Samba and FDS 7.1 on Fedora Core 4 Error

[Gary_Tay at platts.com (Tay, Gary)]

Leon wrote:
===
if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, 
i suppose the same entry found with the other command:
____________________ [root at fedorac4 ~]# ldapsearch -x -Z
'(uid=Administrator)'
ldap_start_tls: Protocol error (2)
        additional info: unsupported extended operation
===

I suspect that Leon has TWO versions of LDAP products on his Samba+LDAP
server.

I guess "ldapsearch" command he shown is from /usr/bin/ldapsearch which
is most likely OpenLDAP version.

If this is true and Leon is sure that he would prefer FDS bin and lib
path to take precedence, he could do these:

As root user

1) Add a line to end of /etc/bashrc something like:

export PATH=/opt/fedora-ds/shared/bin:$PATH:/opt/IDEALX/sbin

2) Add few lines to beginning of /etc/ld.so.conf, something like:

/opt/fedora-ds/lib
/opt/fedora-ds/share/lib
/opt/fedora-ds/clients/lib
include ld.so.conf.d/*.conf
/usr/X11R6/lib

3) Run "ldconfig"
# ldconfig

4) Check
# ldd `which ldapsearch`

# ldd `which ldapsearch`
        libldap50.so => /opt/fedora-ds/clients/lib/libldap50.so
(0x00c56000)
        libssldap50.so => /opt/fedora-ds/clients/lib/libssldap50.so
(0x00b48000)
        libprldap50.so => /opt/fedora-ds/clients/lib/libprldap50.so
(0x00b1b000)
        libssl3.so => /opt/fedora-ds/clients/lib/libssl3.so (0x00354000)
        libnss3.so => /opt/fedora-ds/clients/lib/libnss3.so (0x00f2c000)
        libsoftokn3.so => /opt/fedora-ds/clients/lib/libsoftokn3.so
(0x00111000)
        libdl.so.2 => ../lib/libdl.so.2 (0x00625000)
        libresolv.so.2 => ../lib/libresolv.so.2 (0x0089d000)
        libpthread.so.0 => ../lib/tls/libpthread.so.0 (0x00733000)
        libplc4.so => /opt/fedora-ds/clients/lib/libplc4.so (0x0020c000)
        libplds4.so => /opt/fedora-ds/clients/lib/libplds4.so
(0x00177000)
        libnspr4.so => /opt/fedora-ds/clients/lib/libnspr4.so
(0x00998000)
        libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00cec000)
        libm.so.6 => ../lib/tls/libm.so.6 (0x0062b000)
        libgcc_s.so.1 => ../lib/libgcc_s.so.1 (0x00db8000)
        libc.so.6 => ../lib/tls/libc.so.6 (0x004fa000)
        /lib/ld-linux.so.2 (0x004e1000)

5) If smbldap tools from IDEALX is used, check that in any bin/lib path
in any config files the need to point them to FDS paths.

My 2-cent.

Rgds
Gary

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Leonardo
Pugliesi
Sent: Thursday, July 21, 2005 9:44 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Samba and FDS 7.1 on Fedora Core 4
Error


Adam Stokes ha scritto:

>On Thu, 2005-07-21 at 10:36 +0200, Leonardo Pugliesi wrote:
>  
>
>>Adam Stokes ha scritto:
>>
>>    
>>
>>>>>Leon,
>>>>>
>>>>>I think since you have an administrator account set already, do
>>>>>
>>>>>smbpasswd Adminsitrator
>>>>>
>>>>>the '-a' switch tells samba to add that user without it will just 
>>>>>change the password and add the appropriate entries to directory 
>>>>>server
>>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list 
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>if i use "smbpasswd Administrator" i get: 
>>>>_______________________________
>>>>[root at fedorac4 ~]# smbpasswd Administrator
>>>>New SMB password:
>>>>Retype new SMB password:
>>>>Failed to find entry for user administrator.
>>>>Failed to modify password entry for user administrator 
>>>>[root at fedorac4 ~]# _______________________________
>>>>so it seems that i can't add Administrator because the entry alredy 
>>>>exists, but i can't modify it because it doesn't exists.....
>>>>am i missing something :-)
>>>>
>>>>thanx
>>>>
>>>>--
>>>>Fedora-directory-users mailing list 
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>   
>>>>
>>>>        
>>>>
>>>What does your smb.conf look like? Also is there anything in the 
>>>samba logs?
>>>
>>>--
>>>Fedora-directory-users mailing list Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>> 
>>>
>>>      
>>>
>>This is smb.conf (global section):
>>
>>[global]
>>   workgroup = FEDORAC4
>>        username map = /etc/samba/smbusers
>>	enable privileges = yes
>>        server string = Samba Server %v
>>   	security = user
>>        encrypt passwords = Yes
>>        min passwd length = 3
>>        obey pam restrictions = No
>>        ldap passwd sync = Yes
>>        #unix password sync = Yes
>>        passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
>>        #passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
>>        ldap passwd sync = Yes
>>        log level = 0
>>        syslog = 0
>>        log file = /var/log/samba/log.%m
>>        max log size = 100000
>>        time server = Yes
>>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>        mangling method = hash2
>>        Dos charset = 850
>>        Unix charset = ISO8859-1
>>        logon script = logon.bat
>>        logon drive = H:
>>        logon home =
>>        logon path =
>>        domain logons = Yes
>>        os level = 65
>>        preferred master = Yes
>>        domain master = Yes
>>        wins support = Yes
>>        passdb backend = ldapsam:ldap://fedorac4.localdomain
>>        #passdb backend = ldap:ldap://fedorac4.localdomain
>>        # passdb backend = ldapsam:"ldap://127.0.0.1/
ldap://slave.idealx.com";
>>	ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
>>        ldap admin dn = cn=Directory Manager
>>        ldap suffix = dc=localdomain
>>        ldap group suffix = ou=Groups
>>        ldap user suffix = ou=People
>>        ldap machine suffix = ou=Computers
>>        ldap idmap suffix = ou=Users
>>        #ldap ssl = start tls
>>        add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
>>        ldap delete dn = Yes
>>        #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
>>        add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
>>        add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" 
>>        #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
>>        add user to group script = /opt/IDEALX/sbin/smbldap-groupmod
-m "%u" "%g"
>>        delete user from group script =
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
>>        set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g

>>"%g" "%u"
>>
>>
>>samba logs is empty
>>Leon
>>
>>
>>
>>
>>--
>>Fedora-directory-users mailing list Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>    
>>
>
>Not sure at this point, looks like you are using idealx scripts for 
>some of the administration maybe they created the admin account?
>
>--
>Fedora-directory-users mailing list Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>  
>
the entry "Administrator.... " has been  created with the ldif2ldap 
method, as shown in the how-to.
the problem, in my opinion, is that if i use "smbldap-usershow 
Administrator" i get the right entry:

_____________________________
[root at fedorac4 ~]# /opt/IDEALX/sbin/smbldap-usershow Administrator
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator at localdomain
objectClass: person,organizationalPerson,inetOrgPerson,posixAccount,top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin
userPassword: {SSHA}2b/re4djmAJmmNCWnJmKcJLGlCRqdGdU
_____________________________

if i use "ldapsearch -x -Z '(uid=Administrator)' i get the right entry, 
i suppose the same entry found with the other command:
____________________ [root at fedorac4 ~]# ldapsearch -x -Z
'(uid=Administrator)'
ldap_start_tls: Protocol error (2)
        additional info: unsupported extended operation
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=Administrator)
# requesting: ALL
#

# Administrator, People, localdomain
dn: uid=Administrator,ou=People,dc=localdomain
uid: Administrator
cn: Samba Admin
givenName: Samba
sn: Admin
mail: Administrator at localdomain
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: Samba Admin

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
[root at fedorac4 ~]#
_________________________________________-

i suppose the two command give me the same entry because sghould be 
querying the same database......

if i use pdbedit -u Administrator
i get
_________________
[root at fedorac4 ~]# pdbedit -u Administrator
Username not found!
[root at fedorac4 ~]#
_________________

so if only samba related commands seem not to work properly perhaps the 
problem is in samba configuration,
but in the guides downloaded from the website i didn't found how to 
configure the part of the file for what concern the scripts of entries 
managemant such as adding users, machine, etc......
what should i do now?

bye leon


--
Fedora-directory-users mailing list Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users