1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" 2 "http://www.w3.org/TR/REC-html40/loose.dtd"> 3<HTML> 4<HEAD> 5 6<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 7<META name="GENERATOR" content="hevea 1.06"> 8<TITLE> 9 Frequently Asked Questions 10</TITLE> 11</HEAD> 12<BODY > 13<A HREF="smbldap-tools006.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A> 14<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A> 15<A HREF="smbldap-tools008.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A> 16<HR> 17 18<H2><A NAME="htoc26">6</A> Frequently Asked Questions</H2><UL> 19<LI><A HREF="smbldap-tools007.html#toc14"> How can i use old released uidNumber and gidNumber ?</A> 20<LI><A HREF="smbldap-tools007.html#toc15"> I always have this error: "Can't locate IO/Socket/SSL.pm"</A> 21<LI><A HREF="smbldap-tools007.html#toc16"> I can't initialize the directory with <TT>smbldap-populate</TT></A> 22<LI><A HREF="smbldap-tools007.html#toc17"> I can't join the domain with the <TT>root</TT> account</A> 23<LI><A HREF="smbldap-tools007.html#toc18"> I have the <TT>sambaSamAccount</TT> but i can't logged in</A> 24<LI><A HREF="smbldap-tools007.html#toc19"> I want to create machine account on the fly, but it does 25 not works or I must do it twice</A> 26<LI><A HREF="smbldap-tools007.html#toc20"> I can't manage the Oracle Internet Database</A> 27<LI><A HREF="smbldap-tools007.html#toc21"> The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not 28called, or i got a error message when changing the password from windows</A> 29<LI><A HREF="smbldap-tools007.html#toc22"> New computers account can't be set in ou=computers</A> 30<LI><A HREF="smbldap-tools007.html#toc23"> I can join the domain, but i can't log on</A> 31<LI><A HREF="smbldap-tools007.html#toc24"> I can't create a user with <TT>smbldap-useradd</TT></A> 32<LI><A HREF="smbldap-tools007.html#toc25"> smbldap-useradd: Can't call method "get_value" on an undefined value at 33/usr/local/sbin/smbldap-useradd line 154</A> 34<LI><A HREF="smbldap-tools007.html#toc26"> Typical errors on creating a new user or a new group</A> 35</UL> 36 37<A NAME="toc14"></A> 38<H3><A NAME="htoc27">6.1</A> How can i use old released uidNumber and gidNumber ?</H3> 39There are two way to do this : 40<UL><LI> 41modify the <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> and 42 change the <TT>uidNumber</TT> and/or <TT>gidNumber</TT> value. This 43 must be done manually. For example, if you want to use all available 44 uidNumber and gidNumber higher then 1500, you need to create a 45 <TT>update-NextFreeUnixId.ldif</TT> file containing : 46<PRE>dn: cn=NextFreeUnixId,dc=idealx,dc=org 47changetype: modify 48uidNumber: 1500 49gidNumber: 1500 50</PRE> 51and then update the directory : 52<PRE> 53ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif 54</PRE><LI>use the <TT>-u</TT> or <TT>-g</TT> option to the script you need to set the value you 55 want to use 56</UL> 57<A NAME="toc15"></A> 58<H3><A NAME="htoc28">6.2</A> I always have this error: "Can't locate IO/Socket/SSL.pm"</H3> 59This happens when you want to use a certificate. In this case, you need to install the 60IO-Socket-SSL Perl module.<BR> 61<BR> 62<A NAME="toc16"></A> 63<H3><A NAME="htoc29">6.3</A> I can't initialize the directory with <TT>smbldap-populate</TT></H3> 64When I want to initialize the directory using the <TT>smbldap-populate</TT> 65script, I get 66<PRE> 67[root@slave sbin]# smbldap-populate.pl 68 Using builtin directory structure 69 adding new entry: dc=IDEALX,dc=COM 70 Can't call method "code" without a package or object reference at 71 /usr/local/sbin/smbldap-populate.pl line 270, <GEN1> line 2. 72</PRE>Answer: check the TLS configuration 73<UL><LI> 74if you don't want to use TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file 75with 76<PRE> 77ldapSSL="0" 78</PRE><LI>if you want TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file with 79<PRE> 80ldapSSL="1" 81</PRE>and check that the directory server is configured to accept TLS connections. 82</UL> 83<A NAME="toc17"></A> 84<H3><A NAME="htoc30">6.4</A> I can't join the domain with the <TT>root</TT> account</H3> 85<UL><LI> 86check that the root account has the sambaSamAccount objectclass 87<LI>check that the directive <TT>add machine script</TT> is present and configured 88</UL> 89<A NAME="toc18"></A> 90<H3><A NAME="htoc31">6.5</A> I have the <TT>sambaSamAccount</TT> but i can't logged in</H3> 91Check that the <TT>sambaPwdLastSet</TT> attribute is not null (equal to 0)<BR> 92<BR> 93<A NAME="toc19"></A> 94<H3><A NAME="htoc32">6.6</A> I want to create machine account on the fly, but it does 95 not works or I must do it twice</H3> 96<UL><LI> 97The script defined with the <TT>add machine script</TT> must not add 98the <TT>sambaSAMAccount</TT> objectclass of the machine account. The 99script must only add the Posix machine account. Samba will add the <TT>sambaSAMAccount</TT> when 100joining the domain. 101<LI>Check that the <TT>add <B>machine</B> script</TT> is present in samba 102 configuration file. 103</UL> 104<A NAME="toc20"></A> 105<H3><A NAME="htoc33">6.7</A> I can't manage the Oracle Internet Database</H3> 106If you have an error message like : 107<PRE> 108Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 187. 109Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 627. 110</PRE>For Oracle Database, all attributes that will be resquested to the directory must be indexed. Add a 111new index for samba attributes and make sure that the following attributes are also indexed : 112 uidNumber, gidNumber, memberUid, homedirectory, description, userPassword ...<BR> 113<BR> 114<A NAME="toc21"></A> 115<H3><A NAME="htoc34">6.8</A> The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not 116called, or i got a error message when changing the password from windows</H3> 117The directive is called if you also set <TT>unix password sync = Yes</TT>. 118Notes: 119<UL><LI> 120if you use OpenLDAP, none of those two options are needed. You just need <TT>ldap 121passwd sync = Yes</TT>. 122<LI>the script called here must only update the <TT>userPassword</TT> attribute. This is the 123reason of the <TT>-u</TT> option. Samba passwords will be updated by samba itself. 124<LI>the <TT>passwd chat</TT> directive must match what is prompted when using the 125<TT>smbldap-passwd</TT> command 126</UL> 127<A NAME="toc22"></A> 128<H3><A NAME="htoc35">6.9</A> New computers account can't be set in ou=computers</H3><A NAME="sec::bug::ou::computer"></A> 129This is a known samba bug. There's a workarround: look at 130<TT>http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2</TT><BR> 131<BR> 132<A NAME="toc23"></A> 133<H3><A NAME="htoc36">6.10</A> I can join the domain, but i can't log on</H3> 134look at section <A HREF="#sec::bug::ou::computer">6.9</A><BR> 135<BR> 136<A NAME="toc24"></A> 137<H3><A NAME="htoc37">6.11</A> I can't create a user with <TT>smbldap-useradd</TT></H3> 138When creating a new user account I get the following error message: 139<PRE> 140/usr/local/sbin/smbldap-useradd.pl: unknown group SID not set for unix group 513 141</PRE>Answer: 142<UL><LI> 143is nss_ldap correctly configured ? 144<LI>is the default group's users mapped to the 'Domain Users' NT group ? 145<PRE> 146net groupmap add rid=513 unixgroup="Domain Users" ntgroup="Domain Users" 147</PRE></UL> 148<A NAME="toc25"></A> 149<H3><A NAME="htoc38">6.12</A> smbldap-useradd: Can't call method "get_value" on an undefined value at 150/usr/local/sbin/smbldap-useradd line 154</H3> 151<UL><LI> 152does the default group defined in smbldap.conf exist 153 (defaultUserGid="513") ? 154<LI>does the NT "Domain Users" group mapped to a unix 155 group of rid 513 (see option <I>-r</I> of <TT>smbldap-groupadd</TT> and 156 <TT>smbldap-groupmod</TT> to set a rid) ? 157</UL> 158<A NAME="toc26"></A> 159<H3><A NAME="htoc39">6.13</A> Typical errors on creating a new user or a new group</H3><A NAME="faq::error::add::user"></A> 160<UL><LI> 161i've got the following error: 162<PRE> 163Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 909 164</PRE><OL type=1><LI> 165 you do not have created the object to defined the next uidNumber and gidNumber available. 166 <UL><LI> 167 for version 0.8.7 : you can just run the <TT>smbldap-populate</TT> script that will 168 update the sambaDomain entry to store those informations 169 <LI>for version before 0.8.7 : 170 You have updated the smbldap-tools to version 0.8.5 or newer. 171 You have to do this manually. Create an file called <TT>add.ldif</TT> and containing 172<PRE> 173dn: cn=NextFreeUnixId,dc=idealx,dc=org 174objectClass: inetOrgPerson 175objectClass: sambaUnixIdPool 176uidNumber: 1000 177gidNumber: 1000 178cn: NextFreeUnixId 179sn: NextFreeUnixId 180</PRE> and then add the object with the ldapadd utility: 181<PRE> 182$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif 183</PRE> Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is 184 already used by a user or a group, the first available after 1000 will be used). 185 </UL><BR> 186<BR> 187<LI>The error also appear when there is a need for TLS (ldapTLS=1 in <TT>smbldap.conf</TT>) and 188something is wrong with certificate naming or path settings. 189</OL><BR> 190<BR> 191<LI>i've got the following error: 192<PRE> 193Use of uninitialized value in string at 194/usr/local/sbin//smbldap\_tools.pm line 914. 195Error: No DN specified at /usr/local/sbin//smbldap\_tools.pm line 919 196</PRE>You have not updated the configuration file to defined the object where are sotred the next 197uidNumber and gidNumber available. In our example, you have to add a nex entry in 198<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I> containing : 199<PRE> 200# Where to store next uidNumber and gidNumber available 201sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" 202</PRE>btw, a new option is now available too: the domain to append to users. You can add to the 203configuration file the following lines: 204<PRE> 205# Domain appended to the users "mail"-attribute 206# when smbldap-useradd -M is used mailDomain="idealx.com" 207</PRE><BR> 208<BR> 209<LI>i've got the following error: 210<PRE> 211Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-useradd line 183. 212Use of uninitialized value in substitution (s///) at /usr/local/sbin/smbldap-useradd line 185. 213Use of uninitialized value in string at /usr/local/sbin/smbldap-useradd line 264. 214failed to add entry: homedirectory: value #0 invalid per syntax at /usr/local/sbin/smbldap-useradd line 280. 215userHomeDirectory=User "jto" already member of the group "513". 216failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 382. 217</PRE>you have to change the variable name <TT>userHomePrefix</TT> to <TT>userHome</TT> in 218<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I><BR> 219<BR> 220<LI>i've got the following error: 221<PRE> 222failed to add entry: referral missing at /usr/local/sbin/smbldap-useradd line 279, <DATA> line 283. 223</PRE>you have to update the configuration file that defined users, groups and computers dn. Those 224parameters must not be relative to the <TT>suffix</TT> parameter. A typical 225configuration look like this : 226<PRE> 227usersdn="ou=Users,${suffix}" 228computersdn="ou=Computers,${suffix}" 229groupsdn="ou=Groups,${suffix}" 230</PRE><BR> 231<BR> 232<LI>i've got the following error: 233<PRE> 234erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad protocol 'tcp') 235at /usr/local/sbin//smbldap_tools.pm line 153. 236</PRE>remove <I>ldap</I> from <I>/etc/nsswitch.conf</I> for <I>services</I> list of possible check. For 237example, if your ldap directory is not configured to give services information, you must have 238<PRE> 239services files 240</PRE>and not 241<PRE> 242services: ldap [NOTFOUND=return] files 243</PRE></UL> 244 245 246<HR> 247<A HREF="smbldap-tools006.html"><IMG SRC ="previous_motif.gif" ALT="Pr�c�dent"></A> 248<A HREF="index.html"><IMG SRC ="contents_motif.gif" ALT="Remonter"></A> 249<A HREF="smbldap-tools008.html"><IMG SRC ="next_motif.gif" ALT="Suivant"></A> 250</BODY> 251</HTML> 252