[Samba] samba 3.0.1 and ldap backend problem

FAQ

Profile

[Samba] samba 3.0.1 and ldap backend problem - I can not a..

Soft32 Home -> Linux -> Samba

Next: [Samba] win2000 authenticate

Author

Message

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 1) Posted: Tue Feb 03, 2004 5:00 pm Post subject: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain. Archived from groups: linux>samba (more info?)

Hi ! I cant add any user (person, and machine) to my domain made with samba-3.0.1, openldap-2.0.27, new samba.schema, smbldap-tools-0.8.3. I have to migrate from ldap_compact to ldap backend. Rhea is a ldap server, codo is a PDC from DOMAIN. To show, what the problem is, look at the following instructions: root@rhea:~# smbldap-useradd -w loko20 root@rhea:~# getent passwd\|grep loko loko$:1459:553:loko$:/dev/null:/bin/false loko20$:1088:553:loko20$:/dev/null:/bin/false [root@codo cyrus-sasl]# getent passwd\|grep loko loko$:1459:553:loko$:/dev/null:/bin/false loko20$:1088:553:loko20$:/dev/null:/bin/false [root@codo cyrus-sasl]# pdbedit -L -v loko20$ Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] Username not found! [root@codo cyrus-sasl]# smbldap-userdel loko20$ [root@codo cyrus-sasl]# getent passwd\|grep loko loko$:1459:553:loko$:/dev/null:/bin/false [root@codo root]# pdbedit -L -v loko$ Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] init_sam_from_ldap: Entry found for user: loko$ Unix username: loko$ NT username: loko$ Account Flags: [W ] User SID: S-1-5-21-133419789-486977345-1400590255-3918 Primary Group SID: S-1-5-21-133419789-486977345-1400590255-0 Full Name: loko$ Home Directory: \\io\profiles\loko_ HomeDir Drive: H: Logon Script: LOGON.BAT Profile Path: \\io\profiles\loko_ Domain: DOMAIN Account desc: Computer Workstations: Munged dial: Logon time: 0 Logoff time: pi±, 13 gru 1901 21:45:51 GMT Kickoff time: pi±, 13 gru 1901 21:45:51 GMT Password last set: wto, 03 lut 2004 16:27:18 GMT Password can change: wto, 03 lut 2004 16:27:18 GMT Password must change: pi±, 13 gru 1901 21:45:51 GMT [root@codo root]# smbldap-usershow loko$ dn: uid=loko$,ou=Computers,dc=ITSTUFF,dc=PL cn: loko$ uid: loko$ uidNumber: 1459 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer objectClass: top,posixAccount,sambaSamAccount sambaSID: S-1-5-21-133419789-486977345-1400590255-3918 sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-0 sambaPwdMustChange: 2147483647 sambaLMPassword: 3DBA2EE9307B1C33CDE04089789D1F72 sambaNTPassword: 3DBA2EE9307B1C33CDE04089789D1F72 sambaPwdCanChange: 1075822038 sambaAcctFlags: [W ] sambaLogoffTime: 2147483647 sambaLogonTime: 0 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1075822038 [root@codo cyrus-sasl]# pdbedit -a -m loko20 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(uid=loko20$)(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(sambaSID=S-0-0)(\|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))] init_ldap_from_sam: Setting entry for user: loko20$ ldapsam_modify_entry: Failed to add user dn= uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ldapsam_add_sam_account: failed to modify/add user with uid = loko20$ (dn = uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL) Unable to add machine! (does it already exist?) samba ldap conf looks like: passdb backend = ldapsam:ldap://localhost ldap delete dn = no ldap suffix = dc=ITSTUFF,dc=PL ldap admin dn = "cn=Manager,dc=ITSTUFF,dc=PL" ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap port = 389 ldap server = 127.0.0.1 ldap ssl = No ldap passwd sync = Yes ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) idmap backend = ldap:ldap://localhost:389 samba was compiled with the following options to configure script: --localstatedir=/var \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-fhs \ --with-quotas \ --with-smbmount \ --with-pam \ --with-pam_smbpass \ --with-syslog \ --with-utmp \ --with-sambabook=%{prefix}/share/swat/using_samba \ --with-swatdir=%{prefix}/share/swat \ --with-libsmbclient \ --with-expsam=mysql \ --with-ldap \ --with-ldapsam ps. sorry for crossposting ... but i can not find any solution to my problem greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 2) Posted: Wed Feb 04, 2004 4:10 am Post subject: Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain. [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi ! More details about my problem. As i said before, i'm using smbldap-tools-0.8.3, and: [root@codo smbldap-tools]# smbldap-useradd -a boka2 Can't call method "get_value" on an undefined value at /usr/local/sbin/smbldap-useradd line 154, <DATA> line 283. From smbldap-useradd: $userGroupSID = $group_entry->get_value('sambaSID'); I'm using correct version of samba.schema in my ldap server: .... attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) .... root@rhea:~# smbldap-useradd -w loko23 OK, quick view of ldiff: dn: uid=loko23$,ou=Computers,dc=ITSTUFF,dc=PL objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: loko23$ sn: loko23$ uid: loko23$ uidNumber: 1088 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer It looks like scripts, or ldap server do not use new samba.schema. ps. sorry for cross posting again :-/ ps. II for samba-idealx team: http://marc.theaimsgroup.com/?l=samba&m=107584508526994&w=2 greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 3) Posted: Wed Feb 04, 2004 5:30 am Post subject: Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain. [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi ! More details: [root@codo smbldap-tools]# pdbedit -v Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs .... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Jeff Davis

External

Since: Feb 04, 2004
Posts: 8

(Msg. 4) Posted: Wed Feb 04, 2004 4:30 pm Post subject: Re: [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain. [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi, I'm experiencing the same problems. I had 2.2.8 working just fine, when I updated to 3.0.1 it broke a bunch of stuff. LDAP authentication works fine under shell, ssh, and all the native linux stuff, but cannot seem to add accounts for some reason. If you arrive at a solution, please let me know... Thanks, -Jeff boka wrote: > Hi ! > > More details: > > [root@codo smbldap-tools]# pdbedit -v > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_search_suffix: searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_open_connection: connection opened > smbldap_search_suffix: searching > for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] > failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: > Already exists > > Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL > pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the > domain > pdb_init_ldapsam: Continuing on regardless, will be unable to allocate > new users/groups, and will risk BDCs having inconsistant SIDs > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_search_suffix: searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] > smbldap_open_connection: connection opened > smbldap_search_suffix: searching > for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] > failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: > Already exists > > Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL > pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the > domain > pdb_init_ldapsam: Continuing on regardless, will be unable to allocate > new users/groups, and will risk BDCs having inconsistant SIDs > ... > > greetz > boka -- Jefferson K. Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661-392-2110 ext 120 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 5) Posted: Wed Feb 04, 2004 5:00 pm Post subject: Re: [Samba] samba 3.0.1 and ldap backend problem - solved ! [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Jeff Davis wrote: > If you arrive at a solution, please let me know... i did not have free time to analyze why it start working, but i made it First of all, i have converted (again) old ldap db: ldapsearch -h .... > old.ldiff net getlocalsid DOMAIN convert .... --output new.ldif Then add it to ldap and add new indexes (taken from samba-ldap.howto). ldapadd -h localhost -f new.ldif -D .... add it to slapd.conf to Your DB definition: index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index objectClass pres,eq index default sub index memberUid eq slapdindex -f /etc/openldap/slapd.conf I have compiled samba only with --with-ldap option (without --with-ldapsam). Add proper filters to groups, users, computers in smb.conf: ldap suffix used to search for user and computer accounts. ldap user suffix used to store user accounts. ldap machine suffix used to store Machine Trust Accounts. ldap group suffix location of posixGroup/sambaGroupMapping entries. ldap idmap suffix location of sambaIdmapEntry objects. Right now i cant compare the new ldap db with old (first converted) but i think there was a problem with samaDomain parametr ... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 6) Posted: Thu Feb 05, 2004 8:00 am Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

Hi ! well, i told You that i solved my problem with ldap backend and samba - unfortunately problem still exists Right now I can not add new users and machine accounts (adding and modifing of groups works), fxp: [root@codo i386]# pdbedit -d 10 -a -m boka2 .... set_server_role: role = ROLE_DOMAIN_PDC Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Trying to load: ldapsam:ldap://localhost Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened tdb(unnamed): tdb_brlock failed (fd=3) at offset 4 rw_type=1 lck_type=13: Zasoby chwilowo niedoste;pne ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=EUROZET,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]="CODO" Trying to load: ldapsam:ldap://localhost Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=EUROZET,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init tdb(unnamed): tdb_brlock failed (fd=6) at offset 4 rw_type=1 lck_type=13: Zasoby chwilowo niedoste;pne account_policy_get: maximum password age:-1 account_policy_get: minimum password age:0 pdb_set_username: setting username boka2$, was pdb_set_group_sid: setting group sid S-1-5-21-133419789-486977345-1400590255-515 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-133419789-486977345-1400590255-515 from rid 515 smbldap_search_suffix: searching for:[(&(&(uid=boka2$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(uid=boka2$)(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(sambaSID=S-0-0)(\|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))] ldapsam_add_sam_account: Adding new user init_ldap_from_sam: Setting entry for user: boka2$ ldapsam_modify_entry: Failed to add user dn= uid=boka2$,ou=Computers,dc=EUROZET,dc=PL with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = boka2$ (dn = uid=boka2$,ou=Computers,dc=EUROZET,dc=PL) Unable to add machine! (does it already exist?) [root@codo i386]# pdbedit -d 10 -a -u boka lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Substituting charset 'ISO-8859-2' for LOCALE Trying to load: ldapsam:ldap://localhost Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened tdb(unnamed): tdb_brlock failed (fd=3) at offset 4 rw_type=1 lck_type=13: Zasoby chwilowo niedoste;pne ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=ITSTUFF,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]="CODO" Trying to load: ldapsam:ldap://localhost Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=ITSTUFF,dc=PL" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesful connected pdb backend ldapsam:ldap://localhost has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Finding user boka2 Trying _Get_Pwnam(), username as lowercase is boka2 Trying _Get_Pwnam(), username as uppercase is BOKA2 Checking combinations of 0 uppercase letters in boka2 Get_Pwnam_internals didn't find user [boka2]! could not create account to add new user boka2 i'm broke ... i dont want to store machine accounts in people container ... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Beast

External

Since: Nov 21, 2003
Posts: 118

(Msg. 7) Posted: Thu Feb 05, 2004 9:50 am Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

* boka <boka.TakeThisOut@sto-procent.art.pl> nulis: > > i'm broke ... i dont want to store machine accounts in people container ... You must tell nss_ldap where to find this account. see /etc/ldap.conf --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

paul k

External

Since: Feb 10, 2004
Posts: 11

(Msg. 8) Posted: Thu Feb 05, 2004 11:50 am Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

boka wrote: > Trying _Get_Pwnam(), username as lowercase is boka2 > Trying _Get_Pwnam(), username as uppercase is BOKA2 > Checking combinations of 0 uppercase letters in boka2 > Get_Pwnam_internals didn't find user [boka2]! > could not create account to add new user boka2 > > i'm broke ... i dont want to store machine accounts in people container ... Not sure about the sambaSID problem, but for the user not found...: Did you changed the scope in /etc/ldap.conf (for the nss_ldap stuff)? If you have computers and users under different OU's, your 'base' should be one level higher and the scope 'sub', not 'one'. Testing with getent() is easy. hth Paul > > greetz > boka > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 9) Posted: Thu Feb 05, 2004 12:30 pm Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

paul k wrote: > Not sure about the sambaSID problem, but for the user not found...: Did > you changed the scope in /etc/ldap.conf (for the nss_ldap stuff)? If you > have computers and users under different OU's, your 'base' should be one > level higher and the scope 'sub', not 'one'. Testing with getent() is easy. from /etc/ldap.conf: nss_base_passwd dc=ITSTUFF,dc=PL?sub nss_base_shadow dc=ITSTUFF,dc=PL?sub nss_base_group ou=Groups,dc=ITSTUFF,dc=PL?one am i right ? greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Jeff Davis

External

Since: Feb 04, 2004
Posts: 8

(Msg. 10) Posted: Thu Feb 05, 2004 3:50 pm Post subject: Re: [Samba] samba 3.0.1 and ldap backend problem - solved ! [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

question: where is the "convert" script/program you mention? can't seem to find it anywhere... Thanks. -Jeff boka wrote: > Jeff Davis wrote: > >> If you arrive at a solution, please let me know... > > > i did not have free time to analyze why it start working, but i made it > > First of all, i have converted (again) old ldap db: > > ldapsearch -h .... > old.ldiff > > net getlocalsid DOMAIN > > convert .... --output new.ldif > > Then add it to ldap and add new indexes (taken from samba-ldap.howto). > > ldapadd -h localhost -f new.ldif -D .... > > add it to slapd.conf to Your DB definition: > > index cn,sn,uid,displayName pres,sub,eq > index uidNumber,gidNumber eq > index sambaSID eq > index sambaPrimaryGroupSID eq > index sambaDomainName eq > index objectClass pres,eq > index default sub > index memberUid eq > > slapdindex -f /etc/openldap/slapd.conf > > I have compiled samba only with --with-ldap option (without > --with-ldapsam). Add proper filters to groups, users, computers in > smb.conf: > > ldap suffix used to search for user and computer accounts. > ldap user suffix used to store user accounts. > ldap machine suffix used to store Machine Trust Accounts. > ldap group suffix location of posixGroup/sambaGroupMapping entries. > ldap idmap suffix location of sambaIdmapEntry objects. > > Right now i cant compare the new ldap db with old (first converted) but > i think there was a problem with samaDomain parametr ... > > greetz > boka > -- Jefferson K. Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661-392-2110 ext 120 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 11) Posted: Fri Feb 06, 2004 5:00 am Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

paul k wrote: > looks good, does "getent passwd" show up your ldap users? yes, fxp.: [root@codo root]# getent passwd\|grep boka .... boka:x:1257:1001:Daniel Chojecki:/home/users/boka:/bin/bash .... [root@codo root]# getent group\|grep boka .... mirror_grp:x:1023:boka .... greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

boka

External

Since: Oct 06, 2003
Posts: 15

(Msg. 12) Posted: Fri Feb 06, 2004 6:40 am Post subject: Re: [Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :( [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)

paul k wrote: > you need to create a posixAccount user/machine entry in ldap before > adding samba user/machine with smbpasswd. You are right: smbldap-useradd -w test00002 pdbedit -a -m test00002 right now i am able to add machines to the domain thx ! greetz boka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Display posts from previous:

Related Topics:

[Samba] Hot-failover between a Samba 3.x.x PDC and BDC wit.. - I would like to know how to achieve a "hot-failover" setup between a Samba 3.x.x primary domain controller an...

[Samba] samba PDC and BDC with ldap master and slave backend - Hi all ! In the samba-Howto, i was looking on informations on how to set up both a samba PDC and a samba BDC controller...

[Samba] Multiple ldap backend on the same PDC - samba 3 rc.. - How can I have multiple backend on one samba pdc. Samba seems to accept this two lines in the smb.conf. passdb backend...

[Samba] can't add a user to Samba with Ldap passwd backend - Whem i want to add a user to samba, witch act as a PDC, with LDAP passwd backend i get the following error: Problem..

[Samba] Samba 3 as PDC with LDAP as passwd backend - Hi, I am trying to setup a Samba3 server as PDC with OpenLDAP as the backend. To enable a smaba based SSO, I also..

[Samba] 4 samba domains/one ldap backend/2 methods/which t.. - in both methods tried, we can't successfully add xp machines to the domain at the remote locations main samba is on ou...

	Soft32 Home -> Linux -> Samba	All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

[Samba] samba 3.0.1 and ldap backend problem - I can not a..