[wplug] Samba + LDAP question (smbldap)
Benjamin Slavin
wplug at bit24.net
Wed Apr 19 10:37:55 EDT 2006
Good Wednesday fellow WPLUG folks,
I am having some difficulty with a setup of CentOS 4.3 with Samba and OpenLDAP. I'm using the smbldap-tools from IDEALX.
I am attempting to run smbldap-populate, but receive the error below.
"failed to add entry: modifications require authentication"
In searching around on Google, people have suggested checking /etc/smbldap-tools/smbldap.conf and smbldap_bind.conf. I did this, but didn't see anything that appeared to be wrong.
I'm including copies of the error, smbldap.conf, smbldap_bind.conf, and an excerpt from slapd.conf. Please note that some pieces of information (including, SIDs, passwords, and hashes) have been removed.
Does anyone have any insight as to what I'm doing wrong or what needs to be done?
Thanks!
--Ben
The error:
==============================================
[root at localhost ~]# smbldap-populate -a root
Populating LDAP directory for domain KEYSTONELAB (S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx)
(using builtin directory structure)
adding new entry: dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 2.
adding new entry: ou=Users,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 3.
adding new entry: ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 4.
adding new entry: ou=Computers,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 5.
adding new entry: ou=Idmap,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 6.
adding new entry: uid=root,ou=Users,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 7.
adding new entry: uid=nobody,ou=Users,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 8.
adding new entry: cn=Domain Admins,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 9.
adding new entry: cn=Domain Users,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 10.
adding new entry: cn=Domain Guests,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 11.
adding new entry: cn=Domain Computers,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 12.
adding new entry: cn=Administrators,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 16.
adding new entry: cn=Account Operators,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 18.
adding new entry: cn=Print Operators,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 19.
adding new entry: cn=Backup Operators,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 20.
adding new entry: cn=Replicators,ou=Groups,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 21.
adding new entry: sambaDomainName=KEYSTONELAB,dc=keystone,dc=ee,dc=pitt,dc=edu
failed to add entry: modifications require authentication at /usr/local/sbin/smbldap-populate line 471, <GEN1> line 21.
Please provide a password for the domain root:
No such object at /usr/local/sbin//smbldap_tools.pm line 326, <DATA> line 283.
==============================================
smbldap.conf
==============================================
SID="S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx"
sambaDomain="KEYSTONELAB"
masterLDAP="127.0.0.1"
masterPort="389"
ldap admin dn="cn=Manager,dc=keystone,dc=ee,dc=pitt,dc=edu"
ldapTLS="0"
verify="none"
suffix="dc=keystone,dc=ee,dc=pitt,dc=edu"
usersdn="ou=Users,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=KEYSTONELAB,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="99"
userSmbHome="\\SAMBA\%U"
userProfile="\\SAMBA\profiles\%U"
userHomeDrive="H:"
mailDomain="ee.pitt.edu"
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
==============================================
smbldap_bind.conf
==============================================
slaveDN="cn=Manager,dc=keystone,dc=ee,dc=pitt,dc=edu"
slavePw="xxxxxxxxxxxxxxxx"
masterDN="cn=Manager,dc=kesytone,dc=ee,dc=pitt,dc=edu"
masterPw="xxxxxxxxxxxxxxxx"
==============================================
a breif excerpt from /etc/openldap/slapd.conf
==============================================
suffix "dc=keystone,dc=ee,dc=pitt,dc=edu"
rootdn "cn=Manager,dc=keystone,dc=ee,dc=pitt,dc=edu"
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
==============================================
More information about the wplug
mailing list