Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 60

Thread: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI – Problem

  1. #21
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by RickG View Post
    my question is, did I miss some step that gets these things done automatically when you create a user in the Zimbra Interface? Or is this a configuration error with my Samba -> LDAP set up. Possibly the encryption mechanism its using when it makes the "sambaNTPassword" key.
    make sure you fill in all the requried values in the last two steps of the New Account wizard. These are for Posix/Samba accounts.
    Also, what is the field "memberUid" suppose to be set to when adding a PosixGroup in the Admin Interface, I couldn't find mention of it in the Guide, other than making an index for it. Currently it is blank in my Posix Group.
    This field can be left blank. It isa multi-valued attribute that contains uids of the group members.
    One other note that may be important...
    When installing either libnss_ldap or libpam_ldap (i forget which one) it asks for a few configuration options that the guide did not mention, such as what type of encryption to use for the passwords. the default was "crypt" but there was a few other settings, one of which had to do with openldap. Could someone please advise me on which one those i should be using..

    Thank you all for any help, been a bit frustrated trying to solve these last couple issues I have been having.

    -Rick
    Which distributions of libnss_ldap and libpam_ldap you are using? I may need to update the HOWTo.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  2. #22
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Default

    Quote Originally Posted by Greg View Post
    make sure you fill in all the requried values in the last two steps of the New Account wizard. These are for Posix/Samba accounts.
    I entered all fields marked with an "*", there were a bunch of checkboxes on the Samba Tab, for which I only selected "normal user". I did not fill in the last four fields ( sambaLogonScript, sambaProfilePath, sambaHomeDrive, sambaHomePath). Are those required, even though they are not marked as such?

    Quote Originally Posted by Greg View Post
    This field can be left blank. It isa multi-valued attribute that contains uids of the group members.
    Thanks

    Quote Originally Posted by Greg View Post
    Which distributions of libnss_ldap and libpam_ldap you are using? I may need to update the HOWTo.
    Ubuntu 6.10 Server
    kernel = 2.6.17-11-server
    libnss-ldap = 251-5.2
    libpam-ldap = 180-1ubuntu0.6.10


    Also, even though authentication seems to be working fine, running "getent passwd" lists all my accounts from etc/passwd and LDAP, when the machine starts up, there is a long pause, 8-10 minutes, before I get a login prompt. I have read that someone else had a similar issue when using LDAP authentication on Ubunut 6.10. Has anyone solved this issue? I tried the solution posted by the person who said the issue was Ubuntu trying to look up a group that was set in a config file, but did not exist. Group nvram

    Edit: I have read some articles that that talk about the slow boot issues with Ubuntu 6.10 when using libnss-ldap. Seems that using a newer version of libnss-ldap is suppose to fix the issue, but as a quick solution, changing the bind_policy to soft in /etc/libnss-ldap.conf seems to have fixed my 20 minute boot times. I still have the open issue about new users not being able to authenticate with Samba however.


    thanks for any help, btw, seems like someone deleted my earlier response to these questions.

    -Rick
    Last edited by RickG; 07-02-2007 at 06:44 PM. Reason: Post got moderated. Restored original.

  3. #23
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Hello Rick,
    Now that I use Ubuntu 6.10, I'm facing the exact problem as yours.
    My questions:
    1. So. The smbclient: /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2: no version information available (required by /usr/lib/libldap_r.so.2)
    is ok?

    2. So, the solution for any windowsxp that want to join our samba pdc is to manually run: smbpasswd -a user?

    Thanks

  4. #24
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Code:
    Jul  5 03:39:24 ubuntu07 smbd[7241]: [2007/07/05 03:39:24, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:39:24 ubuntu07 smbd[7241]:   init_sam_from_ldap: Entry found for user: adminsmb 
    Jul  5 03:39:24 ubuntu07 smbd[7241]: [2007/07/05 03:39:24, 1] auth/auth_util.c:make_server_info_sam(876) 
    Jul  5 03:39:24 ubuntu07 smbd[7241]:   User adminsmb in passdb, but getpwnam() fails! 
    Jul  5 03:39:24 ubuntu07 smbd[7241]: [2007/07/05 03:39:24, 0] auth/auth_sam.c:check_sam_security(331) 
    Jul  5 03:39:24 ubuntu07 smbd[7241]:   check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' 
    Jul  5 03:39:24 ubuntu07 smbd[7241]: [2007/07/05 03:39:24, 2] auth/auth.c:check_ntlm_password(317) 
    Jul  5 03:39:24 ubuntu07 smbd[7241]:   check_ntlm_password:  Authentication for user [adminsmb] -> [adminsmb] FAILED with error NT_STATUS_NO_SUCH_USER
    helllppp

  5. #25
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Ugh!!
    I still cannot join windowsxp using adminsmb, but if I use root I CAN

    Have I done wrong?

    Code:
    Jul  5 03:52:12 ubuntu07 smbd[8881]: [2007/07/05 03:52:12, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670) 
    Jul  5 03:52:12 ubuntu07 smbd[8881]:   Returning domain sid for domain TERRAN.COM -> S-1-5-21-2309048104-1125823035-1205900859 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   init_ldap_from_sam: Setting entry for user: acer-centrino$ 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(2142) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   ldapsam_add_sam_account: added: uid == acer-centrino$ in the LDAP database 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   init_sam_from_ldap: Entry found for user: acer-centrino$ 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   init_sam_from_ldap: Entry found for user: acer-centrino$ 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   init_sam_from_ldap: Entry found for user: acer-centrino$ 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   init_ldap_from_sam: Setting entry for user: acer-centrino$ 
    Jul  5 03:52:13 ubuntu07 smbd[8881]: [2007/07/05 03:52:13, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1880) 
    Jul  5 03:52:13 ubuntu07 smbd[8881]:   ldapsam_update_sam_account: successfully modified uid = acer-centrino$ in the LDAP database 
    Jul  5 03:52:16 ubuntu07 smbd[8881]: [2007/07/05 03:52:16, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:52:16 ubuntu07 smbd[8881]:   init_sam_from_ldap: Entry found for user: acer-centrino$ 
    Jul  5 03:52:42 ubuntu07 smbd[8881]: [2007/07/05 03:52:42, 2] smbd/server.c:exit_server(614) 
    Jul  5 03:52:42 ubuntu07 smbd[8881]:   Closing connections 
    Jul  5 03:53:15 ubuntu07 smbd[9059]: [2007/07/05 03:53:15, 2] smbd/sesssetup.c:setup_new_vc_session(772) 
    Jul  5 03:53:15 ubuntu07 smbd[9059]:   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. 
    Jul  5 03:53:15 ubuntu07 smbd[9059]: [2007/07/05 03:53:15, 2] smbd/sesssetup.c:setup_new_vc_session(772) 
    Jul  5 03:53:15 ubuntu07 smbd[9059]:   setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. 
    Jul  5 03:53:15 ubuntu07 smbd[9059]: [2007/07/05 03:53:15, 2] lib/smbldap.c:smbldap_open_connection(722) 
    Jul  5 03:53:15 ubuntu07 smbd[9059]:   smbldap_open_connection: connection opened 
    Jul  5 03:53:15 ubuntu07 smbd[9059]: [2007/07/05 03:53:15, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640) 
    Jul  5 03:53:15 ubuntu07 smbd[9059]:   init_sam_from_ldap: Entry found for user: acer-centrino$ 
    Jul  5 03:53:25 ubuntu07 smbd[9059]: [2007/07/05 03:53:25, 2] smbd/server.c:exit_server(614) 
    Jul  5 03:53:25 ubuntu07 smbd[9059]:   Closing connections

  6. #26
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Default

    Quote Originally Posted by fajarpri View Post
    Hello Rick,
    Now that I use Ubuntu 6.10, I'm facing the exact problem as yours.
    My questions:
    1. So. The smbclient: /opt/zimbra/cyrus-sasl/lib/libsasl2.so.2: no version information available (required by /usr/lib/libldap_r.so.2)
    is ok?

    2. So, the solution for any windowsxp that want to join our samba pdc is to manually run: smbpasswd -a user?

    Thanks
    1. the solution for the "no version information available.." was fixed by an earlier post about manually setting LD_LIBRARY_PATH=/usr/lib which fixes a search path issue.

    2. after restarting a few times and fixing my slow boot issue , the last user i made seemed to have samba working correctly.

    What did you use for the libnss-ldap encryption type. I think i tried chaning it after i was having troubles. I believe i have it set to "crypt" right now. I'll have to verify.

    -Rick

  7. #27
    Join Date
    Jul 2007
    Location
    The Netherlands
    Posts
    2
    Rep Power
    8

    Default

    Hi,

    I've followed the instructions from "UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI". Everything as described in steps 1-4 show up nicely, my Samba domain is recognized in the Zimbra Admin, I can do getent group and passwd and get the right response.

    However when I want to create a new user all the right dialog boxes pop up including posix and samba with the correct data regarding domain etc ... but when I click on Finish I get the following error:

    Message: createAccount invalid attr value: [LDAP: error code 21 - objectClass: value #4 invalid per syntax]
    Error code: account.INVALID_ATTR_VALUE
    Method: ZmCsfeCommand.prototype.invoke
    Details:soap:Sender

    I'm stumped, could anybody point me in the right direction on how to resolve this problem?

    Regards,

    Meint

  8. #28
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Quote Originally Posted by fajarpri View Post
    Ugh!!
    I still cannot join windowsxp using adminsmb, but if I use root I CAN
    Have I done wrong?
    Hi,
    i was able to join a freshly created domain using root, i think that *root* is pdc'Administrator using old style NT-PDC gergous; AFAIK, there can be only one Administrator in a NT4 domain, isn't it?
    regarding your problem, i was faced with it yesterday and i found i had missed to create:
    /etc/ldap.secret
    file, i created it and i restarted samba.
    I use ldapsearch as zimbra account (su - zimbra) to verify what was in place in ldap db and i used pdbedit to verify sam account.
    Some days ago, i was faced with your same issue (only smbpasswd -a can add samba password), i realized i missed to execute:
    >zmprov mcf +zimbraAccountExtraObjectClass posixAccount
    >zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount

    i was not able to fix that and i reinstalled everything
    pay attention to what u have in smb.conf regarding
    add user script
    add machine script
    i installed onto centos5 and what greg has reported is ok for ubuntu, not for redhat like distros

  9. #29
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    8

    Default

    Hello,
    Nice to hear your success
    How far have you been with this zimbra PDC?
    I think I got it working, but, I'm still testing the case where a user belongs to more than one posix group. It seems that zimbra has the menu already.

  10. #30
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Quote Originally Posted by fajarpri View Post
    Hello,
    Nice to hear your success
    How far have you been with this zimbra PDC?
    I think I got it working, but, I'm still testing the case where a user belongs to more than one posix group. It seems that zimbra has the menu already.
    1 - How far? few hours..
    2 - How did u fix the issue: manually run: smbpasswd -a user
    3 - how do u assign an account to multiple posix group?
    4 - which menu has zimbra alreday??
    TIA
    Last edited by maumar; 08-23-2007 at 07:32 AM.

Similar Threads

  1. Zimbra, Samba, Unix SSO
    By drock in forum Administrators
    Replies: 4
    Last Post: 04-30-2007, 12:45 PM
  2. Replies: 1
    Last Post: 02-23-2007, 02:24 PM
  3. Zimbra v/s Windows Server 2003
    By ewakim in forum Administrators
    Replies: 4
    Last Post: 02-23-2007, 09:05 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •