ubuntu 1104 ldap + samba domain controler

lancebermudez

I followed this guid at

http://tuxnetworks.blogspot.com/2010/07/howto-samba-ldap-on-1004-lucid-short.html

I have samba and ldap working so how do i add windows 7 to the samba domain controler? He has a guid on how to add the other linux boxes to the pdc put not windows as far as i can tell that is. I looked at

https://help.ubuntu.com/10.04/serverguide/C/samba-dc.html

put do not know where to use

sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d

I have admin but no sysadmin on my linux box. Could I just use a admin user say JohnDoe to add windows to the domain? Do I use this command on linux box or the windows? I get an error when i try it on linux. also what is this for

net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege \

SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege

It does not work either.

mfillpot

Read the guide at http://erikberg.com/notes/auth.html , it will show you how to setup ldap and setup both windows and linux based clients to authenticate to ldap.

lancebermudez

I looked at http://erikberg.com/notes/pgina.html for how to set up windows

used
https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html#openldap-server-acl
to set up tls and ssl

Not working

lance@Therese:/var/log/samba$ sudo gedit /etc/default/slapd
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:///192.168.2.7:636 ldapi:///"

I have tried ports 389 and 636 also have tried on ports. it will not work

I get the error wrong passwd and user name

lance@Therese:/var/log/samba$ ldapsearch -xLLL -b "dc=lbermudez,dc=net" uid=leanne
dn: uid=leanne,ou=Users,dc=lbermudez,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: leanne
sn: leanne
givenName: leanne
uid: leanne
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/leanne
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: leanne
sambaSID: S-1-5-21-309243541-3266719748-2493639525-3004
sambaPrimaryGroupSID: S-1-5-21-309243541-3266719748-2493639525-513
sambaLogonScript: allusers.bat
sambaProfilePath: "."
sambaHomePath: "."
sambaHomeDrive: ".":
sambaLMPassword: 83BBB23C5A82EEA27A1555FFAFE3FA0A
sambaAcctFlags:
sambaNTPassword: B329C5D4F278EC8752336F65E99F6DE0
sambaPwdLastSet: 1308897542
sambaPwdMustChange: 1312785542
shadowLastChange: 15149
shadowMax: 45

lancebermudez

lance@Therese:/var/log$ sudo /etc/init.d/slapd status
* slapd is running

I followed the http://tuxnetworks.blogspot.com/2010...cid-short.html
guid so if it said to intall I installed it. and it said to install
sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools ldap-auth-client

I installed them when the guid told me to install them. any idea as to why this is being a pain? I don't get why they are not talking to one another. I have the firewall turned off tell i can get this working I have attached the slapd log from from the
cat syslog | grep slapd > /tmp/slapd-log.txt
command [file name=slapd_log.zip size=4057]http://www.linux.com/media/kunena/attachments/legacy/files/slapd_log.zip[/file]

lancebermudez

found this at https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html is this what I need for apparmor to work right?

The AppArmor profile for slapd will need to be adjusted for the accesslog database location. Edit /etc/apparmor.d/usr.sbin.slapd adding:

/var/lib/ldap/accesslog/ r,
/var/lib/ldap/accesslog/** rwk,

Then create the directory, reload the apparmor profile, and copy the DB_CONFIG file:

sudo -u openldap mkdir /var/lib/ldap/accesslog
sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/
sudo /etc/init.d/apparmor reload

bdb(dc=nodomain): PANIC: fatal region error detected; run recovery
So how do I run recovery?

lancebermudez

I was looking around and found this I have it in a pic for you. Is the pic what the log is talking about

Jul 1 20:24:24 Therese slapd[10953]: bdb(dc=nodomain): PANIC: fatal region error detected; run recovery

so how do i fix the error. I need a step by step for dummies.

lancebermudez

4th pic try

marc

lancebermudez wrote:

4th pic try

I don't have a solution for you but... you do know you can "edit" your posts, right?

Anyway... Ldap is usually picky about DNS, maybe what's wrong is in there...

Regards