| |
| |
| |
|
Page: 1 2 3
Comments:
<0> Hello, I would like to authenticate MS active directory users on a samba domain member server even if the connection to the primary domain controller goes down. Can I do this with ldap?
<1> .
<1> hyc: hi again
<2> podzap: howdy
<1> how's it goin?
<2> going ok, what's new with you?
<1> oh, i'm on summer holiday now!
<2> tabulating some more benchmark results, on dual-core opterons
<2> ah, good for you
<1> i have a dual-core pentium, as it was cheap
<1> wanted a dual-core opteron
<2> I'm borrowing time on a cluster at AMD's devcenter
<2> only have a couple single-socket machines of our own...
<1> aha
<2> just running it on single nodes though, it appears not all of the cluster resources are turned on.
<3> I'm trying to use an AD ldap server as an authentication point from C on OSX. I want to make sure that the ldap server I connect to is actually my AD server. How can i verify this?
<1> use SSL
<3> how does that avoid a man in the middle?
<3> well, not a man in the middle, but someone impersonating my AD?
<3> login will be both on local lan and over the internet
<3> so places i don't control the network
<1> use client authentication
<1> server verifies you, you verify server
<3> podzap: code examples?
<1> in C?
<3> sure
<1> http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
<1> good library
<1> lots of examples included
<3> id need to use that instead of openldap?
<1> as a client?
<3> i basically just need to do a ldap bind and see if the user connects
<3> if the user can bind that is
<3> hmm
<1> i believe ol can do client authentication
<3> basically cryptlib could get the server cert and then i verify it?
<1> for example
<2> OpenLDAP will automatically verify the server cert
<2> the client library is set to do verification by default
<2> see the Admin guide... http://www.openldap.org/doc/admin23/tls.html
<4> Is anyone around?
<1> around where?
<2> I malign (I'm aline)
<4> thanks.
<4> I need company.
<4> :-)
<4> A little hand-holding.
<1> .
<4> Sorry the question is slow in coming. I'm really not sure how to formulate it. I'm trying to modify the schema, I guess, so that I can add certain attributes. Heck...let me show you what I've done so far: http://www.ncee.net/shane/ldap.txt
<4> I'm not sure what do do next...
<5> i have configured samba-ldap -PDC and BDC
<5> but when PDC gets down it use BDC but with PDC's LDAP server database
<5> i want it to use BDC'S ldap
<5> i want to create SLAVE LDAP server
<5> what i will have to do?
<5> any one alive???
<5> what i will have to do for SLAVE LDAP server???
<5> what changes are required for SLAVE LDAP server???
<5> i have configured SAMBA-PDC-LDAP and SAMBA-BDC-LDAP
<5> i am confused for LDAP
<5> what changes will make master and slave LDAP server
<6> mostly, updatedn on the master and updateref on the slave
<6> for replication you'll want to look at syncrepl or slurpd; check out the admin guide for details
<5> [root@localhost ~]# net rpc getsid
<5> Unable to find a suitable server
<5> lucca
<5> any one have any idea???
<5> updatedn cn=Manager,dc=yourdomainname,dc=com
<5> updateref ldap://192.168.1.104
<5> i am confused for these two lines
<5> should i add these two lines in my slave LDAP??
<5> or updatedn on MASTER LDAP and updateref on SLAVE-LDAP
<5> rootdn is already on both LDAP
<5> so updateref should be added in BDC-LDAP
<5> with PDC'S ip
<6> er updatedn and updateref on the slave
<6> heh, replica on the master
<6> that is the traditional slurpd method
<6> syncrepl is a bit different
<5> lucca should i comment rootdn line?? on BDC-LDAP??
<6> each of these commands do very specific, well-defined things
<6> these things are well documented
<5> [root@localhost ~]# net rpc getsid
<5> Unable to find a suitable server
<5> can any one help me to solve this error?
<5> my pdc server is running fine still i cant get sid from slave ldap
<7> ldap doesn't know anything about sid.. that's samba. and samba is that direction -> #samba
<5> Gagatan p***db backend = ldapsam:"ldap://master.quenya.org ldap://slave.quenya.org"
<5> can i use this line with ip rather than my domain name
<5> i am confused this is a problem of samba or ldap
<5> :)
<7> so it works for one of the urls but not the other? and you can query both ldapservers with ldapsearch to see the sid-attribute there?
<7> if you can see the objects 100% matching using ldapsearch, it's propably an ACL-issue in slapd.conf on the slave
<5> ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)
<5> additional info: SASL(-13): user not found: no secret in database
<7> -x for simple bind
<8> hi cutmasta
<9> hi
<9> can I use linux to authenticate to an Active Directory server, without modifying the server?
<8> [root@jay sbin]# smbp***wd -w hitech
<8> Setting stored p***word for "cn=Manager,dc=hitech,dc=com" in secrets.tdb
<8> sorry..
<8> [root@localhost ~]# net getlocalsid
<8> [2006/07/12 13:11:53, 0] lib/smbldap.c:smbldap_connect_system(850)
<8> failed to bind to server with dn= cn=Manager,dc=hitech,dc=com Error: Can't contact LDAP server
<8> (unknown)
<10> hi...
<8> p***db backend = ldapsam:ldap://192.168.100.213
<8> i have given my PDC's ip here
<8> so that i can connect to my PDC'S LDAP server
<8> is this correct line???
<7> hell I don't know.. we're not samba-support here
<7> go fish
<9> hehe
<9> should I be using ldapsearch to test connectivity to AD or samba/
<10> I am getting some errors starting openldap
<10> it's weird, because I've specified a ldbm DB and I get a "bdb_back_initialize: initialize BDB backend"
<10> and the error comes with
<10> backend_startup_one: starting "cn=config"
<10> => ldif_enum_tree: failed to open /etc/openldap/slapd.conf/cn=config.ldif: Not a directory
<10> send_ldap_result: conn=-1 op=0 p=0
<10> send_ldap_result: err=32 matched="" text=""
<10> it seems like it can't find the config file
<10> uhm that was when trying the OPTS="-F myconffile -h "
<2> -F is not the right option.
<2> you should learn the difference between upper and lower case...
<2> and -h requires additional parameters. there's this thing called a man page, perhaps you've heard of it? it tells you what all of the options are....
<10> hyc: well, I know what's a man page, of coure... but using a distro that provides you a default config files with several lines commentend and well explained... I use to modify that and use it... so sorry...
<11> I have to restore a totally crashed LDAP server (running openldap), which files do I have to copy over?
<11> I mean from the old box to the new installation
<10> cuse: everything under /etc/openldap, /etc/ldap.conf, /var/lib/openldap-*
<10> AFAIK
<11> ok
<10> and take a look at /etc/conf.d/slapd (if it exists)
<11> hmm, should I simply overwrite /var/lib/openldap-data/.version-tag ?
<10> uhm, I believe that you have more files there.. take a look at /etc/openldap/sldap.conf and check which are your data directories
<11> sure, i have more, but the question is if its a good idea to overwrite that .version-tag files, since i dont know its purpos
<10> are you gonna use the same version of openldap?
<11> no, thats the problem
<10> well
<11> the old box had an older version of openldap
<10> do you have the old box running? or it is completely crashed?
<11> esci: no its not running at all, even minor apps like bzip and stuff hang, so theres no chance to get the server running again, i tried everything with chroot and whatever
<11> so the only chance to restore the ldap stuff is to copy the files
<10> well
<10> in that case
<10> I guess your better chance is to install the same version you had, then make a backup of your data, upgrade and restore the data
<11> ah.. i try it that way now, i mean by overwriting all the data files, maybe im lucky
<10> yes
<11> :)
Return to
#ldap
or
Go to some related
logs:
#php
scanjet 3200c linux yast
#perl
#kde
#perl
#math
#sql
#debian
getting a random character perl
opensuse netinstall ip address
|
|