- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11)...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2013 03:32 AM
11-25-2013 03:32 AM
Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11) with OpenVMS LDAP Server configuration ?
Using the documentation "HP OpenVMS CIFS Version 1.2Administrator's Guide" the first inconsistency I came accross was 5.4.1 Global LDAP parameters. The following listed parameters 'ldap port' and 'ldap server' are not supported by SAMBA as testparm reveals.
Chapter 13 SMB.CONF parameters does not refer to these parameter either.
Using the following LDAP paramters:
passdb backend = ldapsam:ldap://16.185.64.38
ldap debug level = 1
ldap timeout = 30
ldap suffix = dc=compiniagrp
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap admin dn = dc=compiniagrp
and following the instructions in 5.3.2 Configuring directory server I then try to add a user using SMBMANAGE
This fails. Looking at the LDAP directory I can see that a 'sambaDomainName' has been made
dxim> sel /dc=compiniagrp
The number of entries selected is 2.
dxim> sho sel all attr
/dc=compiniagrp
User Password
Object Class = domain
Domain Component = compiniagrp
/dc=compiniagrp/sambaDomainName=COMPINIAGRP
sambaNextRid = 1004
sambaRefuseMachinePwdChange = 0
sambaForceLogoff = -1
sambaLockoutThreshold = 0
sambaLockoutObservationWindow = 30
sambaLockoutDuration = 30
sambaMinPwdAge = 0
sambaMaxPwdAge = -1
sambaLogonToChgPwd = 0
sambaPwdHistoryLength = 0
sambaMinPwdLength = 5
sambaDomainName = COMPINIAGRP
sambaSID = S-1-5-21-898176750-1209851738-1609389779
sambaAlgorithmicRidBase = 1000
Object Class = sambaDomain
sambaNextUserRid = 1000
Looking at the Wireshark Trace one can see that the attempt to add the entry
LDAPMessage addRequest(8) "uid=TEST,ou=People,dc=compiniagrp"
fails with
LDAPMessage addResponse(8) noSuchObject
I assume the failure was due to the fact that the superior entry 'ou=People,dc=compiniagrp' did not exist.
This begs the question, when and how do are these entries made? Does one possibly have to to add these entries (ie. 'ou=People,dc=compiniagrp' manually into the directory?
A step list would be much appreciated.
John
PS. I did not notice that setting
ldap debug level = 1
ldap debug threshold = 5
made any difference to the logging output?
- Tags:
- LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2013 06:27 AM
11-25-2013 06:27 AM
Re: Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11) with OpenVMS LDAP Server configuration ?
One possible solution is to create these entries manually.
I have now tried this and have succeded in mounting my shares and authenticating via LDAP.
There are several methods you can chose to create these entries:
1. OpenVMS
Use dxim CLI
eg.
dxim> create /dc=compiniagrp/OU=People attribute objectclass=(Top,OrganizationalUnit), description="Samba People"
...
continue for the other entries.
2.LDAP Client
I used LDAP Admin (see ldapadmin.org)
I created an LDIF file that had the following definitions:
...
dn: ou=People,dc=compiniagrp
ou: People
objectClass: top
objectClass: organizationalUnit
description: Samba People
dn: ou=Groups,dc=compiniagrp
ou: Groups
objectClass: top
objectClass: organizationalUnit
description: Samba Groups
dn: ou=Computers,dc=compiniagrp
ou: Computers
objectClass: top
objectClass: organizationalUnit
description: Samba Computers
dn: ou=Idmap,dc=compiniagrp
ou: Idmap
objectClass: top
objectClass: organizationalUnit
description: Samba Idmap
...
You then use the IMPORT (from LDIF) function, and assuming you configured your connection properties correctly (authenticated BIND) then the entries will be created.
A subsequent SMBMANAGE (users) then works.
The result you can observe in the ldap directory either using dxim
dxim> sel /dc=compiniagrp
The number of entries selected is 7.
dxim> sho sel
/dc=compiniagrp
/dc=compiniagrp/sambaDomainName=COMPINIAGRP
/dc=compiniagrp/OU=People
/dc=compiniagrp/OU=Groups
/dc=compiniagrp/OU=Computers
/dc=compiniagrp/OU=Idmap
/dc=compiniagrp/OU=People/uid=DITE
dxim> sho /dc=compiniagrp/OU=People/uid=DITE all attr
/dc=compiniagrp/OU=People/uid=DITE
Description = Samba Account
displayName = John DITE
userid = DITE
sambaSID = S-1-5-21-898176750-1209851738-1609389779-1008
sambaLMPassword = 7AAA11F302EEFEB1280A032C414B0AA4
sambaNTPassword = 8965B17CE37FE9FDE0FB83DAC2E40449
sambaPasswordHistory = 0000000000000000000000000000000000000000000000000000000000000000
sambaPwdLastSet = 1385387774
sambaAcctFlags = [U ]
Object Class = sambaSamAccount
= account
or with your favourite LDAP client.
Now back to the question whether these (OU=) entries should have been added automatically or whether the documentation needs to be updated?
John