Hello I am pretty new to Linux. Trying to build a replacement of our current NT 4.0 domain using Samba and Ldap directories.

I am using Fedora 1 ... Have update to the newest RPMS from Redhat.

Testing samba using testparm and everything comes back okay
Testing Ldap using =ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
Returns =
dn:
namingContexts: dc=chmfbu-lnx-0010,dc=rrd,dc=com

Which from what I have read understand is correct

I have created a .LDIF file which looks like this
dn:dc=chmfbu-lnx-0010,dc=rrd,dc=com
objectclass:dcObject
objectclass:organization
o:rrdse
dc:rrd
dn:cn=Manager,dc=chmfbu-lnx-0010,dc=rrd,dc=com
objectclass:organizationalRole
cn:Manager

when ever I attempt this command afterword "ldapadd -x -D "cn=Manager,dc=chmfbu-lnx-0010,dc=rrd,dc=COM" -W -f /rrdse.ldif' I get this "ldap_bind: Invalid credentials (49)" which I understand to be either incorrect dn password or incorrect cn input. I am stuck as I do not know all the commands that may be able to help me out of this. Below I will list my smb.conf, ldap.conf and slap.conf if anything else would help in finding the problem please let me know.


Following posts will contain my smb.conf, slap.conf, ldap.conf

SMB.conf>>>>>>>

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2004/05/10 15:23:52

# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = RRDSE
realm =
netbios name = CHMFBU-LNX-0010
netbios aliases =
netbios scope =
server string = RRDSE Samba Server
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = ldapsam:ldap://localhost/
algorithmic rid base = 1000
root directory =
guest account = nobody
pam password change = No
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
username map =
password level = 0
username level = 0
unix password sync = Yes
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/%m.log
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
unicode = Yes
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 10
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
stat cache = Yes
machine password timeout = 604800
add user script =
delete user script =
add group script = /usr/sbin/adduser %u %g
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
shutdown script =
abort shutdown script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = Yes
os level = 255
lm announce = Yes
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server = 10.233.196.64
wins support = No
wins hook =
wins partners =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap suffix = o=rrdse,dc=chmfbu-lnx-0010,dc=rrd,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix =
ldap filter = (uid=%u)
ldap admin dn = "cn=Manager,dc=chmfbu-lnx-0010,dc=rrd,dc=com"
ldap ssl = no
ldap passwd sync = Yes
ldap delete dn = No
ldap replication sleep = 1000
add share command =
change share command =
delete share command =
config file =
preload =
lock directory = /var/cache/samba
pid directory = /var/run
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
afs username map =
time offset = 0
NIS homedir = No
panic action =
host msdfs = No
enable rid algorithm = Yes
idmap backend =
idmap uid =
idmap gid =
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
comment =
path =
username =
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No


LDAP.conf

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST 127.0.0.1
BASE dc=chmfbu-lnx-0010,dc=rrd,dc=com

SLAP.conf>>>>>

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

pidfile /var/run/slapd.pid
#argsfile //var/run/slapd.args

# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la

# The next three lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem

# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth

# if no access controls are present, the default policy is:
# Allow read by all

# rootdn can always write!
# ldbm and/or bdb database definitions

database ldbm
suffix "dc=chmfbu-lnx-0010,dc=rrd,dc=com"
rootdn "cn=Manager,dc=chmfbu-lnx-0010,dc=rrd,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {SSHA}Li9SnuA10XTpA/jmEghVp0KVi62NeoYI

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 tls=yes
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM

did you set your binddn and bindpw in your /etc/ldap.conf?

/etc/ldap.conf

binddn cn=Manager,dc=chmfbu-lnx-0010,dc=rrd,dc=com
bindpw secret

No was not ever aware of those commands. I did somethings wrong and corrupted my directories. I am reinstalling Fedora now going to start fresh all over again. Finding documents on this is very iffy. I have found many but they are for earlier versions. And from what I have read things have changed in the way they work from 2.x to 3.x samba.

I just wish I could find the commands and the order to use them to get it done correctly. But alas I will diffently be more knowledgable once I have this project complete. Hopefully before retirement in 20 years lol