Fedora-Fr - Communauté francophone Fedora - Linux

brildji

Membre

Inscription : 09/06/2009

Messages : 38

ERROR: 'ldap admin dn' not defined! Please check your smb.conf

salut recevez mes salutations
je suis entrain de configurer mon serveur smb mais j'ai cette erreur
ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Arnaud.M

Membre

Lieu : Savigny le Temple

Inscription : 03/04/2006

Messages : 108

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Salut Brildji.

tu dois certainement être en train de configurer Samba en liaison avec LDAP ?

Dis-nous en un peu plus, stp !!

Thx.

---

Fedora Enthusiastic User Since 2003

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

mes fichiers slapd.conf. et smb.conf
slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/lib/openldap
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload back_sql.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload syncprov.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la

# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.  Your client software
# may balk at self-signed certificates, however.
 TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 TLSCertificateFile /etc/pki/tls/certs/slapd.pem
 TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=solidintra,dc=sn"
rootdn          "cn=baba,dc=solidintra,dc=sn"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
  rootpw                secret
  rootpw                {SSHA}Gf/BUgSioCybkeg3eg7fPNq3+yqMoxqZ

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
      by self write
      by anonymous auth
      by * none
access to *
      by * read

smb.conf

#======================= Global Settings =====================================

[global]

# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = SOLIDINTRA
        server string = Samba Server Version %v

        netbios name = SERVEUR

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
        hosts allow = 127. 10.0.0. 10.0.0.100

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        log level = 1
        max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

 security = share
        encrypt passwords = true
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *


;       security = domain
;       passdb backend = tdbsam
;       realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;       security = user
;       passdb backend = tdbsam

        domain master = yes
        domain logons = yes

        # the login script name depends on the machine name
;       logon script = %m.bat
        # the login script name depends on the unix user used
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # disables profiles support by specifing an empty path
        logon path = \\%L\profiles\%U

        add user script = /usr/sbin/useradd "%u" -n -g users
        add group script = /usr/sbin/groupadd "%g"
        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user script = /usr/sbin/userdel "%u"
        delete user from group script = /usr/sbin/userdel "%u" "%g"
        delete group script = /usr/sbin/groupdel "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        passwd program = /usr/sbin/smbldap-passwd -u %u


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
        local master = yes
        os level = 66
        preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one        WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

        wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes

        dns proxy = no

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

        load printers = yes
        cups options = raw

;       printcap name = /etc/printcap
        #obtain list of printers automatically on SystemV
        printcap name = cups
        printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares
;       map archive = no
;       map hidden = no
;       map read only = no
;       map system = no
;       store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
;       [public]
;       comment = Public Stuff
;       path = /home/samba
;       public = yes
;       writable = yes
;       printable = no
;       write list = +staff
[Share]
        path = /home/share
        writable = yes
        guest ok = yes
        guest only = yes
        create mode = 0777
        directory mode = 0777
        share modes = yes
 oplocks = No
 level2 oplocks = No
 kernel oplocks = No


 template shell = /bin/false
 winbind use default domain = no


 ;option LDAP
 passdb backend = ldapsam:ldap://127.0.0.1
 ldap suffix = dc=solidintra,dc=sn
 ldap machine suffix = ou=Machines
 ldap user suffix = ou=Users
 ldap group suffix = ou=Group
 ldap admin dn = "cn=baba,dc=solidintra,dc=sn"

 ldap passwd sync = Yes
 enable privileges = Yes
# Table d'encodage des caractères (je fixe sur celui-là pour avoir le même que sous windows)
 Unix Charset = ISO8859-15
admin users = @Administrators

 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no
   browseable = no


 [profiles]
   path = /serveur/profiles
   browseable = no
   guest ok = yes

Dernière modification par Pikachu_2014 (24/06/2009 16:28:12)

Arnaud.M

Membre

Lieu : Savigny le Temple

Inscription : 03/04/2006

Messages : 108

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Salut Brildji,

Merci pour les fichiers de conf.

À première vue, la directive ldap admin dn est bien configurée dans ton smb.conf.

J'ai testé de mon côté, le fait que cn=truc,dc=bidule,dc=local soit entouré par des guillemets ne change rien au problème

Peut-être n'as tu pas défini le mot de passe via la commande smbpasswd ?

Quel tutoriel es-tu en train de suivre ?

Thx.

---

Fedora Enthusiastic User Since 2003

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

salut Arnaud

j'utilise le tutorial qui se trouve sur le site de fedora   "Configuration d'un serveur d'authentification Openldap Samba"

c'est l'erreur que j'ai en tapant la commande smbpasswd -w "ERROR: 'ldap admin dn' not defined! Please check your smb.conf"

Heldwin

Edits Master ^^

Lieu : Suisse

Inscription : 07/10/2008

Messages : 2 765

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

J'ai de la peine avec ton smb.conf, il y a trop d'infos en commentaires et des paramètres un peu dans tous les sens ^^
A ta place, j'essayerais de clarifier ton fichier, ça va vite devenir l'enfer sinon :) (mais bon, je ne suis pas à ta place)

Tu as en tout cas 2 définitions passdb backend :
passdb backend = tdbsam (3x il me semble, dont 2 fois commenté)
passdb backend = ldapsam:ldap://127.0.0.1

Tu peux essayer la commande:
testparm
?

EDIT:

Et là-dedans il y a un mix de commandes, pas tous n'utilisent les smbldap-tools:

add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"
delete group script = /usr/sbin/groupdel "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

EDIT2:

Je ne connais pas cette manière de faire:

add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"

C'est pas mieux de mettre:
-d /dev/null
?

EDIT3:

Essaye aussi de remonter tout ce bloc avant la définition des partages.
Car à mon avis, c'est pris pour la fin du partage [Share] et pas pris dans [global].

oplocks = No
level2 oplocks = No
kernel oplocks = No


template shell = /bin/false
winbind use default domain = no


;option LDAP
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=solidintra,dc=sn
ldap machine suffix = ou=Machines
ldap user suffix = ou=Users
ldap group suffix = ou=Group
ldap admin dn = "cn=baba,dc=solidintra,dc=sn"

ldap passwd sync = Yes
enable privileges = Yes
# Table d'encodage des caractères (je fixe sur celui-là pour avoir le même que sous windows)
Unix Charset = ISO8859-15
admin users = @Administrators

Et

security = user , à la place de share

Dernière modification par Heldwin (23/06/2009 14:03:13)

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

merci pour vos réponses aussi rapides

quand je redémarre les daemons smb et ldap tout est ok
mais je n'arrive pas à connecter ma machine dans mon domaine

et quand j'essai d'ajouter un ordinateur dans l'annuaire j'ai cette erreur

[root@serveur /]# /usr/sbin/smbldap-useradd -w solid1$
failed to perform search; No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 374.
Error looking for next uid in sambaDomainName=sambaDomain,dc=solidintra,dc=sn:No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1071.

un utilisateur

[root@serveur /]# /usr/sbin/smbldap-useradd baba
failed to perform search; No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 374.
Error looking for next uid in sambaDomainName=sambaDomain,dc=solidintra,dc=sn:No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1071.

[root@serveur /]# /usr/sbin/smbldap-useradd -o baba
(c) Jerome Tournier - (jtournier@gmail.com)- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
  -a    is a Windows User (otherwise, Posix stuff only)
  -b    is a AIX User
  -c    gecos
  -d    home
  -g    gid
  -i    is a trust account (Windows Workstation)
  -k    skeleton dir (with -m)
  -m    creates home directory and copies /etc/skel
  -n    do not create a group
  -o    add the user in the organizational unit (relative to the user suffix. Ex: 'ou=admin,ou=all')
  -u    uid
  -s    shell
  -t    time. Wait 'time' seconds before exiting (when adding Windows Workstation)
  -w    is a Windows Workstation (otherwise, Posix stuff only)
  -A    can change password ? 0 if no, 1 if yes
  -B    must change password ? 0 if no, 1 if yes
  -C    sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
  -D    sambaHomeDrive (letter associated with home share, like 'H:')
  -E    sambaLogonScript (DOS script to execute on login)
  -F    sambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo')
  -G    supplementary comma-separated groups
  -H    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
  -M    local mailAddress (comma seperated)
  -N    given name
  -P    ends by invoking smbldap-passwd
  -S    surname (Family name)
  -T    mailToAddress (forward address) (comma seperated)
  -?    show this help message

neowdj

I love Fedora

Lieu : Nice (06)

Inscription : 09/06/2007

Messages : 764

Site Web

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

pouvez vous utiliser la balise code svp

---

Desktop >> 1 Desktop F12 X86_64       | 1 Laptop F13 X86_64
Serveur >> 1 Serveur CentOS 5.5 i386 | 1 Laptop Centos .5.5 i386

Heldwin

Edits Master ^^

Lieu : Suisse

Inscription : 07/10/2008

Messages : 2 765

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Dans slapd.conf, tu as toujours les 2 bindpw ?

Sinon, pour ton erreur, il faut regarder dans le fichier:
/etc/smbldap-tools/smbldap.conf

Peut-être la ligne:
sambaUnixIdPooldn="..."

Dernière modification par Heldwin (24/06/2009 09:50:37)

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Bonjour merci encore

j'ai pas vu bindpw dans mon fichier slapd.conf

et jai changé /etc/smbldap-tools/smbldap.conf
sambaUnixIdPooldn="sollidintra"
mais jusqu'à présent je n'arrive pas à avoir les résultats

Heldwin

Edits Master ^^

Lieu : Suisse

Inscription : 07/10/2008

Messages : 2 765

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

argh, j'ai tapé trop vite :)

rootpw, pas bindpw, désolé.

Tu peux aussi essayer de commenter la ligne avec sambaUnixIdPooldn pour voir si il corrige.

Au faite, as-tu lancé la commande:
smbldap-populate
?

Dernière modification par Heldwin (24/06/2009 11:15:42)

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

merci encore

en effet j'avais pas exécuté la commande /usr/sbin/smbldap-populate mais en le faisant j'ai obtenu ce résultat

[root@serveur baba]# /usr/sbin/smbldap-populate

Populating LDAP directory for domain solidintra (S-1-5-21-3573686894-883991581-1613566355)
(using builtin directory structure)

adding new entry: dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 7.
adding new entry: ou=People,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 12.
adding new entry: ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 17.
adding new entry: ou=Computers,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 22.
adding new entry: ou=Idmap,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 27.
adding new entry: uid=root,ou=People,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 58.
adding new entry: uid=nobody,ou=People,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 89.
adding new entry: cn=Domain Admins,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Group,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 234.
adding new entry: sambaDomainName=solidintra,dc=solidintra,dc=sn
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 242.

Please provide a password for the domain root: 
No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 353.

Dernière modification par Pikachu_2014 (24/06/2009 16:28:50)

Pikachu_2014

Modérateur

Modérateur

Lieu : Boulogne-Billancourt

Inscription : 16/06/2005

Messages : 11 290

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Merci d'utiliser les balises [ code ]   [ /code ] pour poster des logs/longs fichiers...

---

« …elle excitait si puissamment le désir, que je devins alors très incrédule sur sa vertu. »
À propos de Fœdora, dans la Peau de Chagrin (Balzac)

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

salut
quand j'exécute cette commande : ldapadd -x -D cn=baba,dc=solidintra,dc=sn -W -f /tmp/baba.ldif

j'ai l'erreur suivante
ldap_bind: Invalid credentials (49)

proxy

Membre

Lieu : Localhost

Inscription : 15/08/2007

Messages : 8 706

Site Web

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Essaye en ajoutant -x
As tu généré ton pwd du rootDN avec slappasswd et copier/coller dans slapd.conf ?

---

F18 / KDE 4.10.1
Il date de quand votre dernier backup ?

Heldwin

Edits Master ^^

Lieu : Suisse

Inscription : 07/10/2008

Messages : 2 765

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

et as-tu toujours 2 fois le:
rootpw secret
rootpw {SSHA} ...

dans slapd.conf ?

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

salut je suis encore revenu avec mes soucis

tous les services démarrent normalement (smb, slapd, named) tous OK

mais je n'arrive pas à connecter mon ordinateur qui est sous XP dans mon domaine

je n'arrive pas à ajouter un utilisateur dans l'annuaire
j'ai l'erreur suivante

[root@serveur ~]# ldapadd -x -D cn=baba,dc=solidintra,dc=sn -W -f /tmp/baba.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
You have new mail in /var/spool/mail/root
merci d'avance pour votra aide

Arnaud.M

Membre

Lieu : Savigny le Temple

Inscription : 03/04/2006

Messages : 108

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Hello Brildji

Le mot de passe est indiqué aux endroits suivants :

Directive rootpw du fichier /etc/ldap/slapd.conf : créé avec l'utilitaire slappasswd
Directive Masterpw du fichier /etc/smbldap-tools/smbldap_bind.conf : le mot de passe est en clair
Directive Slavepw du fichier /etc/smbldap-tools/smbldap_bind.conf : le mot de passe est en clair

Utilisation de l'utilitaire smbpasswd qui créera le fichier /var/lib/samba/secrets.tdb

Est-ce que tous ces mots de passe sont identiques ?

---

Fedora Enthusiastic User Since 2003

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

merci la réponse
je les ai changé mais jusqu'à présent meme probleme

Heldwin

Edits Master ^^

Lieu : Suisse

Inscription : 07/10/2008

Messages : 2 765

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

Est-ce que:
net getlocalsid
retourne un message du style: SID for domaine trucmuche is: S-1-5-21-.[...]

et regarder dans les logs (/var/log/messages), après un:
getent passwd

Dernière modification par Heldwin (26/06/2009 14:21:16)

brildji

Membre

Inscription : 09/06/2009

Messages : 38

Re : ERROR: 'ldap admin dn' not defined! Please check your smb.conf

salut Merci pour la réponse
si tu pe m'aider aussi à intégre mon portable sur le domaine

[root@serveur ~]# net getlocalsid
SID for domain SERVEUR is: S-1-5-21-756258290-490079566-1220922184

[root@serveur ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpm:x:37:37:RPM user:/var/lib/rpm:/sbin/nologin
pulse:x:499:498:PulseAudio daemon:/:/sbin/nologin
polkituser:x:87:87:PolicyKit:/:/sbin/nologin
avahi:x:498:495:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
torrent:x:497:493:BitTorrent Seed/Tracker:/var/spool/bittorrent:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
baba:x:500:500:Baba Mbaye:/home/baba:/bin/bash
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false