Ubuntu Server 7.10: OpenLDAP + SAMBA Domain Controller

[GabrielSyme]

Thank you so much, Ricky, for posting this guide. This has helped the non-profit organization I work at save a whole lot of money!

I ran into a problem and after much beating of head against keyboard I have found a solution. The problem: windows 98. In this current set up, Windows 98 will not join the domain. In a previous setup of a samba PDC I had, windows 98 could.

The reason win 98 can't join is that win 98 does not support Windows NT password hashing and samba by default only allows NT password hashing. Or rather, it by default does not allow lanman password hashing, which is what Win 98 needs. I at first thought this would be impossible to make work, but I found that in the LDAP entry for each user there is a field for "sambaLMPassword." This is the password hash that Windows 98 needs and the smbldap-tools keep updated (I think). So all we need to do is tell samba to allow lanman password authentication.

just add this to the global section of smb.conf:

Code:

lanman auth = yes
client lanman auth = yes

I got this code from here.
I am not sure if the second line is needed, but everything is working fine with it...

And Win 98 should log in just fine! Hope this helps some body.
The best solution would be to just can win 98 I think, but this wasn't practical in my situation, and the fix was pretty simple (once I found it).

[ifkm]

Just that I reach the right peoples, I'm having some problems with my server using this tutorial: http://ubuntuforums.org/showthread.php?p=7062018

Kind regards
ifkm

[mummuluri]

Hello,

I configured ubuntu domain controlor and running successfully from three months. but suddenly I am getting below error while starting slapd.


/etc/init.d/slapd start
Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -g openldap -u openldap -f /etc/ldap/slapd.conf

could any suggest me how can i resolve this problem. it is very urgent task to do.


Thanks,
Kiran Mummuluri,
kmummuluri@miraclesoft.com

[vasoq]

I was getting this reply when trying to join to the domain on my winxp machine:

Code:

The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate a domain controller for
domain jajo:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.jajo

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its
child zone:

jajo
. (the root zone)

So I researched and I guess since I'm not using windows dns server which is built to work with AD, things like _ldap._tcp.dc._msdcs.jajo aren't there. I tried adding them to webmin but that didn't work, so I read that enabling WINS can do the trick, so I enabled it in smb.conf and configured windows to use the DC as a WINS server, and it joined. HOWEVER, now when I reboot it tells me I can't log on because the domain is unavailable! I read it could be due to all sorts of things, usually DNS, but also sometimes out of sync clocks or other things. I'm guessing a DNS problem, but I don't know. From my DC, dc.jajo, nslookup seems to work fine:

Code:

Server:		192.168.0.109
Address:	192.168.0.109#53

Name:	dc.jajo
Address: 192.168.0.109

From windows I'm not so sure:

Code:

C:\Documents and Settings\Paige>nslookup dc.jajo
*** Can't find server name for address 192.168.0.109: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  192.168.0.109

Name:    dc.jajo
Address:  192.168.0.109

Configs:

smb.conf: http://pastebin.com/f532856f1
slapd.conf: http://pastebin.com/f7d0d2592
/etc/bind/jajo.hosts: http://pastebin.com/f4bfc7f55
/etc/hosts: http://pastebin.com/fc831db
/etc/resolv.conf: http://pastebin.com/f76320aa3

In windows, I've got the client set up to use the DC as a wins server, dns server, have the default gateway set properly and gave it an IP. I think I've tried using netbios and not using netbios, and it didn't matter.

Anyone have thoughts?

[sulmanminhas]

Hello,

I am trying to configur ubuntu domain controlor but getting error while starting slapd.

sudo /etc/init.d/slapd start

Starting OpenLDAP: slapd - failed.
The operation failed but no output was produced. For hints on what went
wrong please refer to the system's logfiles (e.g. /var/log/syslog) or
try running the daemon in Debug mode like via "slapd -d 16383" (warning:
this will create copious output).

Below, you can find the command line options used by this script to
run slapd. Do not forget to specify those options if you
want to look to debugging output:
slapd -g openldap -u openldap -f /etc/ldap/slapd.conf

then i run the following command..

slapd -d 16383 -u root ldap:///

@(#) $OpenLDAP: slapd 2.4.9 (Aug 5 2008 20:18:55) $
buildd@palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
ldap_pvt_gethostbyname_a: host=ldapserver.company.xy, r=0
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: bind(7) failed errno=13 (Permission denied)
daemon: bind(7) failed errno=13 (Permission denied)
slap_open_listener: failed on ldap:///
slapd stopped.
connections_destroy: nothing to destroy.

Same with ldap user.

Can anyone help me to resolve this issue?

Kind regards,

[ifkm]

Do you know how to migrate the OpenLDAP + SAMBA Domain Controller to a different installation?

At the moment the server is working with ubuntu 08.04 32-bit and I'd like to migrate to 64-bit. But I wonder which data and how to recover that the domain is working like before (no need for joining the windows clients again), and all users available.


Can anyone help me with this - google shows me that it looks like some more people want to save an ldap/samba installation but don't know how, can it be that hard?

Kind regards

ifkm

[trileru808]

Hello. Excellent guide! Works perfect. But I want to use the LDAP directory for Thunderbird and Outlook and have one problem. When searching for users, it only finds something if i search for the username not the full name of the user, or first or last name. if i check the details of an user account I get this:

objectClass top , person , organizationalPerson , inetOrgPerson , posixAccount , shadowAccount , sambaSamAccount , inetLocalMailRecipient
uid bob
uidNumber 30000
gidNumber 513
homeDirectory /var/ldaphome/bob
sambaLogonTime 0
sambaLogoffTime 2147483647
sambaKickoffTime 2147483647
sambaPwdCanChange 0
displayName bob
sambaSID S-1-5-21-2480727314-3593062779-3721234794-61000
sambaPrimaryGroupSID S-1-5-21-2480727314-3593062779-3721234794-513
mailLocalAddress bob
mail bob@mydomain.com
sambaLMPassword 24DE52E3B10D7EC9AAD3B435B51404EE
sambaNTPassword FFC36C6A934E6F97406055EAAFE92393
sambaPwdLastSet 1239623827
sambaPwdMustChange 1243511827
userPassword {SSHA}X1Cc4+hxxswTTquHhwPNbQzd725wMVFj
shadowLastChange 14347
shadowMax 45
sambaAcctFlags [UX ]
gecos Bob Smith,,,,
cn Bob Smith
sn Smith
givenName Bob
loginShell /bin/bash


so if i wanna search for Bob Smith or Smith i don't get any results. Only if i search for "bob". So if someone doesn't know my first name, and wanna search for my last name won't get any results. How can i edit the display name?
Also my second problem is that I cannot browse the whole user database from outlook even if I activated "Enable Browsing" (requires server support) option from outlook 2007. In webmin I get an error when I press "Browse Database" : "The LDAP browser cannot be used : No user to login as was found in the LDAP server configuration"

What shall I do?

Thank you and have a great day!

[manuel78]

Hi everyone...


2) I ran into an error at step 11 "populate LSAP using smbldap-tools"
When i try to run this command

Code:

 smbldap-populate -u 30000 -g 30000

i get this error
[code] Error looking for next uid at /usr/share/perl5/smbldap_tools.pm line 1044


Thanks!

Are you root?
Try sudo...

[jviens]

I've checked for an answer to this problem in as many places as I can think of but still haven't found a solution. I've been trying to get an OpenLDAP/Samba DC set up for my home network using Ubuntu 8.10 and I've run into a problem when trying to populate the LDAP directory. I put in the command:

smbldap-populate -u 30000 -g 30000

and get the following return:

Populating LDAP directory for domain HOMENET
([SID])
(using builtin directory structure)

erreur LDAP: Can't contact master ldap server for writing (IO::Socket::INET:
connect: Connection refused) at /usr/share/perl5/smbldap_tools.pm line 277.

Any help would be greatly appreciated. Let me know if you need more info.

[usererror]

Does anyone know of this guide is still applicable to Server 9.04 or Server 8.04