Results 1 to 2 of 2

Thread: ZCS 5.0.2 on centOS 5

  1. #1
    mugo is offline Member
    Join Date
    Jul 2008
    Posts
    12
    Rep Power
    6

    Default ZCS 5.0.2 on centOS 5

    Hi all,
    Kindly excuse my long post.
    Been doing a server installation with Samba as a primary PDC that uses an LDAP backend on CentOS 5. I have used 2 guides:-
    Zimbra Collaboration Suite Open Source Edition On CentOS | HowtoForge - Linux Howtos and Tutorials
    for installing Zimbra + OpenLDAP and
    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki
    to extend the functionalities of Zimbra.
    Greg's guide in the wiki is great and most of the things actualy do work. However it is done on ubuntu so I tried to follow it as much as I could.. Could not find a better guide on RHEL/CentOS/Fedora for the same.
    The thing is that I cannot be able to get Samba and LDAP to talk as they should and now Im really stuck.
    Below are my dumps for /etc/samba/smb.conf, ldap.conf (copied its contents to /etc/openldap/ldap.conf too), and smbldap.conf.

    smb.conf
    **********
    [global]
    workgroup = MYDOMAIN
    netbios name = MYDOMAIN
    server string = mydomain_office
    passdb backend = ldapsam:ldap://server.example.org
    passwd program = /usr/local/sbin/smbldap-passwd %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
    username map = /etc/samba/smbusers
    log file = /var/log/samba/%m.log
    max log size = 100
    add user script = /usr/local/sbin/smbldap-useradd "%u" -n -g users
    delete user script = /usr/local/sbin/smbldap-userdel "%u"
    add group script = /usr/local/sbin/smbldap-groupadd "%g"
    delete group script = /usr/local/sbin/smbldap-groupdel "%g"
    add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /usr/local/sbin/smbldap-userdel "%u" "%g"
    set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /usr/local/sbin/smbldap-useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
    logon script = %m.bat
    logon path = \\server.example.org\%U\profile
    domain logons = Yes
    os level = 33
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=config
    ldap delete dn = Yes
    ldap group suffix = ou=groups
    ldap machine suffix = ou=machines
    ldap passwd sync = Yes
    ldap suffix = dc=example,dc=org
    ldap user suffix = ou=people
    idmap uid = 1000-19999
    idmap gid = 1000-19999
    [homes]
    comment = Home Directories
    valid users = DOMAIN\%S
    read only = No
    browseable = No
    [printers]
    comment = All Printers
    path = /var/spool/samba
    printable = Yes
    browseable = No
    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = Yes
    share modes = No

    /etc/ldap.conf
    **********************
    host server.example.org
    base dc=example,dc=org
    binddn cn=config
    bindpw 1w2345FJ
    rootbinddn cn=zimbra,dc=example,dc=org

    timelimit 120
    bind_timelimit 120
    bind_policy soft
    idle_timelimit 3600

    nss_base_passwd ou=people,dc=example,dc=org?one
    nss_base_shadow ou=people,dc=example,dc=org?one

    nss_base_group ou=groups,dc=example,dc=org?one
    nss_base_hosts ou=machines,dc=example,dc=org?one

    nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat, radiusd,news,mailman

    uri ldap://server.example.org
    ssl no
    tls_cacertdir /etc/openldap/cacerts
    pam_password md5

    smbldap.conf
    ************
    sambaDomain="MYDOMAIN"
    slaveLDAP="127.0.0.1"
    slavePort="389"
    masterLDAP="127.0.0.1"
    masterPort="389"
    ldapTLS="0"
    suffix="dc=example,dc=org"
    usersdn="ou=people,${suffix}"
    computersdn="ou=machines,${suffix}"
    groupsdn="ou=groups,${suffix}"
    sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
    scope="one"
    hash_encrypt="SSHA"
    crypt_salt_format="%s"
    userLoginShell="/bin/bash"
    userHome="/home/%U"
    userHomeDirectoryMode="700"
    userGecos="System User"
    defaultUserGid="513"
    defaultComputerGid="515"
    skeletonDir="/etc/skel"
    defaultMaxPasswordAge="45"
    userSmbHome=""
    userProfile=""
    userScript="logon.bat"
    mailDomain="example.org"
    with_smbpasswd="0"
    with_slappasswd="0"

    smbldap.conf
    ************
    sambaDomain="MYDOMAIN"
    slaveLDAP="127.0.0.1"
    slavePort="389"
    masterLDAP="127.0.0.1"
    masterPort="389"
    ldapTLS="0"
    suffix="dc=example,dc=org"
    usersdn="ou=people,${suffix}"
    computersdn="ou=machines,${suffix}"
    groupsdn="ou=groups,${suffix}"
    sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
    scope="one"
    hash_encrypt="SSHA"
    crypt_salt_format="%s"
    userLoginShell="/bin/bash"
    userHome="/home/%U"
    userHomeDirectoryMode="700"
    userGecos="System User"
    defaultUserGid="513"
    defaultComputerGid="515"
    skeletonDir="/etc/skel"
    defaultMaxPasswordAge="45"
    userSmbHome=""
    userProfile=""
    userScript="logon.bat"
    mailDomain="example.org"
    with_smbpasswd="0"
    with_slappasswd="0"

    smbldapbind.conf
    ****************
    slaveDN="cn=config,dc=example,dc=org"
    slavePw="1w2345FJ"
    masterDN="cn=config,dc=example,dc=org"
    masterPw="1w2345FJ"

    The strange thing is that I can join a computer to the Domain, but only using the Samba+samba_root_passwd. I can even see the computer entry in the LDAP database when I run ldapsearch.
    However, I cannot or log in to the domain with credentials in LDAP. Also I cannot add machines to domain using privileged accounts stored in LDAP.
    Strangely though, Samba commands
    getent group
    and
    getent passwd
    work just fine (obtain info in ldap) when Im user zimbra, but not as root (yes user root); running these as root returns only system records in /etc/passwd & /smbpasswd.
    I think that I have done everything correctly including running the command
    smbpasswd -w 1w2345FJ
    for samba to connect to LDAP and putting the same password in smbldap_bind.conf defined for "cn=config"
    My diagnosis so far is that there is something not working in smbldap-tools
    Please advice, will appreciate.

  2. #2
    cuongjr Guest

    Default

    I faced with the same problem, ldap user show up when i use command getent passwd but I can't login to Samba server with ldap users.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  2. Replies: 41
    Last Post: 10-29-2007, 02:36 PM
  3. Replies: 2
    Last Post: 09-28-2006, 08:30 AM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM
  5. Zimbra startup hangs after install CentOS 4.2
    By eger in forum Installation
    Replies: 4
    Last Post: 02-10-2006, 11:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •