[Samba] Account Unknown for users with Samba 3.0.11/14

Mon Jan 9 13:28:24 GMT 2006

----- Original Message ----- 
From: <James.Cort at u4eatech.com>
To: <samba at lists.samba.org>
Sent: Monday, January 09, 2006 8:17 AM
Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14

> Quoting William Jojo <jojowil at hvcc.edu>
>
> > And the obvious...do you have config and system information? How are uid
> > values gathered by the system? Same LDAP database? That's important to
find
> > out...
>
> And, indeed, the cause of much grief.
>
> Since writing previous emails I have discovered:
>
> * The issue doesn't exist on another server.
>   * Though the other server has identical Samba configuration, much
> else is very different.  Most importantly, users exist locally on the
> other server.
>
> To cut a long story short, it seems unlikely that in its current
> configuration, this has ever worked properly.
>
> The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP.
> I've added objectClass sambaIdmapEntry to myself in the LDAP database,
> so my LDAP entry now reads:
>
> # jamesc, People, u4eatech.com
> dn: uid=jamesc,ou=People,dc=u4eatech,dc=com
> uid: jamesc
> sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038
> sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001
> displayName: James Cort,,,
> sambaPwdMustChange: 2147483647
> sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaAcctFlags: [U          ]
> uidNumber: 1019
> loginShell: /bin/bash
> gidNumber: 1000
> homeDirectory: /home/jamesc
> gecos: James Cort
> cn: James Cort
> mail: james.cort at u4eatech.com
> sambaPwdCanChange: 1136795375
> sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E
> sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650
> sambaPwdLastSet: 1136795375
> userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0=
> objectClass: account
> objectClass: sambaSamAccount
> objectClass: posixAccount
> objectClass: top
> objectClass: u4eaPerson
> objectClass: sambaIdmapEntry
>
>
> While this knocks one error on the head, I still have a number of
> issues as none of the gidNumber-based entries exist.  However, I would
> expect that users in the "Security" tab would now resolve - this is not
> the case.
>
> I'm at a loss how to continue.  Presumably I need to populate the
> various bits necessary for id mapping in LDAP, though I don't know the
> various options or their pros and cons.
>
> All the documentation I can find online seems to be geared towards
> getting the system up and running properly in the first place with
> minimal requirement of understanding of how it all hangs together - if
> someone did that in the past and made a mistake, it seems particularly
> tough to figure out what they did wrong and, more importantly, how to
> fix it without causing downtime.
>
> Can anyone point me in the right direction?
>

Well, since this system doesn't have local files can you use secldapclntd?
This will solve your local user problem (which is what I was driving at
:-) ) by pointing to LDAP and making the users appear local. There's also
the possbility of WINBIND depending on how you want to approach the users.
secldapclntd can be implemented in a few minutes.

As long as your smb.conf points to the same containers, you should see that
you're looking for.

I'm working on a paper for AIX people on how to approach user/group since
there are several options available.

Cheers,

Bill

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>