Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: LDAP and Samba

  1. #1
    Join Date
    May 2007
    Posts
    8
    Rep Power
    8

    Default LDAP and Samba

    After viewing all the post that i could find for this problem, i still can't find an explanation of why i can't :

    1 - Get LDAP to read the schema for samba
    2 - Get rid of the "invalid DN" error in Samba's log

    I followed Greg's guide from the wiki for the installation process.

    /opt/zimbra/conf/slapd.conf.in
    Code:
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    #ucdata-path    "/opt/zimbra/openldap/ucdata"
    include         "/opt/zimbra/openldap/etc/openldap/schema/core.schema"
    include         "/opt/zimbra/openldap/etc/openldap/schema/cosine.schema"
    include     "/opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema"
    include         "/opt/zimbra/openldap/etc/openldap/schema/amavisd.schema"
    include         "/opt/zimbra/openldap/etc/openldap/schema/zimbra.schema"
    include         "/opt/zimbra/lib/conf/zimbra-ext.schema"
    include         "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
    include         "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"
    
    [...]
    
    TLSCertificateFile /opt/zimbra/conf/slapd.crt
    TLSCertificateKeyFile /opt/zimbra/conf/slapd.key
    TLSVerifyClient never
    
    #indexes for PAM
    index uidNumber             eq
    index gidNumber             eq
    index memberUID             eq
    
    #indexes for Samba
    index sambaSID              eq
    index sambaPrimaryGroupSID  eq
    index sambaDomainName       eq
    ls -l /opt/zimbra/openldap/etc/openldap/schema/
    Code:
    -rw-r--r-- 1 zimbra zimbra  32161 2007-04-18 18:39 amavisd.schema
    -r--r--r-- 1 zimbra zimbra   8231 2007-03-12 14:37 corba.schema
    -r--r--r-- 1 zimbra zimbra  20591 2007-03-12 14:37 core.ldif
    -r--r--r-- 1 zimbra zimbra  19762 2007-03-12 14:37 core.schema
    -r--r--r-- 1 zimbra zimbra  74080 2007-03-12 14:37 cosine.schema
    -r--r--r-- 1 zimbra zimbra   1553 2007-03-12 14:37 dyngroup.schema
    -r--r--r-- 1 zimbra zimbra   6360 2007-03-12 14:37 inetorgperson.schema
    -r--r--r-- 1 zimbra zimbra  13984 2007-03-12 14:37 java.schema
    -r--r--r-- 1 zimbra zimbra   2471 2007-03-12 14:37 misc.schema
    -r--r--r-- 1 zimbra zimbra   7723 2007-03-12 14:37 nis.schema
    -r--r--r-- 1 zimbra zimbra   3391 2007-03-12 14:37 openldap.ldif
    -r--r--r-- 1 zimbra zimbra   1601 2007-03-12 14:37 openldap.schema
    -r--r--r-- 1 zimbra zimbra  19689 2007-03-12 14:37 ppolicy.schema
    -r--r--r-- 1 zimbra zimbra   2968 2007-03-12 14:37 README
    -rw-r--r-- 1 zimbra zimbra  19058 2005-12-29 15:45 samba.schema
    -r--r--r-- 1 zimbra zimbra     49 2007-04-18 18:39 zimbra-ext.schema
    -r--r--r-- 1 zimbra zimbra    962 2007-04-18 18:39 zimbra-hsm.schema
    -rw-r--r-- 1 zimbra zimbra 145468 2007-04-18 18:39 zimbra.schema
    For Samba, i use the one shipped with the OS, in my case Ubuntu 6.10. smb.conf is the same as in the wiki with the only difference of the prefix.

    Thanks in advance.

  2. #2
    Join Date
    Feb 2007
    Posts
    18
    Rep Power
    8

    Default

    Did you copy and paste the two lines that include the schema's?
    I noticed that when I did this the characters were not recognized correctly. I had to delete the quotes and re-create them to get it to properly read the file as there.

    include "/opt/zimbra/openldap/etc/openldap/schema/nis.schema"
    include "/opt/zimbra/openldap/etc/openldap/schema/samba.schema"

    There are a lot of little things that can get you stuck in that guide. I learned that I need to read guides slower because he has some stuff that he says really quickly that I passed over that caused me a lot of grief.

  3. #3
    Join Date
    May 2007
    Posts
    8
    Rep Power
    8

    Default

    That actually helped! Thanks!

    Looks like the schema was loaded because now i can see my domain in the administration interface. But i'm still getting these kinds of errors when i'm trying to create a posix group :

    Code:
    [LDAP: error code 65 - object class 'sambaGroupMapping' requires attribute 'sambaSID']
    By my guess, looks like the schema is loaded but the directory wasnt modified according to the schema. If i remember correctly samba was supposed to make the entries into the directory, after restarting the service, no luck and no word about it in the logs.

  4. #4
    Join Date
    May 2007
    Posts
    8
    Rep Power
    8

    Default

    Bump for luck, still havent figured why its still isnt working.

  5. #5
    Join Date
    Feb 2007
    Posts
    18
    Rep Power
    8

    Default

    Were you installing this on a live server with data?

    If not I would start over.

    Although one thing you could try is to remove all servers and groups from samba and postix because it sounds like samba was able to communicate with your server enough to enter it's information into it's LDAP but not enough to...well....work since the schema wasn't loaded correctly.

    This is all a guess however.

    I had to go through the guide 3 times to get it to work, but in the end it certainly did work.

    Good luck

  6. #6
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by numkem View Post
    Bump for luck, still havent figured why its still isnt working.
    Looks like the samba zimlet isn't working or you forgot to fill in the fields on the Samba tab
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  7. #7
    Join Date
    May 2007
    Posts
    8
    Rep Power
    8

    Default

    I tried filling the fields by hand for before i managed to get Samba to read the schema file. I filled the domain name in lowercase the first time, than when the Samba read the file, it put another domain with the same domain name but this time in full uppercase.

  8. #8
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by numkem View Post
    I tried filling the fields by hand for before i managed to get Samba to read the schema file. I filled the domain name in lowercase the first time, than when the Samba read the file, it put another domain with the same domain name but this time in full uppercase.
    What you need for this feature to work is to fill the sambaSID field. When you have a sambaDomain record in your LDAP, the extension will find this record and show it in the drop down lists of domains. If this is not happening, then, most likely, the extension cannot find the sambaDomain record. Do any samba domains show up in Samba Domains list (this is different from Domains list)?
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  9. #9
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by penguinknight View Post
    There are a lot of little things that can get you stuck in that guide. I learned that I need to read guides slower because he has some stuff that he says really quickly that I passed over that caused me a lot of grief.
    LOL, although the guide is long, I tried to make it as short as possible. Hence, every step in the guide is important.
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  10. #10
    Join Date
    Mar 2007
    Posts
    44
    Rep Power
    8

    Default

    FYI This is one of the reasons I gave up on the Samba/Posix zimlets. The Samba SID wouldn't show up for Samba Domains drop down list for the user accounts (new or old) and it wasn't an editable field. My SambaDomain and SID was listed under the Admin extension, just couldn't do it for the user.

    The other issue was the fact that the required settings for Samba accounts in Zimbra aren't actually required settings for Samba (Profile paths). It would make more sense to follow the Must and May listings in the Samba.schema file for what is a required attribute and what isn't in order to make it more usable in future revisions. I still think the concept of having Samba in Zimbra is great as a whole, and this was certainly an excellent first release.

Similar Threads

  1. Zimbra + Samba LDAP, cannot add winxp
    By fajarpri in forum Installation
    Replies: 4
    Last Post: 07-08-2007, 11:45 AM
  2. Zimbra + Samba LDAP auth problems
    By fajarpri in forum Installation
    Replies: 3
    Last Post: 07-04-2007, 11:39 PM
  3. Zimbra, Samba, LDAP, Replication, need advice
    By ajayrockrock in forum Administrators
    Replies: 0
    Last Post: 06-20-2007, 01:33 PM
  4. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 02:17 PM
  5. Replies: 4
    Last Post: 11-15-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •