Jon, I want to say "THANK YOU" for your patience with me. Last night I was
googling for
anything about my problem and I found this blog
http://jakub.wartak.pl/blog/?p=57
After issuing (twice) the proposed command, I have now finally got my problem
solved.
The command, proposed on the blog was (filled with my values):
ldapclient manual -v \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a proxyDN=cn=admin,dc=domain,dc=com \
-a proxyPassword=my-secret \
-a defaultServerList=127.0.0.1:389 \
-a defaultSearchBase=dc=domain,dc=com \
-a domainName=sf.extrapack.com \
-a followReferrals=false \
-a attributeMap=group:userpassword=userPassword \
-a attributeMap=group:memberuid=memberUid \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gecos=cn \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=homeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:shadowflag=shadowFlag \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=posixGroup \
-a objectClassMap=passwd:posixAccount=posixAccount \
-a objectClassMap=shadow:shadowAccount=shadowAccount \
-a serviceSearchDescriptor=passwd:ou=users,dc=domain,dc=com?sub \
-a serviceSearchDescriptor=group:ou=groups,dc=domain,dc=com?sub
After the 1st run, it shows this:
Handling manual option
Proxy DN: cn=admin,dc=domain,dc=com
Proxy password: {NS1}89eb3b864345f0
Credential level: 1
Authentication method: 1
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=-1
file_backup: No /etc/defaultdomain file.
file_backup: nis domain is " "
file_backup: stat(/var/yp/binding/ )=-1
file_backup: No /var/yp/binding/ directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname sf.extrapack.com... success
start: sleep 100000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
After the 2nd run it shows this:
Handling manual option
Proxy DN: cn=admin,dc=domain,dc=com
Proxy password: {NS1}89eb3b864345f0
Credential level: 1
Authentication method: 1
Shadow Update is not enabled, no adminDN/adminPassword is required.
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: system/filesystem/autofs:default... success
Stopping ldap
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
nis(yp) not running
Removing existing restore directory
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: nis domain is "sf.extrapack.com"
file_backup: stat(/var/yp/binding/sf.extrapack.com)=-1
file_backup: No /var/yp/binding/sf.extrapack.com directory.
file_backup: stat(/var/ldap/ldap_client_file)=0
file_backup: (/var/ldap/ldap_client_file -> /var/ldap/restore/ldap_client_file)
file_backup: (/var/ldap/ldap_client_cred -> /var/ldap/restore/ldap_client_cred)
Starting network services
start: /usr/bin/domainname sf.extrapack.com... success
start: sleep 100000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
The obvious difference is
ldap not running
vs
Stopping ldap
stop: sleep 100000 microseconds
stop: network/ldap/client:default... success
which pointed me to edit the NWAM Automatic profile.
There are also differences in /var/ldap/ldap_client_cred and ldap_client_file.
Before:
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com
NS_LDAP_BINDPASSWD= my-secret
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 127.0.0.1
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_CACHETTL= 0
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd: ou=users,dc=domain,dc=com?sub
NS_LDAP_SERVICE_SEARCH_DESC= group: ou=groups,dc=domain,dc=com?sub
NS_LDAP_SERVICE_SEARCH_DESC= shadow: ou=users,dc=domain,dc=com?sub
After:
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=admin,dc=domain,dc=com
NS_LDAP_BINDPASSWD= {NS1}89eb3b864345f0
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 127.0.0.1:389
NS_LDAP_SEARCH_BASEDN= dc=domain,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=users,dc=domain,dc=com?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=groups,dc=domain,dc=com?sub
NS_LDAP_ATTRIBUTEMAP= shadow:userpassword=userPassword
NS_LDAP_ATTRIBUTEMAP= shadow:shadowflag=shadowFlag
NS_LDAP_ATTRIBUTEMAP= passwd:loginshell=loginShell
NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=homeDirectory
NS_LDAP_ATTRIBUTEMAP= passwd:uidnumber=uidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gidnumber=gidNumber
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
NS_LDAP_ATTRIBUTEMAP= group:gidnumber=gidNumber
NS_LDAP_ATTRIBUTEMAP= group:memberuid=memberUid
NS_LDAP_ATTRIBUTEMAP= group:userpassword=userPassword
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=shadowAccount
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=posixAccount
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=posixGroup
===============================================================================
Finally I have a working
root@arhiv:/var/samba/log# getent passwd administration
administration:x:104:101:administration:/tmp:
The rest is just tweaking some values in LDAP to make SAMBA happy :)
Problem is solved !
On Wed, 07 Mar 2012 12:14:07 +0200, Jonathan Adams <[email protected]>
wrote:
you still have "ldap" in your /etc/nsswitch.conf on the passwd and
group lines? (are you using nwam?)
does ldapsearch work without a password now?
do you get anything from:
ldapsearch -b ou=users,dc=domain,dc=com -D cn=admin,dc=domain,dc=com
-w my-secret -s one uid=administration
can you re-paste in your updated ldap_client_file
an example of what looking at my username gives:
t12nslookup@jadlaptop:~$ ldapsearch -s one -b
ou=People,dc=domain,dc=com -D cn=Manager,dc=domain,dc=com -s one -w -
uid=t12nslookup
Enter bind password:
version: 1
dn: uid=t12nslookup,ou=People,dc=domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetLocalMailRecipient
cn: Jonathan Adams
uid: t12nslookup
uidNumber: 64007
gidNumber: 63020
userPassword: {crypt}NPNPNPNPNPNP
givenName: Jonathan
sn: Adams
homeDirectory: /home/t12nslookup
o: My Company Ltd
l: Manchester
mail: [email protected]
postalCode: M16 9FE
registeredAddress: My Company Address
shadowFlag: 0
shadowLastChange: 11835
sambaNTPassword: 34DFBB34763428723487F71CF1806DC7
sambaSID: S-1-5-21-2469953014-4172709918-2210631845-1814
sambaPrimaryGroupSID: S-1-5-21-2469953014-4172709918-2210631845-513
sambaHomePath: \\SERVER\t12nslookup
sambaHomeDrive: M:
sambaProfilePath: \\SERVER\profiles\t12nslookup
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 1088504232
sambaPwdMustChange: 2147483647
mobile: 07918740616
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
loginShell: /bin/bash
sambaPwdLastSet: 1305107652
mailHost: SERVER
gecos: Jonathan Adams
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
