+ Frequently Asked Questions +

X-Git-Url: http://git.maemo.org/git/?p=samba;a=blobdiff_plain;f=examples%2FLDAP%2Fsmbldap-tools-0.9.1%2Fdoc%2Fhtml%2Fsmbldap-tools007.html;fp=examples%2FLDAP%2Fsmbldap-tools-0.9.1%2Fdoc%2Fhtml%2Fsmbldap-tools007.html;h=6a7a1ac25d1bd490c9df87f728e72f259ba174cc;hp=0000000000000000000000000000000000000000;hb=6bca4ca307d55b6dc888e56cee47aebcddbce786;hpb=7fd70fa738b636089bcc6c961aa3eaa02f20dda2 diff --git a/examples/LDAP/smbldap-tools-0.9.1/doc/html/smbldap-tools007.html b/examples/LDAP/smbldap-tools-0.9.1/doc/html/smbldap-tools007.html new file mode 100644 index 0000000..6a7a1ac --- /dev/null +++ b/examples/LDAP/smbldap-tools-0.9.1/doc/html/smbldap-tools007.html @@ -0,0 +1,251 @@ + + + + + + + + Frequently Asked Questions + + + +

+ +

6 Frequently Asked Questions

+ + +

6.1 How can i use old released uidNumber and gidNumber ?

+There are two way to do this : +

+modify the cn=NextFreeUnixId,dc=idealx,dc=org and + change the uidNumber and/or gidNumber value. This + must be done manually. For example, if you want to use all available + uidNumber and gidNumber higher then 1500, you need to create a + update-NextFreeUnixId.ldif file containing : +
```
dn: cn=NextFreeUnixId,dc=idealx,dc=org
+changetype: modify
+uidNumber: 1500
+gidNumber: 1500
+
```
+and then update the directory : +
```
+ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif
+
```
use the -u or -g option to the script you need to set the value you + want to use +

+ +

6.2 I always have this error: "Can't locate IO/Socket/SSL.pm"

+This happens when you want to use a certificate. In this case, you need to install the +IO-Socket-SSL Perl module.
+
+ +

6.3 I can't initialize the directory with `smbldap-populate`

+When I want to initialize the directory using the smbldap-populate +script, I get +

+[root@slave sbin]# smbldap-populate.pl
+  Using builtin directory structure
+  adding new entry: dc=IDEALX,dc=COM
+  Can't call method "code" without a package or object reference at
+  /usr/local/sbin/smbldap-populate.pl line 270, <GEN1> line 2.
+

Answer: check the TLS configuration +

+if you don't want to use TLS support, set the /etc/opt/IDEALX/smbldap-tools/smbldap.conf file +with +
```
+ldapSSL="0"
+
```
if you want TLS support, set the /etc/opt/IDEALX/smbldap-tools/smbldap.conf file with +
```
+ldapSSL="1"
+
```
and check that the directory server is configured to accept TLS connections. +

+ +

6.4 I can't join the domain with the `root` account

+check that the root account has the sambaSamAccount objectclass +
check that the directive add machine script is present and configured +

+ +

6.5 I have the `sambaSamAccount` but i can't logged in

+Check that the sambaPwdLastSet attribute is not null (equal to 0)
+
+ +

6.6 I want to create machine account on the fly, but it does + not works or I must do it twice

+The script defined with the add machine script must not add +the sambaSAMAccount objectclass of the machine account. The +script must only add the Posix machine account. Samba will add the sambaSAMAccount when +joining the domain. +
Check that the add machine script is present in samba + configuration file. +

+ +

6.7 I can't manage the Oracle Internet Database

+If you have an error message like : +

+Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 187.
+Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 627.
+

For Oracle Database, all attributes that will be resquested to the directory must be indexed. Add a +new index for samba attributes and make sure that the following attributes are also indexed : + uidNumber, gidNumber, memberUid, homedirectory, description, userPassword ...
+
+ +

6.8 The directive `passwd program = /usr/local/sbin/smbldap-passwd -u %u` is not +called, or i got a error message when changing the password from windows

+The directive is called if you also set unix password sync = Yes. +Notes: +

+if you use OpenLDAP, none of those two options are needed. You just need ldap +passwd sync = Yes. +
the script called here must only update the userPassword attribute. This is the +reason of the -u option. Samba passwords will be updated by samba itself. +
the passwd chat directive must match what is prompted when using the +smbldap-passwd command +

+ +

6.9 New computers account can't be set in ou=computers

+This is a known samba bug. There's a workarround: look at +http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2
+
+ +

6.10 I can join the domain, but i can't log on

+look at section 6.9
+
+ +

6.11 I can't create a user with `smbldap-useradd`

+When creating a new user account I get the following error message: +

+/usr/local/sbin/smbldap-useradd.pl: unknown group SID not set for unix group 513
+

Answer: +

+is nss_ldap correctly configured ? +

is the default group's users mapped to the 'Domain Users' NT group ? +

+net groupmap add rid=513 unixgroup="Domain Users" ntgroup="Domain Users"
+

+ +

6.12 smbldap-useradd: Can't call method "get_value" on an undefined value at +/usr/local/sbin/smbldap-useradd line 154

+does the default group defined in smbldap.conf exist + (defaultUserGid="513") ? +
does the NT "Domain Users" group mapped to a unix + group of rid 513 (see option -r of smbldap-groupadd and + smbldap-groupmod to set a rid) ? +

+ +

6.13 Typical errors on creating a new user or a new group

+i've got the following error: +
```
+Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 909
+
```
1. + you do not have created the object to defined the next uidNumber and gidNumber available. +
  - + for version 0.8.7 : you can just run the smbldap-populate script that will + update the sambaDomain entry to store those informations +
  - for version before 0.8.7 : + You have updated the smbldap-tools to version 0.8.5 or newer. + You have to do this manually. Create an file called add.ldif and containing +
```
+dn: cn=NextFreeUnixId,dc=idealx,dc=org
+objectClass: inetOrgPerson
+objectClass: sambaUnixIdPool
+uidNumber: 1000
+gidNumber: 1000
+cn: NextFreeUnixId
+sn: NextFreeUnixId
+
```
    and then add the object with the ldapadd utility: +
```
+$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
+
```
    Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is + already used by a user or a group, the first available after 1000 will be used). +
  +
  +
2. The error also appear when there is a need for TLS (ldapTLS=1 in smbldap.conf) and +something is wrong with certificate naming or path settings. +
+
+
i've got the following error: +
```
+Use of uninitialized value in string at
+/usr/local/sbin//smbldap\_tools.pm line 914.
+Error: No DN specified at /usr/local/sbin//smbldap\_tools.pm line 919
+
```
You have not updated the configuration file to defined the object where are sotred the next +uidNumber and gidNumber available. In our example, you have to add a nex entry in +/etc/opt/IDEALX/smbldap-tools/smbldap.conf containing : +
```
+# Where to store next uidNumber and gidNumber available
+sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
+
```
btw, a new option is now available too: the domain to append to users. You can add to the +configuration file the following lines: +
```
+# Domain appended to the users "mail"-attribute
+# when smbldap-useradd -M is used mailDomain="idealx.com"
+
```
+
+

i've got the following error: +

+Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-useradd line 183.
+Use of uninitialized value in substitution (s///) at /usr/local/sbin/smbldap-useradd line 185.
+Use of uninitialized value in string at /usr/local/sbin/smbldap-useradd line 264.
+failed to add entry: homedirectory: value #0 invalid per syntax at /usr/local/sbin/smbldap-useradd line 280.
+userHomeDirectory=User "jto" already member of the group "513".
+failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 382.
+

you have to change the variable name userHomePrefix to userHome in +/etc/opt/IDEALX/smbldap-tools/smbldap.conf
+
+

i've got the following error: +
```
+failed to add entry: referral missing at /usr/local/sbin/smbldap-useradd line 279, <DATA> line 283.
+
```
you have to update the configuration file that defined users, groups and computers dn. Those +parameters must not be relative to the suffix parameter. A typical +configuration look like this : +
```
+usersdn="ou=Users,${suffix}"
+computersdn="ou=Computers,${suffix}"
+groupsdn="ou=Groups,${suffix}"
+
```
+
+
i've got the following error: +
```
+erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad protocol 'tcp')
+at /usr/local/sbin//smbldap_tools.pm line 153.
+
```
remove ldap from /etc/nsswitch.conf for services list of possible check. For +example, if your ldap directory is not configured to give services information, you must have +
```
+services    files
+
```
and not +
```
+services:   ldap [NOTFOUND=return] files
+
```