Moodle & SMB Web Client Problem

[Marc]

I'm in the process of setting up a new moodle server (1.9 running on ubuntu server 8.04 LTS) and I'm running into trouble getting the SMB web client block to work.

 

Users can login using LDAP against our AD (server 2003) domain no problem. The error I keep getting is :

 

Error Message: No home directory specified in ldap for this user

 

Turning debug messages on in the moodle admin panel gives more info:

 

Warning: ldap_search() [function.ldap-search]: Search: Operations error in /usr/share/moodle/auth/ldap/auth.php on line 1653

 

Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in /usr/share/moodle/auth/ldap/auth.php on line 1661

 

Notice: Undefined index: homeDirectory in /usr/share/moodle/blocks/smb_web_client/class_smbwebclient_moodle.php on line 113

 

print_header() was sent a string as 3rd (Nework Home Directory) parameter. This is deprecated in favour of an array built by build_navigation(). Please upgrade your code.

 

* line 2422 of lib/weblib.php: call to debugging()

 

* line 33 of blocks/smb_web_client/smbwebclient_moodle.php: call to print_header()

 

Our users have a homedrive mapped in their AD profile. Their H: drives map to a file server separate to the domain controller and are in the format:

 

\\servername\curric\y7\username\My Documents where curric is the root share

 

I've tried sharing the user's home drive directly i.e. creating a share of their My Documents folder e.g \\servername\username

 

I can log into the file server and list directories using:

 

smbclient -U 'DOMAIN\username' \\servername\username -

 

or

 

smbclient -U 'DOMAIN\username' '\\servername\curric\y7\username\My Documents' which wil only take me to the root of the curric share.

 

I've tried to get this block working before on an older server and got the same error and was never able to resolve it. If anyone can shed any light as to what might be going on I'd be very grateful!

 

Regards

 

Marc

[Hightower]

I would appreciate any help with this error too?

[Hightower]

UPDATE

 

I have changed the config to this:

 

'\\xxx-svr-001'=>'DOMAIN.internal/xxx-svr-001',

'\\xxx-svr-002'=>'DOMAIN.internal/xxx-svr-002',

'\\xxx-svr-003'=>'DOMAIN.internal/xxx-svr-003',

 

Which now works for staff users, but for students it has the error saying home dir doesnt exist in LDAP - when it does.

 

We're CC3.

 

Just to add, it asks for a username and password too - can it not send these from the details it gets from Moodle meaning no details need to be input.

[Marc]

Finally got around to giving this another look. Priority having gone up due to the school getting a load of netbooks and wanting to dish 'em out to Y9. Access to home drives is now quite important...

 

I've managed to get a little further. I know that the moodle LDAP capture plugin is authenticating against AD but that AD is not returning all of the attributes, resulting in the undefined index: homeDirectory error. If I dump the the contents of the array that the smb_web_client uses to grab the homeDirectory attribute, the latter is not included. The users I'm testing with definitely have a homeDirectory set as it shows against the users object when I look in adsiedit.

 

Inititally I thought it was a permissions problem for the bind user not being able to see all the attributes. I've given the bind user permissions to see everything that looked like it might help. I've also tried binding with a domain admin account as that should have access to everything.

 

This one has got me well and truly stumped. Anyone got any ideas

[brudinie]

I created this block to work with LDAP but I've only ever been able to test it with Active Directory.

Recently, someone contacted me with a similar problem and it was because they were using open LDAP.

The home directory field is different to that of Active Directory.

The latest version of the block has a config variable that you can set to tell it to use a different field in Active Directory to retrieve the home directory.

 

http://www.ossett.wakefield.sch.uk/web/media/files/moodlegpl/head/smb_web_client.zip

 

Cheers

 

Guy

[Marci]

Ah Guy... need to make an appointment for me n' Steve to come see you or vice versa within the next few weeks! Similar required at our end - just had absolutely zero time to look at Moodle yet...

[kieran8055]

Hia..........,

 

I have setup " Windows Share Web Client " when i click on MyHomeDirectory it comeup with errror message saying SSL-error message

 

Also i got stuck with adding code for LDAP capture authentication, for Developer notes it say to add code to " block / wraper / etc " am not sure about the path where the code has to go. ( to capture user credentials and PassOn for other SSO)

 

Moodler server - Ubuntu 8.04 lts

File server - Windows 2003 server

 

Any help would appreciated!

 

Cheers :0)

Edited April 7, 2009 by kieran8055

[kieran8055]

Hi,

 

Smbclient is working from command line, but from moodle site its not working, getting error:

 

on IE it says page cannot be displayed,

 

on Mozilla it say

 

Secure Connection Failed

 

An error occurred during a connection to http://www.moodlesite.co.uk.

 

Can't connect securely because the site uses an older, insecure version of the SSL protocol.

 

(Error code: ssl_error_ssl2_disabled)

 

 

The page you are trying to view can not be shown because the authenticity of the received data could not be verified.

 

* Please contact the web site owners to inform them of this problem.

 

Any suggestions or help Please,

[kieran8055]

Problem solved for moodle and SMB Client Problem.

 

Cheers

[ranciso]

Problem solved for moodle and SMB Client Problem.

 

Cheers

 

What did you to resolve the issue?

[kieran8055]

What did you to resolve the issue?

 

SMB -client it open in secure link (https), for that we need an ssl certificate so i have change https to http, by disableing in config page.

 

Cheers

:0)

[matt40k]

SMB -client it open in secure link (https), for that we need an ssl certificate so i have change https to http, by disableing in config page.

 

Cheers

:0)

 

You've got users accessing there network share over HTTP? Over the internet?

[kieran8055]

You've got users accessing there network share over HTTP? Over the internet?

 

yes............

[matt40k]

yes............

 

Umm... security?!

[kieran8055]

Umm... security?!

 

Mean time we are using on http, once we get the Certificate then we 'll change it to https.

[matt40k]

Mean time we are using on http, once we get the Certificate then we 'll change it to https.

 

Rather you then me! For £30 \ 1 days work I wouldn't risk it.

[kieran8055]

How u gonna do that?

[matt40k]

How u gonna do that?

 

Do what? Get an SSL license?

 

If it was me,

 

SSL license:

https://www.godaddy.com/gdshop/ssl/ssl.asp

or such. I support you could get the enhanced stuff too if you've got some extra cash.

 

Dedi \ static IP are free, with RIPE justification. Generally can be done within 1 day, issues occur when you haven't planned it fully. Generally having to get your LA to setup the reverse proxy for HTTPS.

[Hightower]

I just want to bring this thread back up. I'm still having the problems that I stated in my original post (and the same as Marc was having).

 

All users who log on can successfully get the shared drive I set up (shown in image).

 

Teaching staff can get their home drives (shown in image), but kids get the error (shown in image). The kids are even on the same server as the teaching staff so I really don't know whats going on.

 

Any help guys? We're CC3 network.

[Hightower]

[Marc]

I eventually figured out the problem for our installation - the problem had absolutely nothing to do with the SMB web block and absolutely everything to do with the way the moodle ldap capture plugin was authenticating with AD. Specifically I had been using a server URL that included a port. Just specifying the ip without a port allowed the SMB block to retrieve the users home Diriectory. M$ have made AD so that on the port I was using AD will not return the home directory attribute.

 

I used adldap/ to help determine what was being returned by AD.

 

When you finally get it working, the SMB block is well worth it!

[Hightower]

I eventually figured out the problem for our installation - the problem had absolutely nothing to do with the SMB web block and absolutely everything to do with the way the moodle ldap capture plugin was authenticating with AD. Specifically I had been using a server URL that included a port. Just specifying the ip without a port allowed the SMB block to retrieve the users home Diriectory. M$ have made AD so that on the port I was using AD will not return the home directory attribute.

 

Hi Marc, I've just gone into Moodle as an admin and changed the LDAP server from ldap://SERVERNAME to ldap://SERVERIP.

 

LDAP authentication is still working but it hasn't changed the errors I get with the block. Is this the thing you were meaning or am I trying the wrong thing?

[Marc]

using the adldap php class I linked in my previous post, I used the following php file to test that AD was returning the homeDirectory attribute correctly:

 

   $dn = "CN=user,OU=x,OU=Users,OU=yourdomain,DC=yourdomain,DC=yourdomain,DC=yourdomain,DC=yourdomain"; //user to search for

   $attributes = array();

   $filter = "(objectClass=*)";

   $ad = ldap_connect("ldap://SERVERIP") //port 3268 was the one I had trouble with!
         or die("Couldn't connect to AD!");
 
   ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 2); //use the same settings as moodle connects with

   $bd = ldap_bind($ad,"CN=binduser,CN=OU,DC=YOURDOMAIN,DC=YOURDOMAIN,dc=SCH,DC=UK","password")
         or die("Couldn't bind to AD!");

   $result = ldap_search($ad, $dn, $filter, $attributes);

   $entries = ldap_get_entries($ad, $result);

    /*for ($i=0; $i<$entries["count"]; $i++)
  {
       echo $entries[$i]["displayname"]
            [0]."(".$entries[$i]["l"][0].")
";
   }*/
//var_dump($entries);


// $ds is the link identifier for the directory
// $sr is a valid search result from a prior call to
// one of the ldap directory search calls

$ds=$ad;
$sr=$result;
$entry = ldap_first_entry($ds, $sr);

$attrs = array();
$attribute = ldap_first_attribute($ds,$entry,$identifier);
while ($attribute) {
  $attrs[] = $attribute;
  $attribute=ldap_next_attribute($ds,$entry,$identifier);
}

echo count($attrs) . " attributes held for this entry:
";

for ($i=0; $i   echo $attrs[$i] . "
";
}

echo "
";


// $ds is a valid link identifier for a directory server

// $sr is a valid search result from a prior call to
//     one of the ldap directory search calls

// $entry is a valid entry identifier from a prior call to
//        one of the calls that returns a directory entry

$values = ldap_get_values($ds, $entry, "memberOf");

echo $values["count"] . " values for this entry.
";

for ($i=0; $i < $values["count"]; $i++) {
   echo $values[$i] . "
";
}



   ldap_unbind($ad);

?>

Edited November 20, 2009 by Marc

[Marc]

Note you may not need that adldap class - my memory is a bit hazy on whether i installed it or not. Try the php with out it.

 

Also are you using the ldap capture moodle plugin? I'm using that and the web share zip linked to on the first page of this thread.

Edited November 20, 2009 by Marc

[Hightower]

Ok. The first one is the script you gave me set to return a student user. As you can see the 'homeDirectory' field is missing. The second is a one that returns a teaching user. As you can see the 'homeDirectory' is available for the teaching user.

 

See we can see that LDAP isn't returning the homeDirectory, but I don't know how to fix it so it does return it.

 

Any help guys?

 

cn
sn
description
givenName
distinguishedName
displayName
name
objectGUID
codePage
countryCode
primaryGroupID
objectSid
sAMAccountName
sAMAccountType
userPrincipalName
objectCategory

objectClass
cn
sn
description
givenName
distinguishedName
instanceType
whenCreated
whenChanged
displayName
uSNCreated
memberOf
uSNChanged
name
objectGUID
userAccountControl
badPwdCount
codePage
countryCode
employeeID
homeDirectory
homeDrive
badPasswordTime
lastLogoff
lastLogon
pwdLastSet
primaryGroupID
profilePath
objectSid
adminCount
accountExpires
logonCount
sAMAccountName
sAMAccountType
userPrincipalName
lockoutTime
objectCategory