Operating System - OpenVMS
1748219 Members
4342 Online
108759 Solutions
New Discussion

Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11) with OpenVMS LDAP Server configuration ?

 
john Dite
Frequent Advisor

Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11) with OpenVMS LDAP Server configuration ?

Using the documentation "HP OpenVMS CIFS Version 1.2Administrator's Guide" the first inconsistency I came accross was  5.4.1 Global LDAP parameters. The following listed parameters 'ldap port' and 'ldap server' are not supported by SAMBA as testparm reveals.

Chapter 13 SMB.CONF parameters does not refer to these parameter either.

 

Using the following LDAP paramters:

   passdb backend = ldapsam:ldap://16.185.64.38
   ldap debug level    = 1
   ldap timeout        = 30
   ldap suffix         = dc=compiniagrp
   ldap user suffix    = ou=People
   ldap group suffix   = ou=Groups
   ldap machine suffix = ou=Computers
   ldap idmap suffix   = ou=Idmap
   ldap admin       dn = dc=compiniagrp

 

and following the instructions in 5.3.2 Configuring directory server I then try to add a user using SMBMANAGE

This fails. Looking at the LDAP directory I can see that a 'sambaDomainName' has been made

 

dxim> sel /dc=compiniagrp
The number of entries selected is 2.
dxim> sho sel all attr

    /dc=compiniagrp
      User Password
      Object Class   = domain
      Domain Component = compiniagrp


    /dc=compiniagrp/sambaDomainName=COMPINIAGRP
      sambaNextRid   = 1004
      sambaRefuseMachinePwdChange = 0
      sambaForceLogoff = -1
      sambaLockoutThreshold = 0
      sambaLockoutObservationWindow = 30
      sambaLockoutDuration = 30
      sambaMinPwdAge = 0
      sambaMaxPwdAge = -1
      sambaLogonToChgPwd = 0
      sambaPwdHistoryLength = 0
      sambaMinPwdLength = 5
      sambaDomainName = COMPINIAGRP
      sambaSID       = S-1-5-21-898176750-1209851738-1609389779
      sambaAlgorithmicRidBase = 1000
      Object Class   = sambaDomain
      sambaNextUserRid = 1000

 

Looking at the Wireshark Trace one can see that the attempt to add the entry

LDAPMessage addRequest(8) "uid=TEST,ou=People,dc=compiniagrp"

fails with

LDAPMessage addResponse(8) noSuchObject

I assume the failure was due to the fact that the superior entry 'ou=People,dc=compiniagrp' did not exist.

 

This begs the question, when and how do are these entries made?  Does one possibly have to to add these entries (ie. 'ou=People,dc=compiniagrp' manually into the directory?

 

A step list would be much appreciated.

 

John

 

PS.  I did not notice that setting

   ldap debug level    = 1
   ldap debug threshold = 5

 

made any difference to the logging output?

1 REPLY 1
john Dite
Frequent Advisor

Re: Problems with Samba/CIFS VMS 8.4 (V1.2-010-PS2_11) with OpenVMS LDAP Server configuration ?

One possible solution is to create these entries manually.

 

I have now tried this and have succeded in mounting my shares and authenticating via LDAP.

 

There are several methods you can chose to create these entries:

 

1. OpenVMS

Use dxim CLI 

eg.

dxim> create /dc=compiniagrp/OU=People attribute objectclass=(Top,OrganizationalUnit), description="Samba People"

...

continue for the other entries.

 

2.LDAP Client

I used LDAP Admin (see ldapadmin.org)

I created an LDIF file that had the following definitions:

...

dn: ou=People,dc=compiniagrp
ou: People
objectClass: top
objectClass: organizationalUnit
description: Samba People

dn: ou=Groups,dc=compiniagrp
ou: Groups
objectClass: top
objectClass: organizationalUnit
description: Samba Groups

dn: ou=Computers,dc=compiniagrp
ou: Computers
objectClass: top
objectClass: organizationalUnit
description: Samba Computers

dn: ou=Idmap,dc=compiniagrp
ou: Idmap
objectClass: top
objectClass: organizationalUnit
description: Samba Idmap

...

 

You then use the IMPORT (from LDIF) function, and assuming you configured your connection properties correctly (authenticated BIND) then the entries will be created.

 

A subsequent SMBMANAGE (users) then works.

 

The result you can observe in the ldap directory either using dxim

dxim> sel  /dc=compiniagrp
The number of entries selected is 7.
dxim> sho sel
/dc=compiniagrp
/dc=compiniagrp/sambaDomainName=COMPINIAGRP
/dc=compiniagrp/OU=People
/dc=compiniagrp/OU=Groups
/dc=compiniagrp/OU=Computers
/dc=compiniagrp/OU=Idmap
/dc=compiniagrp/OU=People/uid=DITE
dxim> sho /dc=compiniagrp/OU=People/uid=DITE all attr

    /dc=compiniagrp/OU=People/uid=DITE
      Description    = Samba Account
      displayName    = John DITE
      userid         = DITE
      sambaSID       = S-1-5-21-898176750-1209851738-1609389779-1008
      sambaLMPassword = 7AAA11F302EEFEB1280A032C414B0AA4
      sambaNTPassword = 8965B17CE37FE9FDE0FB83DAC2E40449
      sambaPasswordHistory = 0000000000000000000000000000000000000000000000000000000000000000
      sambaPwdLastSet = 1385387774
      sambaAcctFlags = [U          ]
      Object Class   = sambaSamAccount
                     = account

 

or with your favourite LDAP client.

 

Now back to the question whether these (OU=) entries should have been added automatically or whether the documentation needs to be updated?

 

John