110160822550788924

Ok how mant times have I tried Samba/LDAP – PDC??? I’ve lost count. The frig up part to the whoel thing is that EVERY time I try it some a problem I had before is fixed BUT a new one arises?!?! After awhile the shit gets tiring.. trust me.
Over the next few days i’llpost the stuff i’ve done to try an get this working.
I edited three files initially
/etc/openldap/slapd.conf (added the NIS and samba schema)
/etc/ldap.conf and
/etc/nsswitch.conf

I’ll prob post later what exactly I did to those files. To get nss working I also edited:
/etc/pam.d/login
/etc/pam.d/passwd
/etc/pam.d/samba
/etc/pam.d/ssh

That went cool are so I hope fingers crossed. It was time to install idealx’s smbldap-tools. this is usually where I find out that I have something wrong. I edited the smbldap_bind.conf, tried to run smbldap-populate and received:

Can’t locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/local/sbin/ /usr/lib/perl5/5.8.5/i586-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/vendor_perl/5.8.5/Net/LDAP.pm line 919

After receiving that I went into YAST and install:
perl-IO-Socket-SSL
perl-ldap-SSL
and a bunch of other perl stuff

When all of those were finished I tried again:
eve:~/source/smbldap-tools-0.8.5 # smbldap-populate
Using builtin directory structure
adding new entry: dc=idealx,dc=org
Can’t call method “code” without a package or object reference at /usr/local/sbin/smbldap-populate line 388, line 2

Now seeing that I see that something is wrong….. I should not be seeing
adding new entry: dc=idealx,dc=org

AHHH…. I believe I see where I went wrong. When following the instructions from Idealx they say I should just run after I edit the smbldap_bind.conf file. What I should of done IS:

eve:~/source/smbldap-tools-0.8.5 # smbpasswd -w secret
Setting stored password for “” in secrets.tdb
eve:~/source/smbldap-tools-0.8.5 # net getlocalsid
SID for domain EVE is: S-1-5-21-1149220062-2829658090-40929647
eve:~/source/smbldap-tools-0.8.5 #

Woops my bad after going over Idealx HOWTO they do say:
Before using this script:
blah blah blah
Make sure to have the right permissions for this directory. The sticky bit must be set. Make a simple chmod 1777 /home/samba/profiles and it will be ok.

mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
chmod 1777 /home/samba/profiles
When I edited my smb.conf to:

# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-10-05
[global]
workgroup = SUSE-CAC
netbios name= PDC-SRV
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
username map = /etc/samba/smbusers
map to guest = Bad User
logon script = startup.bat
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
ldap passwd sync = Yes
# SAMBA-LDAP declarations
# passdb backend = ldapsam:ldap://127.0.0.1/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=suse,dc=cac
ldap suffix = dc=suse,dc=cac
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = start_tls

add machine script = /usr/local/sbin/smbldap-useradd -w “%u”
add user script = /usr/local/sbin/smbldap-useradd -m “%u”
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel “%u”
add machine script = /usr/local/sbin/smbldap-useradd -w “%u”
add group script = /usr/local/sbin/smbldap-groupadd -p “%g”
#delete group script = /usr/local/sbin/smbldap-groupdel “%g”
add user to group script = /usr/local/sbin/smbldap-groupmod -m “%u” “%g”
delete user from group script = /usr/local/sbin/smbldap-groupmod -x “%u” “%g”
set primary group script = /usr/local/sbin/smbldap-usermod -g “%g” “%u”
——- snip—————

I ran testparm and everything was okay. Then I tried net getlocalsid and ended up with this error:
[2004/11/24 20:33:50, 0] lib/smbldap.c:smbldap_open_connection(623)
Failed to issue the StartTLS instruction: Connect error

From past experience I knew it was my passdb backend that was incorrect so I jst commented it out and went on.
The configuration continues with /etc/smbldap-tools/smbldap.conf; I just put in the SID I got from net getlocalsid and headed over to # LDAP Suffix.
These are the changes I made inthat file:
——-snip——
SID=”S-1-5-21-4291422351-1008801872-4097645076″
——-snip——
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix=”dc=suse,dc=cac”
——-snip——
# directive and/or disable roaming profiles
userSmbHome=”\\PDC-SRV\homes\%U”

# Domain appended to the users “mail”-attribute
# when smbldap-useradd -M is used
mailDomain=”suse.cac”
——-snip——
mk_ntpasswd=”/usr/sbin/mkntpwd”

# The End

Once again tried smbldap-populate script and got error message 😦 .
eve:~/source/smbldap-tools-0.8.5 # smbldap-populate
Using builtin directory structure
adding new entry: dc=suse,dc=cac
Can’t call method “code” without a package or object reference at /usr/local/sbin/smbldap-populate line 388, line 2.

Answer: check the TLS configuration
● if you don’t want to use TLS support, set the /etc/smbldap-tools/smbldap.conf file with
ldapTLS=”0″
of course the opposite if u want to use it.

Voila!!! It worked!!!!!!!!!

It Worked and it is time for bed!!!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: