[Samba] ldapsam_compat & net rpc user issue (maybe BUG?)
Fabien Chevalier
fabien.chevalier at supelec.fr
Thu Oct 9 18:46:50 GMT 2003
Hi all,
I'm sorry i have to complain about something that seems to go wrong with samba.
I'm a long time satisfacted Samba 2 user and i have to switch to 3.0.
I'm using samba 3.0.0 on a test Debian machine with pre-built packages from Debian.
It comes with openldap 2.1.22
I've tested Samba 3.0 as a PDC for WinXP machines...
and it works great! :-)
But i am facing an issue i can't solve alone, despite hours of readings :-(.
I have to use ldapsam_compat on my system to be able to use Directory Administrator.
The following users are created on ldap: toto, zzAdmin, fchevalier
I also use tdbsam with the following users : toto3, toto4, toto5; root.
My setup seems to work:
-I can connect to home shares of my ldap & tdb users. The authentification goes right.
-But when i run net rpc user, i get the following:
dc-sorral-05:~# net rpc user -Utoto
Password:
toto3
toto4
root
toto5
I got authenticated trough my ldap 'toto' user but it is not in the list !!!.
My ldap users are not listed!
With debug level 2 I got in my logs:
2003/10/09 18:00:52, 2] lib/smbldap.c:smbldap_search_suffix(1066)
smbldap_search_suffix: searching for:[(&(uid=*)(objectclass=sambaAccount))]
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948)
ldapsam_setsampwent: 3 entries in the base!
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
init_sam_from_ldap: Entry found for user: toto
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
init_sam_from_ldap: Entry found for user: zzAdmin
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
init_sam_from_ldap: Entry found for user: fchevalier
So it seems samba is able to retrieve them from LDAP.
Has anybody got this same trouble?
Have i missed something in the doc (RTFM, RTFM...)?
Cheers,
Fabien Chevalier
PS - Here is my smb.conf
======================= Global Settings =======================
[global]
unix charset = ISO8859-1
nt acl support = yes
## Browsing/Identification ###
workgroup = DC-SORRAL
netbios name = STR-DON-01
domain master = yes
domain logons = yes
# server string is the equivalent of the NT Description field
server string = Serveur de Fichiers micro-informatique Sorral
# LDAP support
ldap admin dn = cn=admin,dc=sorral,dc=duferco-coating,dc=com
ldap ssl = off
ldap suffix = dc=sorral,dc=duferco-coating,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap passwd sync = true
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
# Needed by NT PDC support
add machine script = /usr/sbin/useradd -d /dev/null -g nogroup -c 'Machine account' -s /bin/false %u
#Logon settings
logon home = \\%L\%U
logon drive = P:
logon path = \\%L\Profiles\%U
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
log level = 3
# Put a capping on the size of the log files (in Kb).
max log size = 5000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam ldapsam_compat:ldap://localhost
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = auto
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0700
directory mask = 0700
root preexec = mkdir /home/%u; chown %u /home/%u; chmod 700 /home/%u;
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[Profiles]
path = /users/profiles
nt acl support = yes
# profile acls = Yes
browsable = no
writable = yes
directory mask = 700
create mask = 700
More information about the samba
mailing list