checked
Don't forget to fill your  LDAP Password

Also, leave a check mark on  "Use this database as the default for OpenLDAP"

Click Next if all setting has been completed.
`

Click Finish
`

ADD SAMBA SCHEMA

Open YAST | Network Services | LDAP Server
Click Schema Files on left pane menu
Click Add and add Samba3.Schema so we will have following LDAP Schema : schema, core, cosine, inetorgperson, rfc2307bis,yast and samba3
`
Click OK

Next Tutorial are LDAP Client Configuration

Related Entries

Zimbra Mail Server with External Authentication using Samba PDC+OpenLDAP

Masim "Vavai" Sugianto — Mon, 29 Mar 2010 20:57:09 +0000

Zimbra mail server using LDAP as default account database, but we may also use external LDAP/AD as Zimbra user authentication. This tutorial will cover how to use openSUSE/SLES PDC+OpenLDAP user as Zimbra user authentication.

SAMBA PDC CONFIGURATION

I’m using openSUSE 11.2 with Samba PDC+OpenLDAP but tutorial may also applied on another openSUSE version or on SLES. In this example, server hostname is host pdc.vavai.info (192.168.0.6), with bind DN cn=Administrator, dc=vavai, dc=info and using 2 LDAP ports : standard port 389 and SSL port 636. Don’t forget to add these ports as an allowed port on firewall.

ZIMBRA CONFIGURATION

Login to Zimbra Admin
Go to Domain on left pane menu
Choose domain to be configure. If we have multi domain schema on Zimbra, we must configuring external authentication for each domain, even if all domain using same LDAP server
Choose Configure Authentication menu.
On Authentication Mode choose External LDAP
Fill in the configuration of Samba LDAP. Take a look on the following picture for a configuration example
Adjust the configuration with your own setting and then click Next.
Next wizard are LDAP bind DN configuration. Bind DN is the configuration of admin user/manager used for accessing LDAP data. Click on Use DN/Password to bind to external server check box and then fill the bind DN text box. I’m using cn=Administrator,dc=vavai,dc=info as Samba PDC+openLDAP bind DN. Don’t forget to fill in the bind DN password (admin user/LDAP manager password)
On next wizard, use Samba PDC user account as user name and password and then click Test for testing Samba PDC+OpenLDAP connection. Zimbra will response with Authentication Test Result : Authentication test successful message if Samba PDC+OpenLDAP has connected successfully.
`

Please remember that the above configuration still need an inbox account on Zimbra mail server so you must create the appropriate account with no password on Zimbra to map user on Samba PDC with their mailbox. Zimbra account do not need password because password will be pass to LDAP account on Samba PDC.

If you wish to integrating Samba & Zimbra user as fully single user name, mailbox and password, please refer to UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI

Related Entries

Installing Zimbra 6.0.5 64 bit on SLES 11 64 bit

Masim "Vavai" Sugianto — Wed, 10 Feb 2010 08:34:06 +0000

Zimbra has published a new update for Zimbra Mail Server & Collaboration Suite, Zimbra 5.0.22 and Zimbra 6.0.5. This is the first update since VMWare acquired Zimbra. I would like to test it to see whether status & logger problem on Zimbra 6.0.4 has been officially solved or not.

I’m currently testing Zimbra 6.0.5 64 bit installation on SLES 11 64 bit, using Xen Hypervisor Guest (paravirtualization). The installation went smooth with only a few modification on SLES as describe below :

Install SLES on text or server mode to prevent any unused services
Edit your /etc/hosts so it will looks like below (change 127.0.0.2 with your Zimbra IP, mine is 192.168.0.31) :
```
127.0.0.1       localhost
192.168.0.31 hostname.domain.tld hostname
```
Add sysstat package using YAST | Software | Software Management or by using Zypper. Zimbra need another package such as cron, fetchmail etc, but the installation process has installed all of them by default.
```
zypper in sysstat
```
Set your DNS so A and MX records address will point to Zimbra. I’ve published an article regarding DNS Server configuration to meet with Zimbra Requirement.

Disable Postfix :

service postfix stop
chkconfig postfix off

Download Zimbra binary installer

cd /opt
wget -c http://h.yimg.com/lo/downloads/6.0.5_GA/zcs-6.0.5_GA_2213.SLES11_64.20100202233758.tgz

decompress, run the installation script and then follow the wizard

tar -zxvf zcs-6.0.5_GA_2213.SLES11_64.20100202233758.tgz
cd zcs-6.0.5_GA_2213.SLES11_64.20100202233758
sh install.sh

Related Entries

Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 6

Masim "Vavai" Sugianto — Fri, 29 Jan 2010 04:44:08 +0000

Previous Tutorial :

ERROR MESSAGE AND HOW TO SOLVE THE PROBLEM

Samba PDC+OpenLDAP is one of the longest tutorial. These are maybe a typo or incomplete configuration, although I’ve checked and proof read for the typo. Please let me know if you found something problem while trying the tutorial. I’ll be really appreciate to the suggestion to make it as usable as it should be.

Following are some error messages that might be found when doing the configuration. The collection came from my notes while installing and configuring Samba PDC+OpenLDAP for the first time.

Missing Perl Library for LDAP while trying to run smbldap-tools
```
smbldap-useradd -m -a root
```
Can’t locate Net/LDAP.pm in @INC (@INC contains: /usr/sbin/
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5 /site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5 /vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at
/usr/sbin//smbldap_tools.pm line 26.
BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 26.
Compilation failed in require at /usr/sbin/smbldap-useradd line 30.
BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30.

Solution : Install perl-ldap with zypper or YAST
Missing Perl library for UTF-8

Can’t locate Unicode/MapUTF8.pm in @INC (@INC contains: /usr/sbin/
/usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0
/usr/lib/perl5 /site_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi
/usr/lib/perl5 /vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl .) at /usr/sbin//smbldap_tools.pm line 28,
line 275.
BEGIN failed–compilation aborted at /usr/sbin//smbldap_tools.pm line 28, line 275.
Compilation failed in require at /usr/sbin/smbldap-useradd line 30, line 275.
BEGIN failed–compilation aborted at /usr/sbin/smbldap-useradd line 30, line 275.

Solution : Install perl-Unicode-MapUTF8 with zypper or YAST
Error while running smbldap-useradd -m -a root command

server:/home/vavai/Desktop/openldap-vavai # smbldap-useradd -m -a root
Error: modifications require authentication at /usr/sbin//smbldap_tools.pm line
1187, line 466.

Solution : Check /etc/smbldap-tools/smbldap_bind.conf, domain name (dc=domainname,dc=net) should be correct

server:/home/vavai/Desktop/openldap-vavai # smbldap-useradd -m -a root
Error: Insufficient access at /usr/sbin//smbldap_tools.pm line 1187, line 466.

Solution : Check /etc/smbldap-tools/smbldap_bind.conf, make sure it has valid credentials for LDAP (cn=Manager,
dc=domainname,dc=net)
Error message on running smbpasswd -a
```
smbpasswd -a
```
WARNING: Your ‘passdb backend’ configuration includes multiple backends. This
is deprecated since Samba 3.0.23. Please check WHATSNEW.txt or the section ‘Passdb
Changes’ from the ChangeNotes as part of the Samba HOWTO collection. Only the first
backend (ldapsam:”ldap://server.vavai.net”) is used. The rest is ignored.
add_new_domain_info: failed to add domain dn= sambaDomainName=VAVAI,dc=vavai,dc=net with: Insufficient access
no write access to parent
smbldap_search_domain_info: Adding domain info for VAVAI failed with NT_STATUS_UNSUCCESSFUL

Solution : Check your password, use the credential user : Manager with ldap password
Error message : Connection Refused
```
smbclient -L localhost -N
```
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

Solution : Check your /etc/hosts and make sure you have valid permission on /data/samba/profiles(or any share folder for samba profiles)
Error message : Error looking for next uid in sambaDomainName
```
smbldap-useradd -m -a root
```
Error looking for next uid in sambaDomainName=VAVAI.NET,dc=vavai,dc=net:
No such object at /usr/sbin //smbldap_tools.pm line 1174, line 466.

Solution : Change the following line sambaUnixIdPooldn on /etc/smbldap-tools to be like below :
```
sambaUnixIdPooldn="sambaDomainName=VAVAI.NET,ou=Domains,${suffix}"
```

If you have another error message, let’s discuss it on comment form. I’ll be glad to add the list of error message to help anyone implementing Samba PDC+OpenLDAP on openSUSE sucessfully.

Note : Forgive me for any misspelling and/or grammar.

Related Entries

Tutorial : Samba PDC + OpenLDAP on openSUSE 11.1 – Part 5

Masim "Vavai" Sugianto — Thu, 28 Jan 2010 09:46:07 +0000

Previous Tutorial :

TESTING SAMBA CONFIGURATION

Check Samba configuration with the following command:
```
testparm
```
It should be display the following response :

Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Processing section “[netlogon]”
Processing section “[profiles]”
Processing section “[share]”
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

If you find any error message, try to look at the Samba configuration as we have setup on first tutorial.
Give the proper permission for user profile folder. Adjust the folder to be match with your Samba profiles (see /etc/samba/smb.conf on profiles folder share) :
```
chmod 1777 /data/samba/profiles
```
Test whether Samba has been setup successfully or no.
```
smbclient -L localhost -N
```
Just press ENTER if Samba asking for user name and password. You should have the following response (the result may vary , depends on your Samba and your network configuration) :

added interface ip=192.168.1.254 bcast=192.168.1.255 nmask=255.255.255.0
Anonymous login successful
Domain=[VAVAI.NET] OS=[Unix] Server=[Samba 3.0.12-5-SUSE]

Sharename Type Comment
——— —- ——-
profiles Disk Roaming Profiles
share Disk share
IPC$ IPC IPC Service (Samba 3.0.12-5-SUSE)
ADMIN$ IPC IPC Service (Samba 3.0.12-5-SUSE)
Anonymous login successful
Domain=[VAVAI.NET] OS=[Unix] Server=[Samba 3.0.12-5-SUSE]

Server Comment
——— ——-
SERVER Samba 3.0.12-5-SUSE

Workgroup Master
——— ——-
VAVAI.NET SERVER

If you find the following error :

Error connecting to 127.0.0.1 (Connection refused)
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)

Change the ”/etc/hosts” as follows:
```
# IP-Address  Full-Qualified-Hostname  Short-Hostname
#
127.0.0.1       localhost server.vavai.net
127.0.0.2       server.vavai.net server
192.168.1.254   server.vavai.net server vavai.net
```
Reboot your computer and then try “smbclient -L localhost -N” again.

SETUP OPENLDAP

Edit ”/etc/nsswitch.conf” and change or add the following code :
```
passwd: files ldap
group: files ldap
```
Check account and LDAP data. You must see minimum 2 account : Admin and nobody:
```
getent passwd
```
Response:
+::0:0:::
Admin:x:998:512:Netbios Domain Administrator:/home/Admin:/bin/false
nobody:x:999:514:nobody:/dev/null:/bin/false

If you find the above respon, continue with setting up PAM

pam-config -a --mkhomedir --mkhomedir-skel=/etc/skel --mkhomedir-umask=0022

Edit ”/etc/pam.d/common-session” and change the following line:

session optional        pam_mkhomedir.so        umask=0022 skel=/etc/skel

to:

session required        pam_mkhomedir.so        umask=0022 skel=/etc/skel

Run all service and configure them to be activated on boot

service named restart
service dhcpd restart
service ldap restart
service smb restart
service nmb restart
service mysql restart
service apache2 restart
chkconfig named on
chkconfig dhcpd on
chkconfig smb on
chkconfig nmb on
chkconfig ldap on
chkconfig mysql on
chkconfig apache2 on

CLIENT SETUP

Add user & computer account

smbldap-useradd -a -m username
smbldap-passwd username

Note: Computer name should be added automatically on join domain but if account have not added automatically, do the following command to add computer account :

smbldap-useradd -w computername$

For openSUSE workstation, use YAST menu to add your client as domain member : YAST | Network Services | Windows Domain Membership

For Windows XP client, do the folowing configuration before join :

Open regedit, START | RUN | REGEDIT
FInd regedit entry HKLM (HKEY_LOCAL MACHINE) – SYSTEM – CurrentControlSet – Service – Netlogon – Parameters
Click on right windows and choose New – DWORD value, with variable name : requiresignorseal, value : 0
If you found an existing entry and it’s value is 1, change the value with 0
Close regedit
Right click on ”’My Computer”’, choose ”’Properties”’
Choose ”’Computer Name”’ tab
Click ”’Change”’
Set Domain & computer name
Use root with root password if Windows ask for Administrator privilege

Next Tutorial : Tutorial Samba PDC + OpenLDAP on openSUSE Part 6, Problem Solving

Related Entries

Openshot Video Editor on openSUSE

Masim "Vavai" Sugianto — Tue, 26 Jan 2010 04:03:25 +0000

Figure 1 : Openshot Application on openSUSE 11.2. Click for higher resolution

OpenShot Video Editor is an open-source, non-linear video editor for Linux, built with Python, GTK, and the MLT Framework. The project was started in August 2008 by Jonathan Thomas, with the objective to provide a stable, free, and friendly to use video editor.The function much similar with Kdenlive and Kino, both are a video editor for Linux.

Features :

* Support for many video, audio, and image formats (based on FFmpeg)
* Gnome integration (drag and drop support)
* Multiple tracks
* Clip resizing, trimming, snapping, and cutting
* Video transitions with real-time previews
* Compositing, image overlays, watermarks
* Title templates, title creation
* SVG friendly, to create and include titles and credits
* Scrolling motion picture credits
* Solid color clips (including alpha compositing)
* Support for Rotoscoping / Image sequences
* Drag and drop timeline
* Frame stepping, key-mappings: J,K, and L keys
* Video encoding (based on FFmpeg)
* Key Frame animation
* Digital zooming of video clips
* Speed changes on clips (slow motion etc)
* Custom transition lumas and masks
* Re-sizing of clips (frame size)
* Audio mixing and editing
* Presets for key frame animations and layout
* Ken Burns effect (making video by panning over an image)
* Digital video effects, including brightness, gamma, hue, greyscale, chroma key (bluescreen / greenscreen), and over 20 other video effects

OpenShot Video Editor originally written for Ubuntu. Official website provided the deb installer for Ubuntu and RPM for Fedora. openSUSE rpm currently not available on OpenShot website but openSUSE user may install it with package from Packman repositories.

Install with zypper on openSUSE 11.2 :

zypper ar http://packman.iu-bremen.de/suse/11.2 packman-bremen
zypper ar http://download.opensuse.org/distribution/11.2/repo/oss/ oss
zypper ref && zypper in openshot

Note that you should have the oss repos available because openshot has dependency library available on oss repo.

Note for Indonesian openSUSE user:
Please use local repo for better speed on refreshing and installing the package

zypper mr -da
zypper ar http://kambing.ui.ac.id/opensuse/distribution/11.2/repo/oss/ oss-kambing
zypper ar http://kambing.ui.ac.id/opensuse/distribution/11.2/repo/non-oss/ non-oss-kambing
zypper ar http://kambing.ui.ac.id/opensuse-packman/suse/11.2/ packman-kambing
zypper ref && zypper in openshot