I have setuped OpenLDAP+Samba PDC. When I create user and group -> Errors.
smbldap-group -a admin
No such object at /usr/sbin/smbldap_tools.pm line 457
smbldap-useradd -am -g admin admin
Could not find base dn, to get next uidNumber at /usr/sbin/smbldap_tools.pm line 1192
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
I am trying to set up samba in my CentOS virtual machine that is running on a Windows 7 host. I have found a tutorial in the How-Tos on this site but I'm not sure if they are exact and I'm paranoid about messing something up. The link to the tutorial is below. Is there anything that I should do different or anything that I should be aware of? Also, once this is set up, how do I transfer files between the two machines? Please note: I am very inexperienced in the IT field. [URL]...
View 2 Replies View RelatedI've just installed my first OpenLdap + TLS + Samba + Webmin box.Everything seems to work but when i try to open the Ldap User and group module from Webmin, it takes about 3 minutes but it works.When i use $ getent passwd or$ getent group.to see if everything works okay, it also takes ages but does not show my ldap users...Here's my spec
$ cat /proc/version
Quote:Linux version 2.6.18-128.2.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-44)) #1 SMP Tue Jul 14 06:36:37 EDT 2009
trying to setup samba on my centos box by following the tutorial After following the setup of my smb.conf and adding the users and files as per the tutorial I come across a few problems.If I browse my home folder, music or everyone folder i get for example \sambamusic is not assessable you may not have permissions to use this network response. If i browse the apps folder I get a pop up asking for a user name and password.
View 3 Replies View RelatedI have setup samba and shared /var/www/html on a shared folder so that i can access the folder directly via my IDE, however i cannor write file in there, is there any better way of doing it ?
View 1 Replies View RelatedStill new to Linux and especially samba. I have setup samba for 2 shares, will list below shares. 1 which requires a login and 1 temp folder which I would like guest access to. Currently I have security = user which works great for the data folder which requires a login. If I try to access temp I get asked for a user name and password as well. I tried to set security = share which then allowed access to temp with out a login but also allowed access to the data folder. From the data folder I emoved public = yes. I then get asked for a user name and password like I should but the system will not accept it. This is a Centos 5.5 server with a mail server on it.
[data]
comment = Data Folder
path = /home/data/
public = yes
writable = yes
browseable = yes
printable = no
avaliable = yes
write list = glenn,
force create mode = 0660
force directory mode = 0770
[temp]
comment = temp folder
path = /home/temp/
public = yes
writeable = yes
browseable = yes
guest ok = yes
guest only = yes
guest account = nobody
available = yes
force user = nobody
force group = nobody
I would like to setup LDAP (openldap) with Samba. I would like to know what should I setup first? Should I setup LDAP before Samba or Samba before LDAP?
View 1 Replies View Relatedi have configured samba as file server in fedora 11,it works fine for both windows and linux machines .but i want to configure ldap and samba as domain controller. Googled a lot on internet every thing is confusing me .
View 2 Replies View RelatedI have OpenLDAP 2.4.12 and Samba 3.5.1 installed. When I try to change the password with smbpasswd, it changes the Windows password fine. But userPassword is not updated in LDAP. The error message is: "smbldap_check_root_dse: Expected one rootDSE, got 0" when I run smbpasswd -D 10 <username>.
I added the following to slapd.conf:
access to dn.base=""
by * read
password-hash {md5}
in hopes of allowing samba to read the root DSE, even though Samba is configured with the root DN.
how to make samba find what it needs in the root DSE of my LDAP server?
I am trying to set up samba in my CentOS virtual machine that is running on a Windows 7 host. I have found a tutorial in the How-Tos on this site but I'm not sure if they are exact and I'm paranoid about messing something up. The link to the tutorial is below. Is there anything that I should do different or anything that I should be aware of? Also, once this is set up, how do I transfer files between the two machines?
[URL]
A time ago I've been trying to implement a PDC linux server with Samba and Openldap for centralized authentication for windows and linux clients, but I can NOT get it. So I read somewhere that there is another option called Directory Server and maybe that is possible to do. According to your experience do you recommend any 'how to' or 'tutorial' that will permit implement a PDC server for authenticating and sharing files and printers for windows and linux clients?
View 2 Replies View RelatedI am trying to setup my opensue 11.3 server as a pdc using openldap and samba
I am continuously getting a network path not found error message on my windows xp box. I already verified that the network settings are good.
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2010-07-05
[global]
[Code]....
I finished setup Samba PDC with Openldap backend. I can joint Winxp client to domain but can not change pass by press Ctrl + Alt + Delete and choose Change password button
This is my conf.
I used
samba3x-3.3.8
openldap 2.3.43
slapd.access.conf
Code:
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=Manager,dc=microhdesk,dc=net" write
by anonymous auth
by self write
by * none
[Code]....
I need to access a Linux box via SSH & Samba that is hidden/connected behind another one on its own local network.
Setup :-
Code:
A switch B C
|----| |---| |----| |----|
|eth0|<-->| |<-->|eth0| | |
|----| |---| |eth1|<-->|eth1|
|----| |----|
E.g., I need to SSH/Samba from A to C. How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT?
A would say "hi 192.168.109.15:1234"
B would say "hi on eth0, traffic for port 1234 goes on here eth1"
How could that be done? And would the SSH/Samba demons see the correct packet header info and work??
IP info :-
Code:
A - eth0 - 192.168.109.2
B - eth0 - 192.168.109.15
- eth1 - 192.168.0.1
C - eth1 - 192.168.0.2
A, B & C are RHEL (RedHat)
But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. So I have read that this should be done via iptables? But what is the correct command line to do this? And where does one put permanent iptable config?
I'm setting up a Master and Slave OpenLDAP (ver. 2.4.25) use Replication method following {URL]. When I used slapdcat (slapdcat -l master_dump.ldif), I got a message:
root@ldap:/usr/local/openldap/sbin# ./slapcat -l master_dump.ldif
/usr/local/openldap/etc/openldap/slapd.conf: line 89: <replogfile> keyword is obsolete (ignored)
/usr/local/openldap/etc/openldap/slapd.conf: line 91: <replica> keyword is obsolete (ignored)
bdb_db_open: warning - no DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2).
Expect poor performance for suffix "dc=abc,dc=com".
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
My Master slapd.conf is:
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy allows anyone and everyone to read anything but restricts updates to rootdn. (e.g., "access to * by * read") .....
My Slave slapd.conf is similar configuration to the Master Server...
IM completly new to fedora but decided to give it a try after using ubuntu for a while,I have everything setup apart from sharing and im been fiddling for a while now.
View 1 Replies View RelatedI would like to create a dedicated Samba print server. I have two printers on my LAN, one printer came with its own NIC and the other is on a Win server box. I would like to setup Samba so that I can just access that server (Samba printer server) and both network printers will show up on there for me to connect to. On that note, can I also load the drivers on my Samba server? Drivers for different Windows flavours and also Mac OSX drivers.
View 1 Replies View RelatedI'm trying to setup two samba shares on ubuntu server 10.04.1 lts x64
The first is a Read-Only share for windows users that doesn't require a password. This i've managed to do so far.
The second is a Password protected Upload share. So far I am able to have both shares (which access the same directory) but am unable to log in to the pass word protected share.
I know i'm not doing things quite right, and would like a little bit of help
The smb.conf file is the default ubuntu file with these added shares:
Code:
[NAS]
Comment = Network Attached Storage
path = /media/RAID/NAS
browseable = yes
[Code].....
I want to setup samba on Maverick. This is the case. I have 2 folders want to be shared, freeaccess and restrictedaccess. The freeaccess folder can be accessed by everyone on network. The restritedaccess folder can only be accessed with account named someone. What I want to ask is, how to setup samba that can solve that case...??
View 9 Replies View RelatedI am trying to set up my Ubuntu 10.04 netbook to see my WinXP desktop's files and vice a versa. I followed the steps in this tutorial thread: HOWTO: Setup Samba peer-to-peer with Windows. I got as far as "Time to add yourself as an samba user." at this point I keep getting the following error:
Code:
sudo smbpasswd -L -a WinXP_User_Name
New SMB password:
Retype new SMB password:
Failed to add entry for user WinXP_User_Name.
My WinXP machine has no password.
My conf file is here:
[global]
; General server settings
; netbios name = WinXP_Computer_Name
server string =
; workgroup = WinXP_WorkStation_Name
announce version = 5.0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
passdb backend = tdbsam
security = user .....
I have the follow environment
PDC SAMBA + OPEN LDAP (ubuntu 9.04)
Linux (File Servers) + Windows machines all working well
I'm trying to set up a share drive on my new server using ubuntu 9.10 with samba (v 3.4) and ldapclient and the shares are not working when I defined Valid Users for share folders, that keep me ask me about my user and password, on the logs I have:
[2010/03/15 10:24:10, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
This is my smb.conf
[global]
workgroup = FLOWCONNECT
server string = OSLO SAMBA FILE SERVER [code].....
I have the same set up on my File Server (Ubuntu 9.04) which use samba 3.3 is working fine.Someone know if has some different setting between samba 3.3 (ubuntu 9.04) and samba 3.4 (ubuntu 9.10) that could cause this problem ?
I want to build a domain like abc.com in my LAN environment. Kindly tell me step by step procedure of installing OpenLDAP on CentOS 5.3.
View 2 Replies View RelatedI configured OpenLdap and now I want to configure it using TLS-SSL
But I cannot get it working with the Linux clients. Environment: Centos 5.5
Openldap Server configuration:
CentOS 5.2. Openldap server-2.3.27-8.el5_2.4 I'm trying to get the server to do two things. One is allow authentication--that is, if a client is configured to use openldap for authentication, it should be able to access this server.
In other words, on machine_2, a client, doing getent passwd (as a quick test) will show the users in the openldap database. The more or less out of the box configuration works for this. However, as soon as I start trying to add ACLs, it stops working. For example, I want to restrict access to an address book which is also in the database. So I have
access to base.dn(changing base to subtree makes no difference) "ou=addressbook,dc=example, dc=com"
by users read by anonymous auth Now, even though this is just the address book, after that, an ldap client can no longer get the names of users in ou=People, and using the ldap server for authentication doesn't work.
I don't understand what I'm missing. ACLs are supposed to work first match wins. *IF* I add under that, access to * by * read, it will work, but the address book can then be accessed without a bind dn.
I am not sure what I'm overlooking. If I put in any sort of access control, the only way that clients can continue to use the server for authentication is adding that access to * (or to dc=example,dc=com"), by * read. I tried using access to ou=Group and ou=Peoplle by * read, thinking that would allow the clients to authenticate, but that doesn't work either, The idea is to allow any machine configured as a client to use it for authentication, but also to restrict viewing the address book only to those with a proper bind dn name.
I am facing the following error when im trying to install the openldap and running the ./ configure command.
./configure
Configuring OpenLDAP 2.4.21-Release ...
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
[Code]...
I can't get the client server to authenticate to the openldap server. I can authenticate on the server itself though. I can su to, login and shh into the openldap server and become a ldap user. I just can't become an ldap user on the client.I didn't setup TLS/SSL. I can do that after I have it working. I'm using hashed passwords though. I don't have replication setup. I'm am tying to setup the most basic openldap environment then build from there. I have read the openldap section in the admin guide.
My setup at home.
Openldap server � light.deathnote.net -- 10.0.1.21
client server � vm-centos01.deathnote.net � 10.0.1.7 -- VM on virtualbox
Virtualbox host � L (OS MAC) � 10.0.1.2
router (apple airport extreme) / default gatway � 10.0.1.1
All computer can reach the internet and ping each other. When I installed centos I disabled SELinux.I used these guids to setup my openldap.
[URL]
Below I have included some output from the files I'm using with openldap.
[root@vm-centos01 ~]# tail /var/log/messages
Jul 2 09:25:33 vm-centos01 xfs: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://light.deathnote.net: Can't contact LDAP server
Jul 2 09:25:49 vm-centos01 xfs: nss_ldap: failed to bind to LDAP server ldap://10.0.1.21/: Can't contact LDAP server
[code]....
I am setting up a LDAP server in Fedora 13 system. I did the installation of the packages of openldap-server, openldap-client and openldap-server-sql (beause I may use sql as backend, install first). However, when I did the setup check by command: dapadd -f stooges.ldif -xv -D "cn=StoogeAmin,o=stooges" -h 127.0.0.1 -w secret1
and always says: ldap_bind: Invalid credentials (49) I am using slapd.conf for test as below. I did check the password are same.
[Code]...
I followed the instructions here:
[URL]
This is on CentOS 5.5 with all the latest updates.
I changed rootdn and rootpw in /etc/openldap/slapd.conf with the info for my domain and with an encrypted password using slapcat.
Now when I try to use slapadd like so:
ldapadd -x -D "cn=admin,dc=domain,dc=com" -w passwd -f /tmp/base.ldif
I get the error: ldap_bind: Invalid credentials (49)
I feel like this is a pretty basic/default setup, I haven't changed anything else in /etc/openldap/slapd.conf but for some reason it's not authenticating using the rootpw and rootdn information that I've provided in the config file.
I would like to remove openldap from my Centos home-server..
Centos offers me:
Quote:
Removing:
openldap i386 2.3.43-12.el5_5.2 installed 592 k
openldap x86_64 2.3.43-12.el5_5.2 installed 598 k
[Code]...
..obviously I'll not remove openldap by this operation.. but my question is: there is another way to remove a single package with yum without "consequences"?