Welcome to the Linux Foundation Forum!

ubuntu 1104 ldap + samba domain controler


I followed this guid at


I have samba and ldap working so how do i add windows 7 to the samba domain controler? He has a guid on how to add the other linux boxes to the pdc put not windows as far as i can tell that is. I looked at


put do not know where to use

sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d

I have admin but no sysadmin on my linux box. Could I just use a admin user say JohnDoe to add windows to the domain? Do I use this command on linux box or the windows? I get an error when i try it on linux. also what is this for

net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege \

SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege

It does not work either.


  • mfillpot
    mfillpot Posts: 2,177
    Read the guide at http://erikberg.com/notes/auth.html , it will show you how to setup ldap and setup both windows and linux based clients to authenticate to ldap.
  • lancebermudez
    I looked at http://erikberg.com/notes/pgina.html for how to set up windows

    to set up tls and ssl

    Not working

    lance@Therese:/var/log/samba$ sudo gedit /etc/default/slapd
    SLAPD_SERVICES="ldap:// ldaps:/// ldapi:///"

    I have tried ports 389 and 636 also have tried on ports. it will not work

    I get the error wrong passwd and user name

    lance@Therese:/var/log/samba$ ldapsearch -xLLL -b "dc=lbermudez,dc=net" uid=leanne
    dn: uid=leanne,ou=Users,dc=lbermudez,dc=net
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: sambaSamAccount
    cn: leanne
    sn: leanne
    givenName: leanne
    uid: leanne
    uidNumber: 1002
    gidNumber: 513
    homeDirectory: /home/leanne
    loginShell: /bin/bash
    gecos: System User
    sambaLogonTime: 0
    sambaLogoffTime: 2147483647
    sambaKickoffTime: 2147483647
    sambaPwdCanChange: 0
    displayName: leanne
    sambaSID: S-1-5-21-309243541-3266719748-2493639525-3004
    sambaPrimaryGroupSID: S-1-5-21-309243541-3266719748-2493639525-513
    sambaLogonScript: allusers.bat
    sambaProfilePath: "."
    sambaHomePath: "."
    sambaHomeDrive: ".":
    sambaLMPassword: 83BBB23C5A82EEA27A1555FFAFE3FA0A
    sambaNTPassword: B329C5D4F278EC8752336F65E99F6DE0
    sambaPwdLastSet: 1308897542
    sambaPwdMustChange: 1312785542
    shadowLastChange: 15149
    shadowMax: 45 pgina.png
  • lancebermudez
    lance@Therese:/var/log$ sudo /etc/init.d/slapd status
    * slapd is running

    I followed the http://tuxnetworks.blogspot.com/2010...cid-short.html
    guid so if it said to intall I installed it. and it said to install
    sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools ldap-auth-client

    I installed them when the guid told me to install them. any idea as to why this is being a pain? I don't get why they are not talking to one another. I have the firewall turned off tell i can get this working I have attached the slapd log from from the
    cat syslog | grep slapd > /tmp/slapd-log.txt
    command [file name=slapd_log.zip size=4057]http://www.linux.com/media/kunena/attachments/legacy/files/slapd_log.zip[/file]
  • lancebermudez
    found this at https://help.ubuntu.com/11.04/serverguide/C/openldap-server.html is this what I need for apparmor to work right?

    The AppArmor profile for slapd will need to be adjusted for the accesslog database location. Edit /etc/apparmor.d/usr.sbin.slapd adding:

    /var/lib/ldap/accesslog/ r,
    /var/lib/ldap/accesslog/** rwk,

    Then create the directory, reload the apparmor profile, and copy the DB_CONFIG file:

    sudo -u openldap mkdir /var/lib/ldap/accesslog
    sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/
    sudo /etc/init.d/apparmor reload

    bdb(dc=nodomain): PANIC: fatal region error detected; run recovery
    So how do I run recovery?
  • lancebermudez
    I was looking around and found this I have it in a pic for you. Is the pic what the log is talking about

    Jul 1 20:24:24 Therese slapd[10953]: bdb(dc=nodomain): PANIC: fatal region error detected; run recovery

    so how do i fix the error. I need a step by step for dummies.
  • lancebermudez
    4th pic try phpldapadmin4.png
  • marc
    marc Posts: 647
    lancebermudez wrote:
    4th pic try phpldapadmin4.png

    I don't have a solution for you but... you do know you can "edit" your posts, right? ;)

    Anyway... Ldap is usually picky about DNS, maybe what's wrong is in there...



Upcoming Training