Welcome to the Linux Foundation Forum!

ubuntu 1104 ldap + samba domain controler

I followed this guid at

http://tuxnetworks.blogspot.com/2010/07/howto-samba-ldap-on-1004-lucid-short.html

I have samba and ldap working so how do i add windows 7 to the samba domain controler? He has a guid on how to add the other linux boxes to the pdc put not windows as far as i can tell that is. I looked at

https://help.ubuntu.com/10.04/serverguide/C/samba-dc.html

put do not know where to use

sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d

I have admin but no sysadmin on my linux box. Could I just use a admin user say JohnDoe to add windows to the domain? Do I use this command on linux box or the windows? I get an error when i try it on linux. also what is this for

net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege \

SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege

It does not work either.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 2,177
    Read the guide at http://erikberg.com/notes/auth.html , it will show you how to setup ldap and setup both windows and linux based clients to authenticate to ldap.
  • I looked at http://erikberg.com/notes/pgina.html for how to set up windows

    used
    https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html#openldap-server-acl
    to set up tls and ssl

    Not working

    lance@Therese:/var/log/samba$ sudo gedit /etc/default/slapd
    SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:///192.168.2.7:636 ldapi:///"

    I have tried ports 389 and 636 also have tried on ports. it will not work

    I get the error wrong passwd and user name

    lance@Therese:/var/log/samba$ ldapsearch -xLLL -b "dc=lbermudez,dc=net" uid=leanne
    dn: uid=leanne,ou=Users,dc=lbermudez,dc=net
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: sambaSamAccount
    cn: leanne
    sn: leanne
    givenName: leanne
    uid: leanne
    uidNumber: 1002
    gidNumber: 513
    homeDirectory: /home/leanne
    loginShell: /bin/bash
    gecos: System User
    sambaLogonTime: 0
    sambaLogoffTime: 2147483647
    sambaKickoffTime: 2147483647
    sambaPwdCanChange: 0
    displayName: leanne
    sambaSID: S-1-5-21-309243541-3266719748-2493639525-3004
    sambaPrimaryGroupSID: S-1-5-21-309243541-3266719748-2493639525-513
    sambaLogonScript: allusers.bat
    sambaProfilePath: "."
    sambaHomePath: "."
    sambaHomeDrive: ".":
    sambaLMPassword: 83BBB23C5A82EEA27A1555FFAFE3FA0A
    sambaAcctFlags:
    sambaNTPassword: B329C5D4F278EC8752336F65E99F6DE0
    sambaPwdLastSet: 1308897542
    sambaPwdMustChange: 1312785542
    shadowLastChange: 15149
    shadowMax: 45 pgina.png
  • lance@Therese:/var/log$ sudo /etc/init.d/slapd status
    * slapd is running

    I followed the http://tuxnetworks.blogspot.com/2010...cid-short.html
    guid so if it said to intall I installed it. and it said to install
    sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools ldap-auth-client

    I installed them when the guid told me to install them. any idea as to why this is being a pain? I don't get why they are not talking to one another. I have the firewall turned off tell i can get this working I have attached the slapd log from from the
    cat syslog | grep slapd > /tmp/slapd-log.txt
    command [file name=slapd_log.zip size=4057]http://www.linux.com/media/kunena/attachments/legacy/files/slapd_log.zip[/file]
  • found this at https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html is this what I need for apparmor to work right?

    The AppArmor profile for slapd will need to be adjusted for the accesslog database location. Edit /etc/apparmor.d/usr.sbin.slapd adding:

    /var/lib/ldap/accesslog/ r,
    /var/lib/ldap/accesslog/** rwk,

    Then create the directory, reload the apparmor profile, and copy the DB_CONFIG file:

    sudo -u openldap mkdir /var/lib/ldap/accesslog
    sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/
    sudo /etc/init.d/apparmor reload

    bdb(dc=nodomain): PANIC: fatal region error detected; run recovery
    So how do I run recovery?
  • I was looking around and found this I have it in a pic for you. Is the pic what the log is talking about

    Jul 1 20:24:24 Therese slapd[10953]: bdb(dc=nodomain): PANIC: fatal region error detected; run recovery

    so how do i fix the error. I need a step by step for dummies.
  • 4th pic try phpldapadmin4.png
  • Posts: 647
    lancebermudez wrote:
    4th pic try phpldapadmin4.png

    I don't have a solution for you but... you do know you can "edit" your posts, right? ;)

    Anyway... Ldap is usually picky about DNS, maybe what's wrong is in there...

    Regards

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training