| View previous topic :: View next topic |
| Author |
Message |
nox_freak
n00b
Joined: 15 Jun 2005
Posts: 3
|
 Posted: Thu Jun 16, 2005 7:01 pm Post subject: id2entry.dbb and Invalid credentials |
 |
|
I'm trying to get a Samba PDC up and running with a OpenLDAP backend. I've worked thought most of the problems but the most resent one I can't seem to fix.
When I try and search the ldap data base I get a error: ldap_bind: Invalid credentials (49)
[/code]
debug output:
| Code: |
# ldapsearch -x -b "cn=Manager,dc=domain,dc=com" "(objectclass=*)" -W -d 255
ldap_create
Enter LDAP Password:
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 20 bytes to sd 3
0000: 30 12 02 01 01 60 0d 02 01 03 04 00 80 06 73 65 0....`........se
0010: 63 72 65 74 cret
ldap_write: want=20, written=20
0000: 30 12 02 01 01 60 0d 02 01 03 04 00 80 06 73 65 0....`........se
0010: 63 72 65 74 cret
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Jun 16 11:38:24 2005
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 31 04 00 04 00 .1....
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x08053728 ptr=0x08053728 end=0x08053734 len=12
0000: 02 01 01 61 07 0a 01 31 04 00 04 00 ...a...1....
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08053728 ptr=0x0805372b end=0x08053734 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x08053728 ptr=0x0805372b end=0x08053734 len=9
0000: 61 07 0a 01 31 04 00 04 00 a...1....
ber_scanf fmt (}) ber:
ber_dump: buf=0x08053728 ptr=0x08053734 end=0x08053734 len=0
ldap_msgfree
ldap_perror
ldap_bind: Invalid credentials (49)
|
If I run a slapindex -d 1 command I get the fallowing error:
| Code: |
slapindex startup: initiated.
backend_startup: starting "dc=domain,dc=com"
=> ldbm_cache_open( "id2entry.dbb", 16, 600 )
<= ldbm_cache_open NULL "id2entry.dbb" errno=2 reason="No such file or directory")
Could not open/create id2entry.dbb
slapindex: could not open database.
|
Here are my config files:
slapd.conf
| Code: |
# Global Section
## Include the minimum schema required.
include /etc/openldap/schema/core.schema
## Added to support the inetOrgPerson object
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/inetorgperson.schema
## Add logging parameters
loglevel 296
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
## TLS options for slapd
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
## Misc security settings
password-hash {SSHA}
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=domain,dc=com"
rootdn "cn=Manager,dc=domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}encrypted password
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data/biztechinfo.biz
## Files should be created rw for the owner **only**.
mode 0600
# Indices to maintain
index objectClass eq
index cn,sn,mail eq,sub
index departmentNumber eq
|
smb.conf
| Code: |
[global]
netbios name = bizpdc
workgroup = biztechinfo
server string = PDC
local master = yes
domain master = yes
preferred master = yes
so level = 65
passdb backend = ldapsam_compat:ldap://localhost
## Security Settings
security = user
encrypt password = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
## Interface Settings
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
## Domain Logon Settings
domain logon = yes
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\
## Services Settings
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
## Users Settings
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
passwd program = /usr/bin/passwd %u
passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
## Other Settings
unix charset = ISO8859-1
## LDAPsam-related
ldap admin dn = "cn=smbadmin,ou=people,dc=biztechinfo,dc=biz"
ldap server = localhost
ldap ssl = start_tls
ldap port = 389
ldap suffix = "ou=people,dc=biztechinfo,dc=biz"
ldap filter = "(&(uid=%U)(objectclass=sambaAccount))"
|
Thanks
_________________
::--=[ N O X . F r e a k ]=--:: |
|
| Back to top |
|
 |
Mankale
Tux's lil' helper
Joined: 20 Jan 2004
Posts: 76
|
| Posted: Thu Jun 16, 2005 8:43 pm Post subject: |
|
|
| does the user running slapd has the rights to create files in the location where the id2entry.dbb goes? |
|
| Back to top |
|
|
nox_freak
n00b
Joined: 15 Jun 2005
Posts: 3
|
| Posted: Thu Jun 16, 2005 8:48 pm Post subject: Running as root |
|
|
I'm running as root, but I don't know were the file gose. I'm all so getting a new error when trying to start slapd
| Code: |
line 415 (objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $sambaLogonHours)))
/etc/openldap/schema/samba.schema: line 415: AttributeType not found: "displayName"
slapd shutdown: freeing system resources.
slapd stopped.
|
_________________
::--=[ N O X . F r e a k ]=--:: |
|
| Back to top |
|
|
Mankale
Tux's lil' helper
Joined: 20 Jan 2004
Posts: 76
|
| Posted: Thu Jun 16, 2005 9:08 pm Post subject: |
|
|
| thats a schema error. samba seems to add an attribute that ldap doesn't know, because its not in the schema. |
|
| Back to top |
|
|
nox_freak
n00b
Joined: 15 Jun 2005
Posts: 3
|
| Posted: Thu Jun 16, 2005 11:08 pm Post subject: |
|
|
Fixed the displayName error you have to include inetorgperson.schema BEFORE including your samba.schema.
_________________
::--=[ N O X . F r e a k ]=--:: |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
