Ldap + samba 10 x 0 estou jogado a toalha.

[gamaj1]

Amigos decidi apelar para vc´s estou tomando uma surra muito grande para fazer funcionar o Ldap + Samba PDC já tentei no Ubuntu-Server 8.04 TLS, Ubuntu-Server 9.04 e Debian 5 em todos eu morro na praia, quando chega na hora de popular sempre acotece erros por exemplo:

server01:/usr/share/doc/smbldap-tools/examples# smbldap-populate
Populating LDAP directory for domain ccbsist.net (S-1-5-21-15483983-150619718-2040496312)
(using builtin directory structure)
adding new entry: dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 7.
adding new entry: ou=Usuarios,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 12.
adding new entry: ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 17.
adding new entry: ou=Computadores,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 22.
adding new entry: ou=Idmap,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 27.
adding new entry: uid=root,ou=Usuarios,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 58.
adding new entry: uid=nobody,ou=Usuarios,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 89.
adding new entry: cn=Domain Admins,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 101.
adding new entry: cn=Domain Users,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 112.
adding new entry: cn=Domain Guests,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 123.
adding new entry: cn=Domain Computers,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 134.
adding new entry: cn=Administrators,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 179.
adding new entry: cn=Account Operators,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 201.
adding new entry: cn=Print Operators,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 212.
adding new entry: cn=Backup Operators,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 223.
adding new entry: cn=Replicators,ou=Grupos,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 234.
adding new entry: cn=NextFreeUnixId,dc=ccbsist,dc=net
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, <GEN1> line 241.
Please provide a password for the domain root:
No such object at /usr/share/perl5/smbldap_tools.pm line 353.
server01:/usr/share/doc/smbldap-tools/examples#

Já peguei varios tutoriais a respeito e não consigo ganhar do ldap, alguémque tenha conheceimento poderis por favor ajudar-me.

Tutoriais que já tentei usa-los
Samba com LDAP

InstalacaoLdapSamba < GrupoLinux < TWiki

Conto com a colaboração de todos.

Abraço

Valdir
msn [email protected]

[noir]

vamo devagar o erro e pq ele esta exigindo autenticação.

passa pra nos a configuração do slapd.conf e o ldap.conf

outro detalhe vc fez alterações no smbldap.conf ???

[gamaj1]

vamo devagar o erro e pq ele esta exigindo autenticação.

passa pra nos a configuração do slapd.conf e o ldap.conf

outro detalhe vc fez alterações no smbldap.conf ???

blz amigo,comop vc mesmo disse, vamos por parte, segue abaixo as configurações dos arquivos:

/etc/ldap/slapd.conf


# Allow LDAPv2 binds
allow bind_v2

# Schema and objectClass definitions

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
　
# Where the pid file is put. The init.d script
# will not stop the server if you change this.

pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 256

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb

# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
database bdb
suffix "dc=ccbsist,dc=net"

rootdn "cn=admin,dc=ccbsist,dc=net"
rootpw "{SSHA}MhedEvUWLHiBVuC0HakWhN/bDl1P+hSB"

directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

lastmod on

checkpoint 512 30

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=ccbsist,dc=net" write
by anonymous auth
by self write
by * none

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=ccbsist,dc=net" write
by * read


Segue os demais a baixo:

Abraços

[gamaj1]

/etc/ldap/ldap.conf

host 127.0.0.1
# The distinguished name of the search base.
base dc=ccbsist,dc=net
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
ldap_version 3
#binddn cn=proxyuser,dc=padl,dc=com
#bindpw secret
#rootbinddn cn=admin,dc=ccbsist,dc=net
#port 389
#scope sub
#scope one
#scope base
#timelimit 30
#bind_timelimit 30
#bind_policy hard
#idle_timelimit 3600
#pam_filter objectclass=account
#pam_login_attribute uid
#pam_lookup_policy yes
#pam_check_host_attr yes
#pam_check_service_attr yes
#pam_groupdn cn=PAM,ou=Groups,dc=ccbsist,dc=net
#pam_member_attribute uniquemember
#pam_min_uid 0
#pam_max_uid 0
#pam_login_attribute userPrincipalName
#pam_template_login_attribute uid
#pam_template_login nobody
#pam_password clear
#pam_password crypt
#pam_password clear_remove_old
#pam_password nds
#pam_password racf
#pam_password ad
#pam_password exop
#pam_password_prohibit_message Please visit http://internal to change your password.

# nss_base_passwd ou=People,
# to append the default base DN but this

#nss_base_passwd ou=People,dc=ccbsist,dc=net?one
#nss_base_shadow ou=People,dc=ccbsit,dc=net?one
#nss_base_group ou=Group,dc=ccbsit,dc=net?one
#nss_base_hosts ou=Hosts,dc=ccbsist,dc=net?one
#nss_base_services ou=Services,dc=ccbsist,dc=net?one
#nss_base_networks ou=Networks,dc=ccbsist,dc=net?one
#nss_base_protocols ou=Protocols,dc=ccbsist,dc=net?one
#nss_base_rpc ou=Rpc,dc=ccbsist,dc=net?one
#nss_base_ethers ou=Ethers,dc=ccbsist,dc=net?one
#nss_base_netmasks ou=Networks,dc=ccbsist,dc=net?ne
#nss_base_bootparams ou=Ethers,dc=ccbsist,dc=net?one
#nss_base_aliases ou=Aliases,dc=ccbsist,dc=net?one
#nss_base_netgroup ou=Netgroup,dc=ccbsist,dc=net?one
#nss_map_attribute rfc2307attribute mapped_attribute
#nss_map_objectclass rfc2307objectclass mapped_objectclass
#nss_map_attribute uniqueMember member
# Services for UNIX 3.5 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount User
#nss_map_attribute uid msSFU30Name
#nss_map_attribute uniqueMember msSFU30PosixMember
#nss_map_attribute userPassword msSFU30Password
#nss_map_attribute homeDirectory msSFU30HomeDirectory
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_objectclass posixGroup Group
#pam_login_attribute msSFU30Name
#pam_filter objectclass=User
#pam_password ad
# configure --enable-mssfu-schema is no longer supported.
# Services for UNIX 2.0 mappings
#nss_map_objectclass posixAccount User
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid msSFUName
#nss_map_attribute uniqueMember posixMember
#nss_map_attribute userPassword msSFUPassword
#nss_map_attribute homeDirectory msSFUHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup Group
#nss_map_attribute cn msSFUName
#pam_login_attribute msSFUName
#pam_filter objectclass=User
#pam_password ad
# RFC 2307 (AD) mappings
#nss_map_objectclass posixAccount user
#nss_map_objectclass shadowAccount user
#nss_map_attribute uid sAMAccountName
#nss_map_attribute homeDirectory unixHomeDirectory
#nss_map_attribute shadowLastChange pwdLastSet
#nss_map_objectclass posixGroup group
#nss_map_attribute uniqueMember member
#pam_login_attribute sAMAccountName
#pam_filter objectclass=User
#pam_password ad
#nss_map_attribute userPassword authPassword
# AIX SecureWay mappings
#nss_map_objectclass posixAccount aixAccount
#nss_base_passwd ou=aixaccount,?one
#nss_map_attribute uid userName
#nss_map_attribute gidNumber gid
#nss_map_attribute uidNumber uid
#nss_map_attribute userPassword passwordChar
#nss_map_objectclass posixGroup aixAccessGroup
#nss_base_group ou=aixgroup,?one
#nss_map_attribute cn groupName
#nss_map_attribute uniqueMember member
#pam_login_attribute userName
#pam_filter objectclass=aixAccount
#pam_password clear
#ssl on
#sslpath /etc/ssl/certs
#ssl start_tls
#ssl on
#tls_checkpeer yes
#tls_cacertfile /etc/ssl/ca.cert
#tls_cacertdir /etc/ssl/certs
#tls_randfile /var/run/egd-pool
#tls_ciphers TLSv1
#tls_cert
#tls_key
#sasl_secprops maxssf=0
#krb5_ccname FILE:/etc/.ldapcache
#pam_sasl_mech DIGEST-MD5

Segue o ultimo arquivo.

[gamaj1]

/etc/smbldap-tools/smbldap.conf


##############################################################################
#
# General Configuration
#
##############################################################################
SID="S-1-5-21-15483983-150619718-2040496312"
sambaDomain="ccbsist.net"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify=""
cafile=""
clientcert=""
clientkey=""
　
suffix="dc=ccbsist,dc=net"
usersdn="ou=Usuarios,${suffix}"
computersdn="ou=Computadores,${suffix}"
groupsdn="ou=Grupos,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format=""
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
userLoginShell="/bin/bash"
userHome="/home/%U"
userHomeDirectoryMode="700"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="45"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
userSmbHome="\\server01\%U"
userProfile="\\server01\%U"
userHomeDrive="H:"
#userScript="script.bat"
#mailDomain="idealx.com"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
# no_banner="1"

Fim dos arquivos.

[gamaj1]

Fiz alguma alteração e jáaparece a solicitação de autenticação,mas ainda tem erros:

server01:~# /usr/sbin/smbldap-populate
Populating LDAP directory for domain ccbsist.net (S-1-5-21-15483983-150619718-2040496312)
(using builtin directory structure)
entry dc=ccbsist,dc=net already exist.
entry ou=Usuarios,dc=ccbsist,dc=net already exist.
entry ou=Grupos,dc=ccbsist,dc=net already exist.
entry ou=Computadores,dc=ccbsist,dc=net already exist.
entry ou=Idmap,dc=ccbsist,dc=net already exist.
entry uid=root,ou=Usuarios,dc=ccbsist,dc=net already exist.
entry uid=nobody,ou=Usuarios,dc=ccbsist,dc=net already exist.
entry cn=Domain Admins,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Domain Users,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Domain Guests,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Domain Computers,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Administrators,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Account Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Print Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Backup Operators,ou=Grupos,dc=ccbsist,dc=net already exist.
entry cn=Replicators,ou=Grupos,dc=ccbsist,dc=net already exist.
adding new entry: cn=NextFreeUnixId,dc=ccbsist,dc=net
failed to add entry: attribute 'sambaNextRid' not allowed at /usr/sbin/smbldap-populate line 499, <GEN1> line 241.
Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:

o que será agora?

[noir]

kra vamos fazer algumas alterações mais leves. para testarmos no arquivo slapd.conf deixe ele assim:


include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema

argsfile /var/run/slapd/slapd.args

database bdb
suffix "o=ccbsist"
rootdn "cn=admin,o=ccbsist"
rootpw linux (ou outra senha sem criptografar)
directory /var/openldap-data (aqui e o caminho onde vc vai salvar a base eu particularmente uso esse)

index objecClass eq

depois entre no ldap.conf

e deixe ele assim:

HOST 127.0.0.1
BASE o=ccbsist

depois disso vamos criar um arquivo chamado ccbsist.ldif com o seguinte conteudo.

dn: o=ccbsist
o: ccbsist
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

dn: ou=Computadores,o=ccbsist
ou: Computadores
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

dn: ou=Usuarios,o=ccbsist
ou: Usuarios
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist

dn: ou=Grupos,o=ccbsist
ou: Grupos
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

dn: ou=Idmap,o=ccbsist
objectClass: organizationalUnit
objectClass: sambaUnixIdPool
ou: Idmap
uidNumber: 10000
gidNumber: 10000

dn: cn=NextFreeUnixId,ou=Idmap,o=ccbsist
cn: NextFreeUnixId
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1012
gidNumber: 1000
sn: NextFreeUnixId


um detalhe importante respeite os espaços entre cada bloco de texto sem espaço vai dar erro.

se vc seguir o padrao que eu uso vc vai ter q criar a pasta /var/openldap-data e tambem mudar o dono dela com os seguintes comandos.

mkdir /var/openldap-data
chown ldap.ldap /var/openldap-data -R

depois inicialize o ldap podemos ver se ele esta no ar com os seguintes comandos.

ps aux |grep slapd e tambem o netstat -an |grep :389

depois de confirmado vamos importar o arquivo ldif com o comando ldapadd -x -D cn=admin,o=ccbsist -W -f ccbsist.ldif (agora ele vai te pedir a senha que vc configurou no arquivo slapd.conf), se tudo sair certo ele tem q da uma saida assim

adding new entry "o=ccbsist"
adding new entry "ou=Computadores,o=ccbsist"
adding new entry "ou=Usuarios,o=ccbsist"
adding new entry "ou=Grupos,o=ccbsist"

depois da o comando ldapsearch -x e veja a saida completa.

repare q eu nao usei o populate pra mim ele enche de lixo a base prefiro criar tudo na mão para evitar bagunça e lixo desnecessario.

qualquer coisa posta ai abraços !!!!

[gamaj1]

Ola amigão, fiz o que vc me pediou, mas quando tentei levanta o ldap deu erro mais descobrir com o comando:

#slapd -d 16383

Ficou faltado o adcionar a linha abaixo no slapd.conf

backend bdb

Só que quando executo os comandos abaixo nada aparece:

server01:~# ps aux |grep slapd
root 28287 0.0 0.0 3140 756 pts/0 R<+ 12:54 0:00 grep slapd
server01:~#

server01:~# netstat -an |grep :389
server01:~#

Parece que não esta segurando o ldap, mesmo que não apareça erro quando start mas o processo não levanta.

server01:~# /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
server01:~#

EDITADO: Já resolvido a prte de inicialização do ldap, estava faltando alguns paramentros no arquivos sldap.conf tipo:

dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

Prosegui conforme sua dica e veja como ficou:

server01:/etc/ldap# ldapadd -x -D cn=admin,o=ccbsist -W -f ccbsist.ldif
Enter LDAP Password:
adding new entry "o=ccbsist"
adding new entry "ou=Computadores,o=ccbsist"
adding new entry "ou=Usuarios,o=ccbsist"
adding new entry "ou=Grupos,o=ccbsist"
adding new entry "ou=Idmap,o=ccbsist"
adding new entry "cn=NextFreeUnixId,ou=Idmap,o=ccbsis t"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
server01:/etc/ldap#

server01:/etc/ldap# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <o=ccbsist> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ccbsist
dn: o=ccbsist
o: ccbsist
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

# Computadores, ccbsist
dn: ou=Computadores,o=ccbsist
ou: Computadores
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

# Usuarios, ccbsist
dn: ou=Usuarios,o=ccbsist
ou: Usuarios
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist

# Grupos, ccbsist
dn: ou=Grupos,o=ccbsist
ou: Grupos
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: ccbsist.net

# Idmap, ccbsist
dn: ou=Idmap,o=ccbsist
objectClass: organizationalUnit
objectClass: sambaUnixIdPool
ou: Idmap
uidNumber: 10000
gidNumber: 10000

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
server01:/etc/ldap#

Mas só com esse conteudo no /etc/ldap/slapd.conf é suficiente para funciona com o Samba PDC, não terá que implentar mais nada no arquivo /etc/ldap/slapd.conf ?

Como ficaria esta parte:

# Indexing options for database #1
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=ccbsist,dc=net" write
by anonymous auth
by self write
by * none

access to dn.base="" by * read

access to *
by dn="cn=admin,dc=ccbsist,dc=net" write
by * read


Mais um duivida como vou indexar usando o coando abaixo aparece isso, é normal?

server01:/etc/ldap# slapindex -v
WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!
indexing id=00000001
indexing id=00000002
indexing id=00000003
indexing id=00000004
indexing id=00000005
server01:/etc/ldap#

Abraço

[noir]

sim agora a sua base ldap jah esta configurada e funcionando agora vc tem q configurar o samba para acessar o ldap qualquer coisa posta ai que eu te ajudo a resolver os problemas que aparecem.

eu uso o centos 5.4 pra fazer isso no debian ubunto e similares eu nao montei o samba+ldap

[gamaj1]

como eu faço para deletar a base que foi criada eu tente com o comando abaixo, mas não estou conseguindo, pois preciso recriar a base, já que digitei alguma coisas errado.

server01:~# ldapdelete -v -x -D "cn=admin,o=ccbsist" -W -f /etc/ldap/deletado.ldif
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
deleting entry "cn=ccbsist"
ldap_delete: Server is unwilling to perform (53)
additional info: no global superior knowledge
server01:~#

o arquivo delete.ldif tem só uma linha assim:

cn=ccbsist


Mas está dando erro, vc saber como delatar a base?

Outra coisa. visto que vc esta usando nos arquivos do /etc/ldap/slapd.conf

suffix "o=ccbsist"
rootdn "cn=admin,o=ccbsist"

No samba e no /etc/smbldap-tools/smbldap.conf como ficaria os arquivos?

exemplo do samba

passdb backend = ldapsam:ldap://127.0.0.1
ldap passwd sync = yes
ldap delete dn = Yes
# Especifique o seu domínio
ldap admin dn = cn=admin,o=ccbsist
ldap suffix = o=ccbsist
ldap machine suffix = ou=Computadores
ldap user suffix = ou=Usuarios
ldap group suffix = ou=Grupos
ldap idmap suffix = ou=Idmap

Já que todos so arquivos aqui eu tinha deixado conforme abaixo.

dc=ccbsist,dc=net

E vc esta usando desta forma o=ccbsist qual é a diferença?

Amigo vc esta ajudando muito, vc tem msn ou skype?

Abraço

[noir]

e soh entrar onde vc crio a base e deletar ela.

ex: se vc criou em /var/openldap-data

entre na pasta e digite rm -rf * "MAS LEMBRE-SE DENTRO DA PASTA !!!!!"

PARA SABER EM QUAL PASTA VC ESTA UTILIZE O COMANDO PWD.

o comando rm -rf * vai deletar tudo que esta na pasta. para saber o caminho e soh olhar no arquivo slapd.conf abraços !!!!

[gamaj1]

Esta faltando pouco para tudo funcionar, aa não migrei a base do samba pdc do servidor antigo para este novo servidor, então tentei fazer um testep criando um usuario tanto pelo phpldapadmin e pela linha de comando.

Pelo phpldapadmin não está criando o usuario, mas também não informa nenhum erro.
Já pela linha de comado executadno o comando abaixo acontece este erro:

server01:~# smbldap-useradd -g 513 -m -a -P -c "Valdir" jgama

error looking for next uid in cn=NextFreeUnixId,dc=opcaolinux,dc=net:No such object at /usr/share/perl5/smbldap_tools.pm line 1071.

O que falata para resoler esta encrenca, segue abaixo a lista do banco.

server01:/var/log# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=opcaolinux,dc=net> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# opcaolinux.net
dn: dc=opcaolinux,dc=net
dc: opcaolinux
objectClass: top
objectClass: domain
# Computadores, opcaolinux.net
dn: ou=Computadores,dc=opcaolinux,dc=net
ou: Computadores
objectClass: top
objectClass: organizationalUnit
# Usuarios, opcaolinux.net
dn: ou=Usuarios,dc=opcaolinux,dc=net
ou: Usuarios
objectClass: top
objectClass: organizationalUnit
# Grupos, opcaolinux.net
dn: ou=Grupos,dc=opcaolinux,dc=net
ou: Grupos
objectClass: top
objectClass: organizationalUnit
# Idmap, opcaolinux.net
dn: ou=Idmap,dc=opcaolinux,dc=net
objectClass: organizationalUnit
objectClass: sambaUnixIdPool
ou: Idmap
uidNumber: 10000
gidNumber: 10000
# NextFreeUnixId, Idmap, opcaolinux.net
dn: cn=NextFreeUnixId,ou=Idmap,dc=opcaolinux,dc=net
cn: NextFreeUnixId
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1012
gidNumber: 1000
sn: NextFreeUnixId

# OPCAOLINUX, opcaolinux.net
dn: sambaDomainName=OPCAOLINUX,dc=opcaolinux,dc=net
sambaDomainName: OPCAOLINUX
sambaSID: S-1-5-21-1233176227-1070154398-954415409
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
# search result
search: 2
result: 0 Success
# numResponses: 8
# numEntries: 7
server01:/var/log# q!

Abraço

[Não Registrado(s)]

Esta faltando pouco para tudo funcionar, aa não migrei a base do samba pdc do servidor antigo para este novo servidor, então tentei fazer um testep criando um usuario tanto pelo phpldapadmin e pela linha de comando.

Pelo phpldapadmin não está criando o usuario, mas também não informa nenhum erro.
Já pela linha de comado executadno o comando abaixo acontece este erro:

...
...
server01:/var/log# q!

Abraço

Caro Colega ,
qual sistema esta usando ? debian, ubuntu, Centos, recomendo Debian ou Centos.

Debian
Instalando Samba com LDAP - guggo | Google Groups

Centos estou terminado uns aqui, ja algum tempo,, logo posso postar tb.

ate+ e boa sorte

Alex Silva

[noir]

vixi meu rei desculpe pela demora na resposta. pra te ser sincero passei um tempo fora do mundo virtual.

bom vc configurou o samba com o ldap sobre a criação de usuario eu realmente so consigo criar via linha de comando eu costumo usar o ldap account manager por ser simples o processo de mudar de grupo etc...

sobre o erro vc reparou que tem um espaço sinistro ?uid in cn=NextFreeUnixId,dc=opcaolinu x,dc=n
acredito que o erro esteja ai da uma olhada na configuração do seu smbldap-tools.

[edsonrsjr]

Amigo,

Provavelmente não existe nada de errado com sua instalação, tive inúmeros problemas com versões recentes do OpenLDAP e apanhei até encontrar a solução.

Execute o seguinte comando e verifique a saída:

# ps aux | grep slapd

Deverá constar a linha de inicialização do OpenLDAP, observe a sintaxe:
... -F "diretório de configuração" ou
... -f "arquivo de configuração"

acontece que as versões mais recentes do ldap carregam suas bases lendo uma estrutura de diretórios e no meu caso minhas configurações estavam no arquivo slapd.conf. Experimente renomear ou remover o diretório de configuração, reiniciar o serviço do ldap e popular novamente a base.

[netolinux]

Cara tenta colocar a senha do admin do samba no secrets.tdb, ai depois disso vc tenta popular novamente o ldap!!

smbpasswd -w senha

espero ter ajudado!!!