Page 3 of 10 FirstFirst 12345 ... LastLast
Results 21 to 30 of 94

Thread: Authenticating Windows to openLDAP server on Ubuntu 9.10

  1. #21
    Join Date
    Feb 2008
    Beans
    12

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    I'm getting stuck at the end of LDAP. config file
    any idea's please...



    root@server02:/home/user# slapadd -v -l /etc/ldap/init.ldif
    /etc/ldap/slapd.conf: line 8: unknown directive <################################################# #######################> outside backend info and database definitions.
    slapadd: bad configuration file!

  2. #22
    Join Date
    Nov 2009
    Beans
    44

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Quote Originally Posted by kwadman View Post
    I'm getting stuck at the end of LDAP. config file
    any idea's please...



    root@server02:/home/user# slapadd -v -l /etc/ldap/init.ldif
    /etc/ldap/slapd.conf: line 8: unknown directive <################################################# #######################> outside backend info and database definitions.
    slapadd: bad configuration file!
    If you saw my original post, ignore it! The problem is on line 8 of your slapd.conf file. At the very beginning of the ######## line is a space. Remove that space and save it. (Also I fixed that mistake in the original post!)
    Last edited by abishur; December 11th, 2009 at 02:49 PM.

  3. #23
    Join Date
    Dec 2009
    Beans
    14

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Quote Originally Posted by abishur View Post
    I'm really sorry about this error, the problem lies in the way the forum removes the beginning space from the line. I've made a note about it in the original post so hopefully new people won't hit this problem

    OKAY! I finally figured out how to make the file look the way I want it to on these forums! I am REALLY sorry it took so long. Go back and look at the original post to get the correct formatting to make slapd work (smaba is fine)

    Hey abishur,
    I am still getting that same error, when you have a minute do you mind looking over my slapd.conf? I'm sure I am making some rookie mistake somewhere lol! Thanks again for all your help I really appreciate it!


    # Remember to replace suffix "dc=example,dc=local" with your domain name
    # Change the rootpw entry with the results from slappaswd (Must match the same you pasted on init.ldif)

    # /etc/ldap/slapd.conf
    # This is the main slapd configuration file. See slapd.conf(5) for more
    # info on the configuration options.

    ################################################## ######################

    Global Directives:
    # Features to permit
    #allow bind_v2

    # Schema and objectClass definitions
    include /etc/ldap/schema/core.schema
    include /etc/ldap/schema/cosine.schema
    include /etc/ldap/schema/nis.schema
    include /etc/ldap/schema/inetorgperson.schema
    include /etc/ldap/schema/samba.schema
    include /etc/ldap/schema/misc.schema

    # Where the pid file is put. The init.d script
    # will not stop the server if you change this.
    pidfile /var/run/slapd/slapd.pid

    # List of arguments that were passed to the server
    argsfile /var/run/slapd/slapd.args

    # Read slapd.conf(5) for possible valuesloglevel 0
    # Where the dynamically loaded modules are stored
    modulepath /usr/lib/ldap
    moduleload back_bdb

    # The maximum number of entries that is returned for a search
    operationsizelimit 500

    # The tool-threads parameter sets the actual amount of cpu's that is used
    # for indexing.
    tool-threads 1

    ################################################## #####################
    # Specific Backend Directives for bdb:
    # Backend specific directives apply to this backend until another
    # 'backend' directive occurs
    backend bdb
    #checkpoint 512 30

    ################################################## #####################
    # Specific Backend Directives for 'other':
    # Backend specific directives apply to this backend until another
    # 'backend' directive occurs
    #backend <other>

    ################################################## #####################
    # Specific Directives for database #1, of type bdb:
    # Database specific directives apply to this databasse until another
    # 'database' directive occurs
    database bdb

    # The base of your directory in database #1
    suffix "dc=BEAVER,dc=local"

    # rootdn directive for specifying a superuser on the database. This is needed
    # for syncrepl.
    rootdn "cn=admin,dc=BEAVER,dc=local"
    rootpw {SSHA}8F5/srwaQhHwFlN0+nzfg6kYtCDJy8xo

    # Where the database file are physically stored for database #1
    directory "/var/lib/ldap"

    # For the Debian package we use 2MB as default but be sure to update this
    # value if you have plenty of RAM
    dbconfig set_cachesize 0 2097152 0

    # Sven Hartge reported that he had to set this value incredibly high
    # to get slapd running at all. See http://bugs.debian.org/303057
    # for more information.

    # Number of objects that can be locked at the same time.
    dbconfig set_lk_max_objects 1500
    # Number of locks (both requested and granted)
    dbconfig set_lk_max_locks 1500
    # Number of lockers
    dbconfig set_lk_max_lockers 1500

    # Indexing options for database #1
    #index objectClass eq, pres
    index ou,cn,sn,mail,givenname eq,pres,sub
    index uidNumber,gidNumber,memberUid eq,pres
    index loginShell eq,pres
    index uniqueMember eq,pres
    index uid pres,sub,eq
    index displayName pres,sub,eq
    index sambaSID eq
    index sambaPrimaryGroupSID eq
    index sambaDomainName eq
    index default sub
    #index uid pres,eq,sub

    # Save the time that the entry gets modified, for database #1
    lastmod on

    # Where to store the replica logs for database #1
    # replogfile /var/lib/ldap/replog

    # The userPassword by default can be changed
    # by the entry owning it if they are authenticated.
    # Others should not be able to see it, except the
    # admin entry below
    # These access lines apply to database #1 only
    access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
    by dn="cn=admin,dc=BEAVER,dc=local" write
    by anonymous auth
    by self write
    by * none

    # Ensure read access to the base for things like
    # supportedSASLMechanisms. Without this you may
    # have problems with SASL not knowing what
    # mechanisms are available and the like.
    # Note that this is covered by the 'access to *'
    # ACL below too but if you change that as people
    # are wont to do you'll still need this if you
    # want SASL (and possible other things) to work
    # happily.
    access to dn.base="" by * read

    # The admin dn has full write access, everyone else
    # can read everything.
    access to *
    by dn="cn=admin,dc=BEAVER,dc=local" write
    by * read

    # For Netscape Roaming support, each user gets a roaming
    # profile for which they have write access to
    #access to dn=".*,ou=Roaming,o=morsnet"
    # by dn="cn=admin,dc=BEAVER,dc=ch" write
    # by dnattr=owner write

    ################################################## ####################
    # Specific Directives for database #2, of type 'other' (can be bdb too):
    # Database specific directives apply to this databasse until another
    # 'database' directive occurs
    #database <other>

    # The base of your directory for database #2
    #suffix "dc=debian,dc=org"

  4. #24
    Join Date
    Nov 2009
    Beans
    44

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Hey cbhr4u, the problem is found in these two blocks of code

    Code:
    access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
    by dn="cn=admin,dc=BEAVER,dc=local" write
    by anonymous auth
    by self write
    by * none
    Code:
    access to *
    by dn="cn=admin,dc=BEAVER,dc=local" write 
    by * read
    the lines that say "by" are supposed to have a space in the front of them also it looks like the "sambaNTPassword" has a space between the r and the d. The correct code should look like this:

    Code:
    access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=BEAVER,dc=local" write
        by anonymous auth
        by self write
        by * none
    Code:
    access to *
        by dn="cn=admin,dc=BEAVER,dc=local" write 
        by * read
    Like I was saying, until recently I did not know how to make this forum let me put extra spaces at the beginning of the line, so it was messing up the slapd file. You should be good to go after fixing those two blocks.

  5. #25
    Join Date
    Dec 2009
    Beans
    14

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Quote Originally Posted by abishur View Post
    Hey cbhr4u, the problem is found in these two blocks of code

    Code:
    access to attrs=userPassword,shadowLastChange,sambaNTPasswor d,sambaLMPassword
    by dn="cn=admin,dc=BEAVER,dc=local" write
    by anonymous auth
    by self write
    by * none
    Code:
    access to *
    by dn="cn=admin,dc=BEAVER,dc=local" write 
    by * read
    the lines that say "by" are supposed to have a space in the front of them also it looks like the "sambaNTPassword" has a space between the r and the d. The correct code should look like this:

    Code:
    access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=BEAVER,dc=local" write
        by anonymous auth
        by self write
        by * none
    Code:
    access to *
        by dn="cn=admin,dc=BEAVER,dc=local" write 
        by * read
    Like I was saying, until recently I did not know how to make this forum let me put extra spaces at the beginning of the line, so it was messing up the slapd file. You should be good to go after fixing those two blocks.
    Hey Abishur,
    Thanks again for all your help i made those corrections but no go, I took a screen shot of that code block from my terminal window, when you have a moment will you take a look at it? Thanks again!!
    Attached Images Attached Images

  6. #26
    Join Date
    Nov 2009
    Beans
    44

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    I don't see anything wrong with that block of code... can you post your actual errror message? I know the first time I set up my domain I had a TON of problems. It's easy to miss one part and have the whole fail. It's even easier to look in the wrong place for a solution not realize it's not where you made your mistake. Go ahead and go over the guide from the beginning. It might help to just earse the slapd file and copy and paste the code fresh?

  7. #27
    Join Date
    Dec 2009
    Beans
    14

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Quote Originally Posted by abishur View Post
    I don't see anything wrong with that block of code... can you post your actual errror message? I know the first time I set up my domain I had a TON of problems. It's easy to miss one part and have the whole fail. It's even easier to look in the wrong place for a solution not realize it's not where you made your mistake. Go ahead and go over the guide from the beginning. It might help to just earse the slapd file and copy and paste the code fresh?
    Thanks for taking the time to look at this for me! Here is the actual error message.
    /etc/ldap/slapd.conf: line 10: unknown directive <Global> outside backend info and database definitions.
    slapadd: bad configuration file!

    I have redone it earlier but i will give it another shot. Probably a stupid question but it doesnt matter that i am using vi instead of gedit does it? Thanks again.

  8. #28
    Join Date
    Nov 2009
    Beans
    44

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    hmm... it's trying to say that there is something wrong on line 10 of your slapd.conf file (the line that says Global Directives: ) but I'm just not seeing a problem there. Do you have a space at the beginning of that line (if so delete it). It doesn't matter if you use vi, nano, or gedit. I use gedit because I personally find it easier to work with and catch mistakes. Some people use vi either out of a sense of "Linux Purity" or because the purists tell them to use it Use whatever you're comfortable with using.

    If all else fails start at the beginning and take it slow. I literally do not remember how many times I had to start over from scratch while learning how to do this. Keep it up! Sometimes just having someone to talk about what's going on helps you find the real problem!

  9. #29
    Join Date
    Jul 2009
    Beans
    571
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Hi abishur, I've a question, can Ubuntu pass policies to Windows clients authenticating to Ubuntu? Or what are the benefits of authentication using LDAP over just adding users on the Ubuntu Server? Thanks.
    It's OK, everything we know will become obsolete at some time.

  10. #30
    Join Date
    Nov 2009
    Beans
    44

    Re: Authenticating Windows to openLDAP server on Ubuntu 9.10

    Quote Originally Posted by AlexanderDGreat View Post
    Hi abishur, I've a question, can Ubuntu pass policies to Windows clients authenticating to Ubuntu? Or what are the benefits of authentication using LDAP over just adding users on the Ubuntu Server? Thanks.
    The following is my understanding, but someone with more expertise might now some better answer.


    Can Ubuntu pass Poclies? Well.... yesno from what I've read Samba 4 will actually have built in Windows client authoring (and therefore completely replace the need for this guide) as well as the ability to apply group policies. I've also seen some software that claims to be able to do the job, but it costs money.

    But remember! LDAP is a protocol of authentication. Active Directory and OpenLDAP are merely software that makes use of the LDAP protocol. NEITHER AD or OpenLDAP have the ability to assign group policies. Windows uses a special piece of software that interacts with AD (using the LDAP authentication protocol) to apply group policies.

    Benefits of Authenticating with LDAP? My understanding is that Windows computers cannot authenticate to native Linux accounts. The whole point of using OpenLDAP is to provide a means of windows authentication (well... there are other benefits such as a security flexibility, centralized management, etc.). That said, just because LDAP is the only means I could find for windows authentication, doesn't mean it's the only one out there, and if you're dealing with a pure Linux environment, then using the Linux accounts would work fine for you (of course, since you're looking at this guide I think I can assume that you have windows computers to authenticate )

Page 3 of 10 FirstFirst 12345 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •