Viewing file:  smbldap-tools007.html (11.67 KB) -rw-r--r--
Select action/file-type:
 (+) | (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
Frequently Asked Questions
6 Frequently Asked Questions
6.1 How can i use old released uidNumber and gidNumber ?
There are two way to do this :
-
modify the cn=NextFreeUnixId,dc=idealx,dc=org and
change the uidNumber and/or gidNumber value. This
must be done manually. For example, if you want to use all available
uidNumber and gidNumber higher then 1500, you need to create a
update-NextFreeUnixId.ldif file containing :
dn: cn=NextFreeUnixId,dc=idealx,dc=org
changetype: modify
uidNumber: 1500
gidNumber: 1500
and then update the directory :
ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif
- use the -u or -g option to the script you need to set the value you
want to use
6.2 I always have this error: "Can't locate IO/Socket/SSL.pm"
This happens when you want to use a certificate. In this case, you need to install the
IO-Socket-SSL Perl module.
6.3 I can't initialize the directory with smbldap-populate
When I want to initialize the directory using the smbldap-populate
script, I get
[root@slave sbin]# smbldap-populate.pl
Using builtin directory structure
adding new entry: dc=IDEALX,dc=COM
Can't call method "code" without a package or object reference at
/usr/local/sbin/smbldap-populate.pl line 270, <GEN1> line 2.
Answer: check the TLS configuration
-
if you don't want to use TLS support, set the /etc/opt/IDEALX/smbldap-tools/smbldap.conf file
with
ldapSSL="0"
- if you want TLS support, set the /etc/opt/IDEALX/smbldap-tools/smbldap.conf file with
ldapSSL="1"
and check that the directory server is configured to accept TLS connections.
6.4 I can't join the domain with the root account
-
check that the root account has the sambaSamAccount objectclass
- check that the directive add machine script is present and configured
6.5 I have the sambaSamAccount but i can't logged in
Check that the sambaPwdLastSet attribute is not null (equal to 0)
6.6 I want to create machine account on the fly, but it does
not works or I must do it twice
-
The script defined with the add machine script must not add
the sambaSAMAccount objectclass of the machine account. The
script must only add the Posix machine account. Samba will add the sambaSAMAccount when
joining the domain.
- Check that the add machine script is present in samba
configuration file.
6.7 I can't manage the Oracle Internet Database
If you have an error message like :
Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 187.
Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 627.
For Oracle Database, all attributes that will be resquested to the directory must be indexed. Add a
new index for samba attributes and make sure that the following attributes are also indexed :
uidNumber, gidNumber, memberUid, homedirectory, description, userPassword ...
6.8 The directive passwd program = /usr/local/sbin/smbldap-passwd -u %u is not
called, or i got a error message when changing the password from windows
The directive is called if you also set unix password sync = Yes.
Notes:
-
if you use OpenLDAP, none of those two options are needed. You just need ldap
passwd sync = Yes.
- the script called here must only update the userPassword attribute. This is the
reason of the -u option. Samba passwords will be updated by samba itself.
- the passwd chat directive must match what is prompted when using the
smbldap-passwd command
6.9 New computers account can't be set in ou=computers
This is a known samba bug. There's a workarround: look at
http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2
6.10 I can join the domain, but i can't log on
look at section 6.9
6.11 I can't create a user with smbldap-useradd
When creating a new user account I get the following error message:
/usr/local/sbin/smbldap-useradd.pl: unknown group SID not set for unix group 513
Answer:
6.12 smbldap-useradd: Can't call method "get_value" on an undefined value at
/usr/local/sbin/smbldap-useradd line 154
-
does the default group defined in smbldap.conf exist
(defaultUserGid="513") ?
- does the NT "Domain Users" group mapped to a unix
group of rid 513 (see option -r of smbldap-groupadd and
smbldap-groupmod to set a rid) ?
6.13 Typical errors on creating a new user or a new group
-
i've got the following error:
Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 909
-
you do not have created the object to defined the next uidNumber and gidNumber available.
-
for version 0.8.7 : you can just run the smbldap-populate script that will
update the sambaDomain entry to store those informations
- for version before 0.8.7 :
You have updated the smbldap-tools to version 0.8.5 or newer.
You have to do this manually. Create an file called add.ldif and containing
dn: cn=NextFreeUnixId,dc=idealx,dc=org
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
and then add the object with the ldapadd utility:
$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is
already used by a user or a group, the first available after 1000 will be used).
- The error also appear when there is a need for TLS (ldapTLS=1 in smbldap.conf) and
something is wrong with certificate naming or path settings.
- i've got the following error:
Use of uninitialized value in string at
/usr/local/sbin//smbldap\_tools.pm line 914.
Error: No DN specified at /usr/local/sbin//smbldap\_tools.pm line 919
You have not updated the configuration file to defined the object where are sotred the next
uidNumber and gidNumber available. In our example, you have to add a nex entry in
/etc/opt/IDEALX/smbldap-tools/smbldap.conf containing :
# Where to store next uidNumber and gidNumber available
sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
btw, a new option is now available too: the domain to append to users. You can add to the
configuration file the following lines:
# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used mailDomain="idealx.com"
- i've got the following error:
Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-useradd line 183.
Use of uninitialized value in substitution (s///) at /usr/local/sbin/smbldap-useradd line 185.
Use of uninitialized value in string at /usr/local/sbin/smbldap-useradd line 264.
failed to add entry: homedirectory: value #0 invalid per syntax at /usr/local/sbin/smbldap-useradd line 280.
userHomeDirectory=User "jto" already member of the group "513".
failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 382.
you have to change the variable name userHomePrefix to userHome in
/etc/opt/IDEALX/smbldap-tools/smbldap.conf
- i've got the following error:
failed to add entry: referral missing at /usr/local/sbin/smbldap-useradd line 279, <DATA> line 283.
you have to update the configuration file that defined users, groups and computers dn. Those
parameters must not be relative to the suffix parameter. A typical
configuration look like this :
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
- i've got the following error:
erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad protocol 'tcp')
at /usr/local/sbin//smbldap_tools.pm line 153.
remove ldap from /etc/nsswitch.conf for services list of possible check. For
example, if your ldap directory is not configured to give services information, you must have
services files
and not
services: ldap [NOTFOUND=return] files
|