samba-tng + openldap

epp719 epp719 at aretousa.epp.teiher.gr
Mon Nov 3 18:46:28 EET 2003 

hello katarxas.. exw ena mikro problima. stinw ena samba-tng ekdosi 0.4 me 
openldap 2.0.27. to ldap ipostirizei ldbm backend kai apo oso mporw na 
katalavw douleuei kanonika afou me to jxplorer kanw kanonika login kai na 
dw ta entries. to problima iparxei (nomizw) ston samba-tng server otan 
dinw:
samba-tng-0.4/source/bin/samedit -S . -U root -c 'samuserset administrator -p 123456'
kai pernw error:
SAM Set User Info: administrator
Password: 123456
SAMR_LOOKUP_NAMES: NT_STATUS_NONE_MAPPED
Set User Info: Failed
Password change failed
samuserset: FAILED
Exit Status: NT_STATUS_UNSUCCESSFUL

san localxristis administrator iparxei sto /etc/passwd kai /etc/shadow
ta .conf files pou xrisimopoiw san attach
sorry gia to mege8os tou mail kai elpizw na einai i swsti lista pou kanw 
post:)

-- 
I am SysAdmin of my own brain...
Working on a Windows for Workgroup

-------------- next part --------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/redhat/rfc822-MailMember.schema
include		/etc/openldap/schema/redhat/autofs.schema
include		/etc/openldap/schema/redhat/kerberosobject.schema
include		/etc/openldap/schema/unix.schema-v2
include         /etc/openldap/schema/sambatng.schema-v3
include		/etc/openldap/schema/slapd.at.conf
include		/etc/openldap/schema/slapd.oc.conf
#include		/etc/openldap/schema/ldaputils.schema
pidfile	/var/run/slapd.pid
argsfile	//var/run/slapd.args
#suffix "dc=lan"
# Create a replication log in /var/lib/ldap for use by slurpd.
replogfile	/var/lib/ldap/master-slapd.replog
schemacheck on
loglevel 256

database ldbm
suffix "dc=lan"
directory "/var/lib/ldap"
sizelimit 1000
index objectClass,uidNumber,gidNumber,uid pres,eq
index cn,mail,surname,givenname eq,subinitial


access to attribute=userPassword 
	by dn="cn=root,dc=lan" write
access to attribute=userPassword 
	by anonymous auth
access to attribute=userPassword 
	by self write
access to attribute=userPassword 
	by * none
access to *
	by dn="cn=root,dc=lan" write
rootdn	"cn=root,dc=lan"
rootpw	secret
-------------- next part --------------
[global]  

# ldap stuff
        ldap suffix = "dc=lan,o=EPP"
        ldap bind as = "cn=root,dc=lan"
        ldap passwd file = /usr/local/samba-tng/private/ldappasswd
# if the ldap server resides in the same machine you can use localhost 
ldap server = localhost 
ldap port = 389 
ldap scope = sub

# the password will expire in 30 days since the last change
password expire time = 30

comment = Linux Auth Samba-TNG Server
workgroup = VIPS
netbios name = UNIX
security = user 
status = yes 

#wins server = 157.27.252.10

null passwords = yes
encrypt passwords = yes 
domain logons = yes 
logon drive = H:
#logon script = scripts\startup.bat
logon home = \\UNIX\homes

# Many different ways of doing a roaming profile
;logon path = \\%N\%U\Profile
;logon path = \\%N\%H\Profile
logon path = \\UNIX\profiles\%U
;logon path = \\%N\profiles\%U

# My preferred mandatory profile
# Make it ending with .man, if you want not to allow users 
# to login if profile is not available
#logon path = \\arena\profiles\default.man

guest account = nobody
share modes = no 
os level = 65

local master = yes
domain master = yes
preferred master = yes

; sync samba with unix password
unix password sync = yes
passwd program = /usr/local/sbin/ldapsync.pl -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying*
;passwd chat debug = Yes
;debug level = 100

time server = yes

[homes] 
guest ok = no 
read only = no 
create mask = 0700 
directory mask = 0700 
oplocks = false 
level 2 oplocks = false
locking = no 

[netlogon] 
;utmp = yes
path = /home/samba/netlogon 
writeable = no 
guest ok = no
; netlogon share must (?) be browsable for the profiles
browseable = no
public = no
preexec = echo "%T - user %u connected to %S from %m (%I)" >>/tmp/log
postexec = echo "%T - user %u disconnected from %S from %m (%I)" >>/tmp/log

[profiles]
path = /usr/local/samba/profiles
writeable = yes
browseable = no
create mode = 0644
directory mode = 0755
guest ok = yes

More information about the Linux-greek-users mailing list