Authenticating Windows to openLDAP server on Ubuntu 9.10

[waygooder]

First off, thank you for all of the good info. Ive gotten further into installing openldap using your guide than any other I have tried.

That said I have hit a bump and need a little help.

I have gotten to the point of adding a user. I have been able to figure out my mistakes and get everything working to this point.

but when I try to add user I get this:

$ sudo smbldap-useradd -a -m matthewb -c "Matthew B" matthewb
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 135, <CONFIGFILE> line 23.
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 135, <CONFIGFILE> line 24.
Could not find base dn, to get next uidNumber at /usr/share/perl5/smbldap_tools.pm line 1073, <DATA> line 466.


any ideas, ive spent hours searching for what I have done wrong but have been unsuccessful.

thanks

[waygooder]

Nevermind I found the problem

found some extra code that made its way into the config file, it just took me looking at it 50 times to find it.

it works now

[tombutcher1990]

Hi There,

first off, this is a great guide! really useful, i'm not so great with linux servers but its helped a lot.

only one question, when i try and join the domain with a windows 7 client, i get an "access denied" error, and it says that the join attempt was unsuccessful, this could be down to the computer account already existing or the credentials being incorrect.

i assume the credentials are not incorrect, as i've used my sysadmin account that i created at the start. i did try using the root account as well at one point (i know, i shouldn't!) and i went into my Webmin config and there was 2 computer accounts (i tried changing the computer name to see if this would help at all) and i deleted both of those entries.


Any ideas? cos i've got all windows 7 clients and i need to get them working!!

Thanks in advance

Tom

[cdblindaus]

Received this message when populating samba;

"failed to modify entry: structural object class modification from 'sambaDomain' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-populate line 492, <GEN1> line 235"

not sure what this means can someone help?

[Pablo Alonso]

Hi, I have followed all instructions and I got it working perfect. But as a result of this implementation a new problem arised and I would like to know if someone have faced it and fixed it.

the problem is finally when everything works with ldap and samba you cannot change or set passwords for new normal users in the system.

for example if I run the command: $sudo adduser paul
when time to set password comes I receive the following error msg:

passwd: Authentication token manipulation error
passwd: password unchanged

and if I try to change it manually, I can't and I receive same error!

please help with this one!
all the rest with ldap works fine.

Thank you all.

regards,
Pablo Alonso

[ragnaruss]

Hey guys,

Awesome guide, the best on here for this and everything worked fine so far until i get to the point where I add a new user with:

smbldap-useradd -a -m -M matthewb -c “Matthew B” matthewb

All I get is

/usr/sbin/smbldap-useradd: illegal username

I'm nearly there and would really appreciate the help. I would of looked up any errors i had except i have had any to this point.

FIXED
If i removed:

-c “Matthew B”

It works.

New problem now, I told my xp sp3 machine to join the domain, which it did, then restarted it and tried to log in which it starts to do, but the it just sits at loading your personal setting an doesn't seem to go anywhere. Is there some configuration i've missed out on here?

[Hokorippoi]

When I try to populate I get this:

Code:

adding new entry: dc=school,dc=local
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 499, <DATA> line 466.
adding new entry: ou=Users,dc=school,dc=local
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 499, <GEN1> line 12.
adding new entry: ou=Groups,dc=school,dc=local
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 499, <GEN1> line 17.
adding new entry: ou=Computers,dc=school,dc=local
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 499, <GEN1> line 22.
adding new entry: ou=Idmap,dc=school,dc=local
failed to add entry: no global superior knowledge at /usr/sbin/smbldap-populate line 499, <GEN1> line 27.
adding new entry: uid=root,ou=Users,dc=school,dc=local
failed to add entry: objectClass: value #3 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 55.
adding new entry: uid=nobody,ou=Users,dc=school,dc=local
failed to add entry: objectClass: value #3 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 83.
adding new entry: cn=Domain Admins,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 95.
adding new entry: cn=Domain Users,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 106.
adding new entry: cn=Domain Guests,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 117.
adding new entry: cn=Domain Computers,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 128.
adding new entry: cn=Administrators,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 173.
adding new entry: cn=Account Operators,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 195.
adding new entry: cn=Print Operators,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 206.
adding new entry: cn=Backup Operators,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 217.
adding new entry: cn=Replicators,ou=Groups,dc=school,dc=local
failed to add entry: objectClass: value #1 invalid per syntax at /usr/sbin/smbldap-populate line 499, <GEN1> line 228.
adding new entry: sambaDomainName=school,dc=school,dc=local
failed to add entry: invalid DN at /usr/sbin/smbldap-populate line 499, <GEN1> line 236.

[Rokurosv]

Hi, just wanna say thanks for this tutorial it has been very helpful.
So far I've encountered an error when I try to join a Vista machine to the domain. I get a message saying that it cannot find the domain, let's say example.com

And I get this

Code:

The following error occurred when DNS was queried for the service location
(SRV) resource record used to locate a domain controller for domain
smallbusiness.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.example.com

Common causes of this error include the following:

- The DNS SRV records required to locate a domain controller for the domain
are not registered in DNS. These records are registered with a DNS server
automatically when a domain controller is added to a domain. They are
updated by the domain controller at set intervals. This computer is
configured to use DNS servers with following IP addresses:

dns.server.1(not my actual dns servers)
dns.server.2

- One or more of the following zones do not include delegation to its child
zone:

example.com
com
. (the root zone)

My dns servers resolve the bceslx.com address, I can even ping it succesfully, but for some reason my client looks for _ldap._tcp.dc._msdcs.example.com

Any idea on what should I do, is it a DNS error or something with my LDAP server?

[bepis1337]

Great guide, I failed setting up ldap with the new slapd.d directory structure.
Thanks for sharing it!!!

greetings

[UncleBoxy]

Great step by step guide. I was trying to use Webmin to set up my LDAP server, and I was getting no where. You'd think that there would be an easier way to do all this stuff, but no pain, no gain, right?

I got everything set up and working great. I was able to get my windows 7 machines to join my newly created domain just fine. However, I do get some errors when trying to add domain users to my box (at least I think that's what I'm doing). I hate to sound like a complete n00b here, so I attached the screenshots of what it did right after I joined the domain (before the 1st reboot).

They are, in order of occurrence, DomainUser01.png, DomainUser02.png, DomainUser03.png.

Btw, this didn't prevent me from actually joining the domain. That went fine and I was able to do a domain login after a reboot.

Chris