NOTE! This is just my personal research progress log. Don't use it as production. If you are asking for some other update details, please refer to LDAP + Samba PDC + PAM/NSS on Debian Lenny HOWTO
Prepare Debian
apt-get update
apt-get install apache2-suexec libapache2-mod-php5 php5 php5-cli php5-curl php5-gd php5-imap php5-ldap php5-mcrypt php5-mhash php5-mysql php5-sqlite php5-tidy php5-xmlrpc php-pear mysql-server-5.0 slapd mcrypt ldap-utils libgd-tools apache2-doc samba swat smbclient smbfs smbldap-tools libpam-ldap libnss-ldap resolvconf exim4-daemon-heavy exim4-doc-html geximon courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-authlib-ldap courier-authdaemonslapd
LDAP admin password: CHANGE
samba
domain: EXAMPLE
WINS settings from DHCP: NO
libnss-ldap
LDAP server Uniform Resource Identifier: ldap://127.0.0.1
Distinguished name of the search base: dc=example,dc=com
LDAP version to use: 3
LDAP account for root: cn=admin,dc=example,dc=com
LDAP password: CHANGE
libpam-ldap:
Make local root Database admin: yes
Does the LDAP database require login?: no
LDAP account for root: cn=admin,dc=example,dc=com
LDAP root account password: CHANGE
vi /etc/php5/apache2/php.ini
memory_limit = 128M;
post_max_size = 32M
upload_max_filesize = 32M
date.timezone = "Asis/Hong_Kong"
display_errors = Off
/etc/init.d/apache2 restart
pear install Auth_SASL
pear install XML_Feed_Parser
/etc/init.d/apache2 restart
vi /etc/apache2/sites-enabled/000-default
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>/etc/init.d/apache2 restart
mysql:
mysqladmin -uroot password CHANGE
mysql -uroot -p
Download Package
Download egroupware 1.6
http://www.egroupware.org/download
files:
eGroupware-1.6.001.tar.gz
eGroupware-egw-pear-1.6.001.tar.gz
eGroupware-gallery-1.6.001.tar.gz
eGroupware-icalsrv-1.6.001.tar.gz
eGroupware-mydms-1.6.001.tar.gz
mv eGroupware-* /var/www/
cd /var/www
find . -name 'eGroupware-*' -exec tar zxvf {} \;
mv egroupware eGroupware-1.6.001
ln -s eGroupware-1.6.001 egroupware
chown -Rf www-data:www-data /var/www/
Download smbldap-qmail-tools:
http://smbldap-addons.sourceforge.net/
wget http://smbldap-addons.sourceforge.net/smbldap-qmail-tools/qmail.schema
download smbldap-qmail-tools-0.3-2.tar.gz
tar zxvf smbldap-qmail-tools-0.3-2.tar.gz
chown -Rf root:root smbldap-qmail-tools-0.3-2
cp -rfp smbldap-qmail-tools-0.3-2/smbldap* /usr/local/sbin
Download phpldapadmin:
http://phpldapadmin.sourceforge.net/wiki/index.php/Download
tar zxvf phpldapadmin-1.1.0.6.tar.gz
mv phpldapadmin-1.1.0.6 /var/www/
cd /var/www
ln -s phpldapadmin-1.1.0.6 phpldapadmin
cd /var/www/phpldapadmin/config/
cp config.php.example config.php
vi config.php
$ldapservers->SetValue($i,'server','host','127.0.0.1');
Download phpmyadmin:
http://www.phpmyadmin.net/home_page/downloads.php
mv phpMyAdmin-3.1.2-all-languages.tar.gz /var/www
cd /var/www
tar zxvf phpMyAdmin-3.1.2-all-languages.tar.gz
ln -s phpMyAdmin-3.1.2-all-languages phpmyadmin
cd /var/www/phpmyadmin
mkdir config
cp config.sample.inc.php config/config.inc.php
chmod -Rf 777 config
http://localhost/phpmyadmin/setup/
overview -> new server -> save
features ->
Upload directory: /tmp
Save directory: /tmp
Allow character set conversion: yes
Default character set: utf-8
overview: -> Configuration file -> save
mv /var/www/phpmyadmin/config/config.inc.php /var/www/phpmyadmin
rm -rf /var/www/phpmyadmin/config
chmod 644 /var/www/phpmyadmin/config.inc.php
Prepare slapd
/etc/init.d/nscd stop
/etc/init.d/slapd stop
slapcat > ~/my.ldif
find /var/www/egroupware/ -name '*.schema' -exec cp {} /etc/ldap/schema/ \;
smbldap-tools is not function with rfc2307bis.schema, use nis.schema instead
zcat /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz > \
/etc/ldap/schema/samba.schema
cp /usr/local/src/qmail.schema /etc/ldap/schema/
slappasswd -h {MD5}
{MD5}Qhz9FD5FDD9YFKBJVAngcw==
vi /etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/qmail.schema
include /etc/ldap/schema/evolutionperson.schema
include /etc/ldap/schema/mozillaabpersonalpha.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix "dc=example,dc=com"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=example,dc=com"
rootpw {MD5}Qhz9FD5FDD9YFKBJVAngcw==
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,sn,mail,givenname eq,pres,sub
index uidNumber,gidNumber,memberUid eq,pres
index loginShell eq,pres
## required to support pdb_getsampwnam
index uid pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName pres,sub,eq
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index uniqueMember eq
index sambaGroupType eq
index sambaSIDList eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# users can authenticate and change their password
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
by self write
by anonymous auth
by * none
# those 2 parameters must be world readable for password aging to work correctly
# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
access to attrs=shadowLastChange,shadowMax
by self write
by * read
# all others attributes are readable to everybody
access to *
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=example,dc=com" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"/etc/init.d/slapd stop
rm -rf /var/lib/ldap/*
slapadd -l ~/my.ldif
slapindex
chown -Rf openldap:openldap /var/lib/ldap
/etc/init.d/slapd start
Configure Samba with swat
http://localhost:901/
wizard:
-> Server Type: Domain Controller
-> Configure WINS As: Server for client use
-> Commit
-> Rewrite smb.conf file
global (advanced):
-> copy & paste the following setup:
# Samba config file created using SWAT
# from UNKNOWN ()
# Date: 2009/02/05 01:44:24
[global]
dos charset = UTF-8
display charset = UTF-8
workgroup = EXAMPLE
realm = EXAMPLE.COM
server string = %h server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = logon.bat
logon path = \\%N\profiles\%U
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=example,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap machine suffix = ou=Computers
ldap suffix = dc=example,dc=com
ldap ssl = no
ldap user suffix = ou=Users
panic action = /usr/share/samba/panic-action %d
case sensitive = No
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
[profiles]
path = /var/lib/samba/profiles
force user = %U
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
profile acls = Yes
browseable = No
csc policy = disable
[public]
path = /tmp
read only = No
guest ok = Yesmkdir -p /var/lib/samba/profiles /var/lib/samba/netlogon
chmod 777 /var/lib/samba/profiles
chmod 755 /var/lib/samba/netlogon
smbpasswd -w CHANGE
/etc/init.d/samba restart
Configure smbldap-tools
zcat /usr/share/doc/smbldap-tools/examples/smbldap.conf.gz > \
/etc/smbldap-tools/smbldap.conf
cp /usr/share/doc/smbldap-tools/examples/smbldap_bind.conf \
/etc/smbldap-tools/smbldap_bind.conf
net getlocalsid
vi /etc/smbldap-tools/smbldap.conf
# $Source: $
# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
#
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
# Copyright (C) 2001-2002 IDEALX
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
# Purpose :
# . be the configuration file for all smbldap-tools scripts
##############################################################################
#
# General Configuration
#
##############################################################################
# Put your own SID. To obtain this number do: "net getlocalsid".
# If not defined, parameter is taking from "net getlocalsid" return
SID="S-1-5-21-4080769130-1558350895-1527417114"
# Domain name the Samba server is in charged.
# If not defined, parameter is taking from smb.conf configuration file
# Ex: sambaDomain="IDEALX-NT"
sambaDomain="EXAMPLE"
##############################################################################
#
# LDAP Configuration
#
##############################################################################
# Notes: to use to dual ldap servers backend for Samba, you must patch
# Samba with the dual-head patch from IDEALX. If not using this patch
# just use the same server for slaveLDAP and masterLDAP.
# Those two servers declarations can also be used when you have
# . one master LDAP server where all writing operations must be done
# . one slave LDAP server where all reading operations must be done
# (typically a replication directory)
# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
slaveLDAP="127.0.0.1"
# Slave LDAP port
# If not defined, parameter is set to "389"
slavePort="389"
# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
masterLDAP="127.0.0.1"
# Master LDAP port
# If not defined, parameter is set to "389"
masterPort="389"
# Use TLS for LDAP
# If set to 1, this option will use start_tls for connection
# (you should also used the port 389)
# If not defined, parameter is set to "1"
ldapTLS="0"
# How to verify the server's certificate (none, optional or require)
# see "man Net::LDAP" in start_tls section for more details
verify="require"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
cafile="/etc/smbldap-tools/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientcert="/etc/smbldap-tools/smbldap-tools.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
clientkey="/etc/smbldap-tools/smbldap-tools.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
suffix="dc=example,dc=com"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
usersdn="ou=Users,${suffix}"
# Where are stored Computers
# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
computersdn="ou=Computers,${suffix}"
# Where are stored Groups
# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"
# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
idmapdn="ou=Users,${suffix}"
# Where to store next uidNumber and gidNumber available for new users and groups
# If not defined, entries are stored in sambaDomainName object.
# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
# Default scope Used
scope="sub"
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
hash_encrypt="MD5"
# if hash_encrypt is set to CRYPT, you may set a salt format.
# default is "%s", but many systems will generate MD5 hashed
# passwords if you use "$1$%.8s". This parameter is optional!
crypt_salt_format="%s"
##############################################################################
#
# Unix Accounts Configuration
#
##############################################################################
# Login defs
# Default Login Shell
# Ex: userLoginShell="/bin/bash"
userLoginShell="/bin/bash"
# Home directory
# Ex: userHome="/home/%U"
userHome="/home/%U"
# Default mode used for user homeDirectory
userHomeDirectoryMode="700"
# Gecos
userGecos="System User"
# Default User (POSIX and Samba) GID
defaultUserGid="513"
# Default Computer (Samba) GID
defaultComputerGid="515"
# Skel dir
skeletonDir="/etc/skel"
# Default password validation time (time in days) Comment the next line if
# you don't want password to be enable for defaultMaxPasswordAge days (be
# careful to the sambaPwdMustChange attribute's value)
defaultMaxPasswordAge="45"
##############################################################################
#
# SAMBA Configuration
#
##############################################################################
# The UNC path to home drives location (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon home'
# directive and/or disable roaming profiles
# Ex: userSmbHome="\\PDC-SMB3\%U"
userSmbHome=""
# The UNC path to profiles locations (%U username substitution)
# Just set it to a null string if you want to use the smb.conf 'logon path'
# directive and/or disable roaming profiles
# Ex: userProfile="\\PDC-SMB3\profiles\%U"
userProfile=""
# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: userHomeDrive="H:"
userHomeDrive="H:"
# The default user netlogon script name (%U username substitution)
# if not used, will be automatically username.cmd
# make sure script file is edited under dos
# Ex: userScript="startup.cmd" # make sure script file is edited under dos
userScript="logon.bat"
# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
mailDomain="example.com"
##############################################################################
#
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
#
##############################################################################
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"
# comment out the following line to get rid of the default banner
# no_banner="1"vi /etc/smbldap-tools/smbldap_bind.conf
############################
# Credential Configuration #
############################
# Notes: you can specify two differents configuration if you use a
# master ldap for writing access and a slave ldap server for reading access
# By default, we will use the same DN (so it will work for standard Samba
# release)
slaveDN="cn=admin,dc=example,dc=com"
slavePw="CHANGE"
masterDN="cn=admin,dc=example,dc=com"
masterPw="CHANGE" chmod 0644 /etc/smbldap-tools/smbldap.conf
chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
smbldap-populate
configure libpam-ldap and libnss-ldap
vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ldap
vi /etc/libnss-ldap.conf
nss_base_passwd ou=Users,dc=example,dc=com?one
nss_base_passwd ou=Computers,dc=example,dc=com?one
nss_base_shadow ou=Users,dc=example,dc=com?one
nss_base_group ou=Groups,dc=example,dc=com?one
vi /etc/libnss-ldap.secret
CHANGE
vi /etc/pam_ldap.conf
nss_base_passwd ou=Users,dc=example,dc=com?one
nss_base_passwd ou=Computers,dc=example,dc=com?one
nss_base_shadow ou=Users,dc=example,dc=com?one
nss_base_group ou=Groups,dc=example,dc=com?one
vi /etc/pam_ldap.secret
CHANGE
vi common-account
account sufficient pam_ldap.so
account required pam_unix.so
vi common-auth
# Check local authentication first, so root can still login
# while LDAP is down.
auth [success=1 default=ignore] pam_unix.so
auth required pam_ldap.so use_first_pass
auth required pam_permit.so
vi common-password
password sufficient pam_ldap.so use_authtok
password required pam_unix.so nullok obscure md5
vi common-session
session optional pam_ldap.so
session required pam_unix.so
fix boot error:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412989
addgroup --system nvram
addgroup --system rdma
addgroup --system fuse
addgroup --system kvm
adduser --system --group --shell /usr/sbin/nologin --home /var/lib/tpm tss
add demo user:
smbldap-useradd -a -m postmaster
smbldap-passwd postmaster
join windows into domain
login with domain user
Configure Exim4
This is not the main topic.
No additional setup is required.
No LDAP user lookup, just PAM -> integrate qmail.schema and vexim logic -> next step
dpkg-reconfigure exim4-config
configure connection, domain, etc as usual
monitor with geximon
echo "my test" | mail -s "test message" root
echo "my test" | mail -s "test message" postmaster
Install egroupware
phpmyadmin:
privileges -> add a new user
User name: egroupware
Host: localhost
Password: CHANGE
Database for user: Grant all privileges on wildcard name (username\_%)
Database -> Create new database
name: egroupware_example_com
code page: utf8_general_ci
mkdir -p /var/lib/egroupware/example.com/files var/lib/egroupware/example.com/backup
chown -Rf www-data:www-data /var/lib/egroupware
http://localhost/egroupware/setup/
Server Root: /var/www/egroupware
Header Username: root
Header Password: CHANGE
Enable MCrypt: Yes
Database instance (eGW domain): default
DB Type: MySQL
DB Host: localhost
DB Port: 3306
DB Name: egroupware_example_com
DB User: egroupware
DB Password: CHANGE
Configuration User: root
Configuration Password: CHANGE
write ->
vi /var/www/egroupware/header.inc.php
$GLOBALS['egw_domain']['example.com'] = array(
http://localhost/egroupware/setup/
Setup/Config Admin Login
Step 1 - Simple Application Management: utf-8
Step 2 - Configuration ->
POP/IMAP mail server hostname or IP address: localhost
Mail server protocol: IMAP
Mail server login type: standard
Mail domain (for Virtual mail manager): example.com
SMTP server hostname or IP address: localhost
SMTP server port: 25
Select which type of authentication you are using: LDAP
Usernames are casesensitive: No
Auto create account records for authenticated users: Yes, with lowercase usernames
Auto-created user accounts expire: never
LDAP host: localhost
LDAP accounts context: ou=Users,dc=example,dc=com
LDAP groups context: ou=Groups,dc=example,dc=com
LDAP encryption type: MD5
Do you want to manage homedirectory and loginshell attributes?: Yes
LDAP Default homedirectory prefix: /home
LDAP Default shell: /bin/bash
Step 3 - Admin Account ->
root, root@example.com, CHANGE
http://192.168.93.125/egroupware/
very good !!!
Congratulations for this how to!
I've a little problem : I've changed example.com in icpieve.it and when I execute smbldap-populate return :
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 135, line 232.
Populating LDAP directory for domain ICPIEVE (S-1-5-21-3734229947-158391952-2749360974)
(using builtin directory structure)
entry dc=icpieve,dc=it already exist.
adding new entry: ou=Users,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 12.
adding new entry: ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 17.
adding new entry: ou=Computers,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 22.
adding new entry: ou=Users,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 27.
adding new entry: uid=root,ou=Users,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 56.
adding new entry: uid=nobody,ou=Users,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 85.
adding new entry: cn=Domain Admins,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 97.
adding new entry: cn=Domain Users,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 108.
adding new entry: cn=Domain Guests,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 119.
adding new entry: cn=Domain Computers,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 130.
adding new entry: cn=Administrators,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 175.
adding new entry: cn=Account Operators,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 197.
adding new entry: cn=Print Operators,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 208.
adding new entry: cn=Backup Operators,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 219.
adding new entry: cn=Replicators,ou=Groups,dc=icpieve,dc=it
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 230.
entry sambaDomainName=ICPIEVE,dc=icpieve,dc=it already exist. Updating it...
failed to modify entry: modifications require authentication at /usr/sbin/smbldap-populate line 492, line 238.
Please provide a password for the domain root:
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 135, line 232.
/usr/sbin/smbldap-passwd: user root doesn't exist
why ?
If I need to use all this without LDAP, what I can do ? Is this possible?
Best regards.
Riccardo.
Double check your config
----------------------------------------
Edison Wong
ldap.conf
You don't seem to configure /etc/ldap/ldap.conf. Is that an omission, or do you think it not necessary?
BTW, this is the best howto on Egroupware I found anywhere.
Post new comment