[K12OSN] SMB/LDAP configure errors
Robert Moskowitz
rgm at htt-consult.com
Fri Aug 4 20:03:24 UTC 2006
Hello,
I am running on Centos 4.3.
I ran the lastest smb-ldap.pl script on my Centos system and had some
errors. First to cover what I did.
After my basic setup, I installed yumex, perl-LDAP and perl-Net-LDAP via
yum.
I added the dag and karanbir repos and got yumex ready.
I started the script, specifing FC5.
After it installed the rpms it carried along with it, and before I went
on to the configuration part, I switched over to yumex and updated those
rpms. The latest Centos versions were available from the extra repos.
Then I continued with the config. Every things SEEMed to go ok. I
rebooted, checked that all services were running and there were no
updates to install via yumex. Did a scatldap and
nothing.
So here is my smbldap-configure.log (fairly long, sorry, but did not
want to cut anything). You get far enough down, and you will see the
errors.
=================================
###########################################################
Starting Samba/LDAP Config: Wed Aug 2 13:01:26 2006
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
Furthermore, you should definitely not run this script on an existing
LDAP production server unless you've tested everything and you are
confident that you know what you are doing.
Consider yourself warned!
Executable for slapcat found: /usr/sbin/slapcat
Executable for slapd found: /usr/sbin/slapd
Executable for smbd found: /usr/sbin/smbd
Executable for smbldap-populate found: /opt/IDEALX/sbin/smbldap-populate
smbusers: using /etc/samba/smbusers
openldap_ldap.conf: using /etc/openldap/ldap.conf
slapd.conf: using /etc/openldap/slapd.conf
fedora_slapd.pid: using /var/run/slapd.pid (guessed)
etc_ldap.conf: using /etc/ldap.conf
cosine.schema: using /etc/openldap/schema/cosine.schema
ubuntu_libnss_ldap.conf: using /etc/libnss-ldap.conf (guessed)
samba.schema: using /etc/openldap/schema/samba.schema (guessed)
smbldap_bind.conf: using /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
core.schema: using /etc/openldap/schema/core.schema
smb.conf: using /etc/samba/smb.conf
ubuntu_pam_ldap.conf: using /etc/pam_ldap.conf (guessed)
DB_CONFIG: using /var/lib/ldap/DB_CONFIG (guessed)
inetorgperson.schema: using /etc/openldap/schema/inetorgperson.schema
nis.schema: using /etc/openldap/schema/nis.schema
smbldap.conf: using /etc/opt/IDEALX/smbldap-tools/smbldap.conf
Unable to read answers input file
(/root/smbldap-installer/smbldap-configure.answers).
I found the smbldap-tools in /opt/IDEALX/sbin/
First, we must establish what the rootdn of your LDAP directory will be.
It is considered the best practice to use your normal DNS domain name
here, but this is not required.
In any case, you must enter a domain name with two parts separated by a
period. For example, "two.parts" would work.
Please enter your domain name: [example.net] Using domain=htt-consult.com
Using dc_domain=dc=htt-consult,dc=com
Next, we must know what your Windows Domain (workgroup) is named.
This can be anything you like, but once you've picked one for the PDC
you must use the same one for every BDC.
Please enter your windows domain (workgroup) name: [HTTCONSULTCOM] Using
Windows domain=HTT
I'm so excited, I simply *must* know the Windows Netbios name of the PDC
you are configuring.
You *will* tell me, won't you?
It would be positively *scandalous* (or, dare I say, "dysfunctional") if
this name were not a unique name on your network...
Please enter your windows netbios name: [HTT-PDC] Using Windows netbios
name=HOMEBASE
Next, you must enter your root and LDAP password.
By default, this password will be used for binding to the rootdn to
perform LDAP updates, and it will also be set as root's password in LDAP
and Samba.
You must consistently use the same password starting with the first PDC
you create.
(You can change the root user's password later using 'smbldap-passwd
root' if you wish.)
Please enter your LDAP password (CAUTION! This may appear on the screen!):
stty -echo
stty echo
Please verify your LDAP password:
stty -echo
stty echo
So many options there are!
When your users log into Windows, their home directory will
automatically be mapped for them.
You can choose which drive letter their home directory will mapped to.
Please enter the home directory drive mapping letter for Windows: [X]
Using Windows user space drive letter=H
We each have things we want to keep secret, and the contents of your
Samba server should be one of yours.
You can probably accept the default here unless one of the interfaces on
this server is connected directly to the Internet.
I do not recommend that you let an Internet-facing interface serve Samba.
Your system has the following network interfaces.
eth0: 65.78.84.202
Please enter a comma-separated list of the interfaces
connected to your Windows/SAMBA network: [eth0]
Using net_interfaces=eth0
You have chosen...wisely.
NFS is so much fun, we could share files to everyone!
NFS can be used to share files from this server to other Linux systems.
If you have Linux clients (or an LTSP server separate from this system)
on your network, you'll want NFS.
If you want me to help you export your entire /home directory via NFS,
then answer 'y' below.
If you know how to handle /etc/exports all by yourself, then feel free
to say 'n' and I'll leave you alone.
I REALLY do not recommend that you let an Internet-facing interface
serve NFS.
Will other Linux machines need to access home directories
stored on this server? [y/N] Please enter the network you wish to allow
NFS access to /home on this system.
Here is a guess based on your current network configuration:
65.78.84.202/255.255.255.248
Please enter the network you wish to allow NFS access to /home on this
system.
Here is a guess based on your current network configuration:
65.78.84.202/255.255.255.248
Using nfs_net=65.78.84.192/255.255.255.192
I'm done asking questions for now.
If you want to go back and change an answer, type CTRL-C and re-run this
script.
Otherwise, hit Enter to continue.Running /etc/init.d/ldap stop
/etc/init.d/ldap stop
Stopping slapd: �[60G[�[0;31mFAILED�[0;39m]
Running /etc/init.d/smb stop
/etc/init.d/smb stop
Shutting down SMB services: �[60G[�[0;31mFAILED�[0;39m]
Shutting down NMB services: �[60G[�[0;31mFAILED�[0;39m]
Running /etc/init.d/nscd stop
/etc/init.d/nscd stop
Stopping nscd: �[60G[�[0;31mFAILED�[0;39m]
Using chkconfig to set nscd to "off" during boot...
chkconfig nscd off
Success!
Backing up "/etc/samba/smbusers" at
"/etc/samba/smbusers-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/samba/smbusers" "/etc/samba/smbusers-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/openldap/ldap.conf" at
"/etc/openldap/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/openldap/ldap.conf"
"/etc/openldap/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/openldap/slapd.conf" at
"/etc/openldap/slapd.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/openldap/slapd.conf"
"/etc/openldap/slapd.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/ldap.conf" at "/etc/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/ldap.conf" "/etc/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/samba/smb.conf" at
"/etc/samba/smb.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/samba/smb.conf" "/etc/samba/smb.conf-Wed_Aug__2_13_01_26_2006.bak"
Running /etc/init.d/ldap restart
/etc/init.d/ldap restart
Stopping slapd: �[60G[�[0;31mFAILED�[0;39m]
Checking configuration files for slapd: config file testing succeeded
�[60G[ �[0;32mOK�[0;39m ] Starting slapd: �[60G[ �[0;32mOK�[0;39m ]
Using chkconfig to set ldap to "on" during boot...
chkconfig ldap on
Success!
Setting the manager smbpasswd...
smbpasswd -w xxxxxxxx <- I editted this line. Hope I got all
passwords exposed in the log.
Setting stored password for "cn=Manager,dc=htt-consult,dc=com" in
secrets.tdb
Grabbing local SID...success!
Backing up "/etc/samba/smbusers" at
"/etc/samba/smbusers-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/samba/smbusers" "/etc/samba/smbusers-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/openldap/ldap.conf" at
"/etc/openldap/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/openldap/ldap.conf"
"/etc/openldap/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/openldap/slapd.conf" at
"/etc/openldap/slapd.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/openldap/slapd.conf"
"/etc/openldap/slapd.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/ldap.conf" at "/etc/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/ldap.conf" "/etc/ldap.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/openldap/schema/samba.schema" at
"/etc/openldap/schema/samba.schema-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/openldap/schema/samba.schema"
"/etc/openldap/schema/samba.schema-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/etc/samba/smb.conf" at
"/etc/samba/smb.conf-Wed_Aug__2_13_01_26_2006.bak"
cp "/etc/samba/smb.conf" "/etc/samba/smb.conf-Wed_Aug__2_13_01_26_2006.bak"
Backing up "/var/lib/ldap/DB_CONFIG" at
"/var/lib/ldap/DB_CONFIG-Wed_Aug__2_13_01_26_2006.bak"
cp "/var/lib/ldap/DB_CONFIG"
"/var/lib/ldap/DB_CONFIG-Wed_Aug__2_13_01_26_2006.bak"
Running smbldap-populate...
printf "l2d0a0p6\nl2d0a0p6" | smbldap-populate -a root -u 10000 -g 10000
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 2.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 3.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 4.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 5.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 6.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 7.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 8.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 9.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 10.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 11.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 12.
failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate
line 471, <GEN1> line 16.
failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate
line 471, <GEN1> line 18.
failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate
line 471, <GEN1> line 19.
failed to add entry: Bad file descriptor at /usr/sbin/smbldap-populate
line 471, <GEN1> line 20.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 21.
failed to add entry: Can't contact LDAP server at
/usr/sbin/smbldap-populate line 471, <GEN1> line 21.
Populating LDAP directory for domain IDEALX-NT
(S-1-5-21-4205727931-4131263253-1851132061)
(using builtin directory structure)
adding new entry: dc=idealx,dc=org
adding new entry: ou=Users,dc=idealx,dc=org
adding new entry: ou=Groups,dc=idealx,dc=org
adding new entry: ou=Computers,dc=idealx,dc=org
adding new entry: ou=Idmap,dc=idealx,dc=org
adding new entry: uid=root,ou=Users,dc=idealx,dc=org
adding new entry: uid=nobody,ou=Users,dc=idealx,dc=org
adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Administrators,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Account Operators,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=org
adding new entry: cn=Replicators,ou=Groups,dc=idealx,dc=org
adding new entry: sambaDomainName=IDEALX-NT,dc=idealx,dc=org
Please provide a password for the domain root:
Can't contact LDAP server at /usr/sbin//smbldap_tools.pm line 341,
<DATA> line 283.
success.
Setting root's smbpasswd...
printf "xxxxxxxx\nxxxxxxxx" | smbpasswd -s root
smbldap_search_suffix: Problem during the LDAP search: (No such object)
smbldap_search_suffix: Problem during the LDAP search: (No such object)
Failed to find entry for user root.
Failed to modify password entry for user root
Running /etc/init.d/smb restart
/etc/init.d/smb restart
Shutting down SMB services: �[60G[�[0;31mFAILED�[0;39m]
Shutting down NMB services: �[60G[�[0;31mFAILED�[0;39m]
Starting SMB services: �[60G[ �[0;32mOK�[0;39m ]
Starting NMB services: �[60G[ �[0;32mOK�[0;39m ]
Using chkconfig to set smb to "on" during boot...
chkconfig smb on
Success!
Creating the /opt/samba/profiles directory...
mkdir -p /opt/samba/profiles
Setting permissions for /opt/samba/profiles...
chmod 1777 /opt/samba/profiles
Creating the /opt/samba/netlogon directory...
mkdir -p /opt/samba/netlogon
Creating sample startup.bat file...
Running authconfig...
authconfig --kickstart --useshadow --usemd5 --enableldap
--enableldapauth --ldapserver="127.0.0.1"
--ldapbasedn="dc=htt-consult,dc=com" --enablecache
setsebool: SELinux is disabled.
Stopping nscd: �[60G[�[0;31mFAILED�[0;39m]
Starting nscd: �[60G[ �[0;32mOK�[0;39m ]
success.
Setting up NFS share of /home by adding the following line to /etc/exports:
/home 65.78.84.192/255.255.255.192(rw,sync)
Edit this file later to change the export parameters.
Running /etc/init.d/nfs restart
/etc/init.d/nfs restart
Shutting down NFS mountd: �[60G[�[0;31mFAILED�[0;39m]
Shutting down NFS daemon: �[60G[�[0;31mFAILED�[0;39m]
Shutting down NFS quotas: �[60G[�[0;31mFAILED�[0;39m]
Shutting down NFS services: �[60G[ �[0;32mOK�[0;39m ]
Starting NFS services: �[60G[ �[0;32mOK�[0;39m ]
Starting NFS quotas: �[60G[ �[0;32mOK�[0;39m ]
Starting NFS daemon: �[60G[ �[0;32mOK�[0;39m ]
Starting NFS mountd: �[60G[ �[0;32mOK�[0;39m ]
This script has appended its output to
/root/smbldap-installer/smbldap-configure.log.
Congratulations! It looks like we've succeeded.
You'll need to cycle any clients you configure to init 1 and back before
you can authenticate to this server.
(Note that if this system authenticates to its own LDAP server, it
must be cycled.
A reboot will accomplish this cycle, if you don't know how to do it
otherwise.)
Please note your LDAP base: dc=htt-consult,dc=com
Bye-bye.
==============================
So it looks like there were some sort of password passing problems, at
least?
More information about the K12OSN
mailing list