This is a multi-part message in MIME format.
--------------060300060303060303060607
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Sorry Matt, I've got it going now - at least to the point of getting the
smbldap-populate to work. The next issue is smbpasswd -a root. It's not
working. Also, I've installed phpldapadmin and can't get it to connect
either. The issue now seems to be a TLS connection between Samba and
LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
For example, both phpldapadmin and lsmbldap-usermod -J Administrator
complain about TLS connections to the LDAP server.

I've been looking at the idealx.org instructions for TLS with LDAP but
still not getting it working.


-----------------------------------------------------------------------

Further to the above:
Trying to get TLS working is a pain. I've also had only slightly better
luck with trying to not use it. When I don't use it, I can get
ldapsearch to return a result. However, Samba doesn't seem to want to
talk to it. When I try to get TLS running, I get TLS errors everywhere.


Right now I've got it configured, I believe, to not use TLS. When I run
smbpasswd, I get:

semper:/etc/smbldap-tools# smbpasswd -a root
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!

I've attached my various .conf files again. Sorry to be such a pain, but
I am not having any luck by myself.

--------------060300060303060303060607
Content-Type: text/plain;
name="samba-access.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="samba-access.conf"

access to attrs=userPassword,sambaNTPassword,sambaLMPassword ,sambaPwdLastSet,sambaPWDMustChange
by dn="cn=admin,dc=rahim-dale,dc=org" write
by anonymous auth
by self write
by * none

access to attrs=loginShell
by dn="cn=admin,dc=rahim-dale,dc=org" write
by * none

access to attrs=description,telephoneNumber,roomNumber,homeP hone,gecos,cn,sn,givenname
by dn="cn=admin,dc=rahim-dale,dc=org" write
by self write
by * read


--------------060300060303060303060607
Content-Type: text/plain;
name="slapd.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="slapd.conf"

# Allow LDAPv2 binds
# allow bind_v2

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

################################################## #####################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile /var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel 0

# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb

TLSCACertificateFile /etc/ldap/ssl/ldap-server.pem
TLSCertificateFile /etc/ldap/ssl/ldap-server.pem
TLSCertificateKeyFile /etc/ldap/ssl/ldap-server.pem

################################################## #####################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30

################################################## #####################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend

################################################## #####################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb

# The base of your directory in database #1
suffix "dc=rahim-dale,dc=org"

rootdn "cn=admin,dc=rahim-dale,dc=org"
rootpw {MD5}hdduy/+JqjCnJjCWiKOGBQ==

# Where the database file are physically stored for database #1
directory "/var/lib/ldap"

# Indexing options for database #1
index objectClass,uidNumber,gidNumber eq
index cn,sn,uid,displayName pres,eq,sub
index memberUid,mail,givenname eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# default index
index default eq

# Save the time that the entry gets modified, for database #1
lastmod on

# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=rahim-dale,dc=org" write
by anonymous auth
by self write
by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=rahim-dale,dc=org" write
by * read
# samba access list
include /etc/ldap/samba-access.conf

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=rahim-dale,dc=org" write
# by dnattr=owner write

################################################## #####################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database

# The base of your directory for database #2
#suffix "dc=debian,dc=org"

--------------060300060303060303060607
Content-Type: text/plain;
name="smb.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="smb.conf"

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/03/26 11:21:22

# Global parameters
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
enable privileges = Yes
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m
delete user script = /usr/sbin/smbldap-userdel
add group script = /usr/sbin/smbldap-groupadd -p
delete group script = /usr/sbin/smbldap-groupdel
add user to group script = /usr/sbin/smbldap-groupmod -m
delete user from group script = /usr/sbin/smbldap-groupmod -x
set primary group script = /usr/sbin/smbldap-usermod -g
add machine script = /usr/sbin/smbldap-useradd -w
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = uid=admin,cn=admin,ou=Users,dc=rahim-dale,dc=org
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=rahim-dale,dc=org
# ldap ssl = start tls
ldap ssl = no
ldap user suffix = ou=Users
admin users = garydale, root
printer admin = "@Print Operators"
create mask = 0640
directory mask = 0750
hosts allow = 192.168.2.
nt acl support = No
printing = cups
print command =
lpq command = %p
lprm command =
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No

[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
browseable = No

[profiles]
path = /home/samba/profiles
valid users = %U, "Domain Admins"
force user = %U
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
profile acls = Yes
browseable = No
csc policy = disable

[printers]
comment = Network Printers
path = /home/spool/
guest ok = Yes
printable = Yes
browseable = No

[print$]
path = /home/printers
valid users = "@Print Operators"
write list = "@Print Operators"
create mask = 0664
directory mask = 0775

[public]
comment = Repertoire public
path = /home/public
read only = No
create mask = 0664
directory mask = 0775
guest ok = Yes

[archives]
path = /home/shares/archives
write list = +Users, +users
read only = No
create mask = 0770
directory mask = 0770

[communications]
path = /home/shares/communications
read only = No
create mask = 0770
directory mask = 0770

[dosstuff]
path = /home/shares/dosstuff
read only = No
create mask = 0770
directory mask = 0770

[games]
path = /home/shares/games
read only = No
create mask = 0770
directory mask = 0770

[graphics]
path = /home/shares/graphics
read only = No
create mask = 0770
directory mask = 0770

[hardware]
path = /home/shares/hardware
read only = No
create mask = 0770
directory mask = 0770

[install]
path = /home/shares/install
read only = No
create mask = 0770
directory mask = 0770

[office]
path = /home/shares/office
read only = No
create mask = 0770
directory mask = 0770

[tools]
path = /home/shares/tools
read only = No
create mask = 0770
directory mask = 0770

[utility]
path = /home/shares/utility
read only = No
create mask = 0770
directory mask = 0770

[media$]
path = /home/secure/media
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770

[webpages$]
path = /home/secure/webpages
valid users = garydale
read only = No
create mask = 0770
directory mask = 0770

[aleysha]
path = /home/aleysha

[shafeena]
path = /home/shafeena

[garydale]
path = /backup/home/samba/profiles/garydale

--------------060300060303060303060607
Content-Type: text/plain;
name="smbldap.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="smbldap.conf"

# $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
# $Id: smbldap.conf,v 1.17 2005/01/29 15:00:54 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools

# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.

# Purpose :
# . be the configuration file for all smbldap-tools scripts

################################################## ############################
#
# General Configuration
#
################################################## ############################

# Put your own SID
# to obtain this number do: net getlocalsid
SID="S-1-5-21-2876377172-3325382575-3296313911"

################################################## ############################
#
# LDAP Configuration
#
################################################## ############################

# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)

# Ex: slaveLDAP=127.0.0.1
slaveLDAP="127.0.0.1"
slavePort="389"

# Master LDAP : needed for write operations
# Ex: masterLDAP=127.0.0.1
masterLDAP="127.0.0.1"
masterPort="389"

# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
ldapTLS="0"

# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="optional"

# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/smbldap-tools/ca.pem"

# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/smbldap-tools/smbldap-tools.pem"

# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/smbldap-tools/smbldap-tools.key"

# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=rahim-dale,dc=org"

# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
usersdn="ou=Users,${suffix}"

# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=Computers,${suffix}"

# Where are stored Groups
# Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
groupsdn="ou=Groups,${suffix}"

# Where are stored Idmap entries (used if samba is a domain member server)
# Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
idmapdn="ou=Idmap,${suffix}"

# Where to store next uidNumber and gidNumber available
sambaUnixIdPooldn="sambaDomainName=rahim-dale,${suffix}"

# Default scope Used
scope="sub"

# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="MD5"

# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="$1$%.8s"

################################################## ############################
#
# Unix Accounts Configuration
#
################################################## ############################

# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/nologin"

# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"

# Gecos
userGecos="System User"

# Default User (POSIX and Samba) GID
defaultUserGid="513"

# Default Computer (Samba) GID
defaultComputerGid="515"

# Skel dir
skeletonDir="/etc/skel"

# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="99"

################################################## ############################
#
# SAMBA Configuration
#
################################################## ############################

# The UNC path to home drives location (%U username substitution)
# Ex: \\My-PDC-netbios-name\homes\%U
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
userSmbHome="\\semper\homes\%U"

# The UNC path to profiles locations (%U username substitution)
# Ex: \\My-PDC-netbios-name\profiles\%U
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
userProfile="\\semper\profiles\%U"

# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: H: for H:
userHomeDrive="M:"

# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: %U.cmd
# userScript="startup.cmd" # make sure script file is edited under dos
userScript="%U.cmd"

# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
mailDomain="rogers.com"

################################################## ############################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
################################################## ############################

# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

--------------060300060303060303060607
Content-Type: text/plain;
name="smbldap_bind.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="smbldap_bind.conf"

############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN="cn=admin,dc=rahim-family,dc=org"
slavePw=""
masterDN="cn=admin,dc=rahim-dale,dc=org"
masterPw=""


--------------060300060303060303060607
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--------------060300060303060303060607--