ubuntu Network Authentication guide and samba domain controller

**lancebermudez** · 06-21-2011

Hi I need to know how to set up network Authentication with ubuntu and windows machines. I have one ubuntu 1104 machine as proxy,dns,samba servers. Windows machaines need to be able to have their samba shares come up when the windows user logs on also need this for the other ubuntu boxes to. How do I do this? A gui would be good to would make thing easyer for me. also how do I use samba as a domain controler for the windows boxes? this is a small home/office network. Someone told me to set up a OpenLDAP Server would that work? again how do you do that with a gui for the user and how do i use samba as a domain controler for my ubuntu and windows hosts.

computers
1 ubuntu 1104
1 lubuntu 1104
1 ubuntu 1004
1 windows 7
1 windows xp

severs on ubuntu only
proxy ip 1.2.3.7
dns ip 1.2.3.7
samba ip 1.2.3.7

samba smb.conf

Code:

# Samba config file created using SWAT
# from UNKNOWN (W)
# Date: 2010/06/13 22:20:03

[global]
	workgroup = LBERMUDEZ
	server string = %h server (Samba, Ubuntu)
	map to guest = Bad User
	obey pam restrictions = Yes
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	valid users = lance
	write list = lance

[music]
	path = /home/lance/Music
	write list = 
	guest ok = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = Yes
	browseable = No
	browsable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers

[acer]
	path = /home/lance/500gb/mombackup
	read only = No
[music]
	path = /home/lance/Music
	write list = 
	guest ok = Yes

**ptkobe** · 06-22-2011

Out of the blue (blue is my team color), I would say if you want a windows net, do it with windows. Making a ubuntu machine a client of it is easy. If you want a windows machine to be a client of a "linux net", ask gates how to do it.
Just breathing, sorry.

Bottom line, you make two absolutely different questions. Until the "How do I do this?" is easy, just do it (many gui for sharing linux dirs, you want one for KDE, gnome, or other? Or just use the text file if possible, it's easy). A ubuntu in a windows workgroup is out-of-the-box. If anything doesn't work, ask us again and you will be answered. After the "also how do I...", you are entering the twilight zone. I recommend you open another topic "how do I use samba as a domain controller for windows boxes?/Network authentication", because a lot of things can be said about it.
LDAP is a pain in the a**, kerberos too, that's what I think, until I don't think differently.

Regards, Luis

**lancebermudez** · 06-25-2011

I followed this guid at
The Tuxnetworks Linux Bible: HOWTO: SAMBA + LDAP on 10.04 Lucid Part 1
I have samba and ldap working so how do i add windows 7 to the samba domain controler? He has a guid on how to add the other linux boxes to the pdc put not windows as far as i can tell that is. I looked at
https://help.ubuntu.com/10.04/server.../samba-dc.html
put do not know where to use
sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d
I have admin but no sysadmin on my linux box. Could I just use a admin user say JohnDoe to add windows to the domain? Do I use this command on linux box or the windows? I get an error when i try it on linux. also what is this for

net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege \
SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
It does not work either.

**lancebermudez** · 06-27-2011

I have a user lets say JohnDoe with admin rights so it would look like this right?

Code:

sudo net groupmap add ntgroup="Domain Admins" unixgroup=JohnDoe rid=512 type=d

or

Code:

sudo net groupmap add ntgroup="Domain Admins" admin=JohnDoe rid=512 type=d

really dumb question time do i enter this in linux or windows? In windows don't i just go to where you set the domain under system settings like you would in the windows world then use my linux user to add computer to the domain? I do not have unixgroup or sysadmin on my linux box groups does it matter that I dont have them?

Code:

lance@Therese:/etc$ net groupmap add ntgroup="Domain Admins" unixgroup=lance rid=512 type=d
[2011/06/26 21:45:00.273811,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:00.273885,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:00.273898,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:00.273909,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:01.274059,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:01.274125,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:01.274152,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:01.274175,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:02.274339,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:02.274397,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:02.274423,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:02.274447,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:03.274623,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:03.274687,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:03.274713,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:03.274738,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:04.274899,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:04.274956,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:04.274983,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:04.275006,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:05.275159,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:05.275213,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:05.275239,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:05.275263,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:06.275412,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:06.275467,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:06.275494,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:06.275517,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:07.275685,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:07.275744,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:07.275770,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:07.275794,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:08.275972,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:08.276031,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:08.276057,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:08.276081,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:09.276238,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:09.276293,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:09.276319,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:09.276343,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:10.276514,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:10.276583,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:10.276610,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:10.276634,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:11.276791,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:11.276847,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:11.276873,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:11.276897,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:12.277060,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:12.277117,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:12.277143,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:12.277167,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:13.277327,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:13.277383,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:13.277409,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:13.277432,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:14.277615,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:14.277680,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:14.277707,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:14.277731,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:15.277946,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:15.278002,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:15.278028,  0] passdb/secrets.c:806(fetch_ldap_pw)
  fetch_ldap_pw: neither ldap secret retrieved!
[2011/06/26 21:45:15.278052,  0] lib/smbldap.c:1107(smbldap_connect_system)
  ldap_connect_system: Failed to retrieve password from secrets.tdb
[2011/06/26 21:45:15.278108,  0] passdb/secrets.c:73(secrets_init)
  Failed to open /var/lib/samba/secrets.tdb
[2011/06/26 21:45:15.278146,  0] lib/util.c:1465(smb_panic)
  PANIC (pid 10604): could not open secrets db
[2011/06/26 21:45:15.282464,  0] lib/util.c:1569(log_stack_trace)
  BACKTRACE: 14 stack frames:
   #0 net(log_stack_trace+0x2d) [0x3f5c7d]
   #1 net(smb_panic+0x2d) [0x3f5d9d]
   #2 net(get_global_sam_sid+0x6c1) [0x2fa481]
   #3 net(pdb_init_ldapsam+0x7a2) [0x3a1ac2]
   #4 net(make_pdb_method_name+0xf3) [0x394fc3]
   #5 net(+0x1da44d) [0x39544d]
   #6 net(pdb_getgrgid+0xb) [0x396d6b]
   #7 net(+0xb94c0) [0x2744c0]
   #8 net(net_run_function+0x75) [0x28e125]
   #9 net(net_groupmap+0x5d) [0x274c0d]
   #10 net(net_run_function+0x75) [0x28e125]
   #11 net(main+0x819) [0x252be9]
   #12 /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0xb58e37]
   #13 net(+0x96271) [0x251271]
[2011/06/26 21:45:15.282611,  0] lib/util.c:1470(smb_panic)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 10604]
[2011/06/26 21:45:15.295019,  0] lib/util.c:1478(smb_panic)
  smb_panic(): action returned status 0
[2011/06/26 21:45:15.295103,  0] lib/fault.c:312(dump_core)
  Can not dump core: corepath not set up

Code:

lance@Therese:/etc$ sudo net groupmap add ntgroup="Domain Admins" unixgroup=lance rid=512 type=d
adding entry for group Domain Admins failed!

**lancebermudez** · 06-29-2011

lance@Therese:/var/log$ sudo /etc/init.d/slapd status
* slapd is running

I followed the http://tuxnetworks.blogspot.com/2010...cid-short.html
guid so if it said to intall I installed it. and it said to install
sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools ldap-auth-client

I installed them when the guid told me to install them. any idea as to why this is being a pain? I don't get why they are not talking to one another. I have the firewall turned off tell i can get this working. I have attached the slapd log from from the
cat syslog | grep slapd > /tmp/slapd-log.txt
command
slapd-log.txt.zip

**lancebermudez** · 06-29-2011

found this at https://help.ubuntu.com/11.04/server...ap-server.html is this what I need for apparmor to work right?

The AppArmor profile for slapd will need to be adjusted for the accesslog database location. Edit /etc/apparmor.d/usr.sbin.slapd adding:

Code:

/var/lib/ldap/accesslog/ r,
/var/lib/ldap/accesslog/** rwk,

Then create the directory, reload the apparmor profile, and copy the DB_CONFIG file:

Code:

sudo -u openldap mkdir /var/lib/ldap/accesslog

Code:

sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/

Code:

sudo /etc/init.d/apparmor reload

Code:

bdb(dc=nodomain): PANIC: fatal region error detected; run recovery

So how do I run recovery?

**lancebermudez** · 07-02-2011

I was looking around and found this I have it in a pic for you. Is the pic what the log is talking about

Jul 1 20:24:24 Therese slapd[10953]: bdb(dc=nodomain): PANIC: fatal region error detected; run recovery

so how do i fix the error. I need a step by step for dummies.

phpldapadmin.jpg

Thread Tools

Display

ubuntu Network Authentication guide and samba domain controller

Posting Permissions