[Samba] Account Unknown for users with Samba 3.0.11/14
James.Cort at u4eatech.com
James.Cort at u4eatech.com
Mon Jan 9 13:17:53 GMT 2006
Quoting William Jojo <jojowil at hvcc.edu>
> And the obvious...do you have config and system information? How are uid
> values gathered by the system? Same LDAP database? That's important to find
> out...
And, indeed, the cause of much grief.
Since writing previous emails I have discovered:
* The issue doesn't exist on another server.
* Though the other server has identical Samba configuration, much
else is very different. Most importantly, users exist locally on the
other server.
To cut a long story short, it seems unlikely that in its current
configuration, this has ever worked properly.
The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP.
I've added objectClass sambaIdmapEntry to myself in the LDAP database,
so my LDAP entry now reads:
# jamesc, People, u4eatech.com
dn: uid=jamesc,ou=People,dc=u4eatech,dc=com
uid: jamesc
sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038
sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001
displayName: James Cort,,,
sambaPwdMustChange: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
uidNumber: 1019
loginShell: /bin/bash
gidNumber: 1000
homeDirectory: /home/jamesc
gecos: James Cort
cn: James Cort
mail: james.cort at u4eatech.com
sambaPwdCanChange: 1136795375
sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E
sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650
sambaPwdLastSet: 1136795375
userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0=
objectClass: account
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
objectClass: u4eaPerson
objectClass: sambaIdmapEntry
While this knocks one error on the head, I still have a number of
issues as none of the gidNumber-based entries exist. However, I would
expect that users in the "Security" tab would now resolve - this is not
the case.
I'm at a loss how to continue. Presumably I need to populate the
various bits necessary for id mapping in LDAP, though I don't know the
various options or their pros and cons.
All the documentation I can find online seems to be geared towards
getting the system up and running properly in the first place with
minimal requirement of understanding of how it all hangs together - if
someone did that in the past and made a mistake, it seems particularly
tough to figure out what they did wrong and, more importantly, how to
fix it without causing downtime.
Can anyone point me in the right direction?
More information about the samba
mailing list