[Samba] using ldap only idmap
Bruno MACADRE
bruno.macadre at univ-rouen.fr
Sun Oct 18 04:52:12 MDT 2009
I don't see any of the add ... script in your smb.conf (especially the
add machine script in your case). I don't know if it's the problem but i
think it would be usefull to tell smbd how to add machine if its name
don't exist in the LDAP...
Mariano Absatz a écrit :
> Can anyone help me on this? I'm really stuck...
>
> On Thu, Oct 15, 2009 at 16:58, Mariano Absatz <el.baby at gmail.com> wrote:
>
>> Hi,
>>
>> I'm trying to make a "pure ldap" setup, whereas users, groups, id mappings
>> and everything that is supported with LDAP be in the LDAP tree and managed
>> directly by samba.
>>
>> That is, I'm using:
>>
>> ldapsam:trusted = yes
>> ldapsam:editposix = yes
>>
>> And NOT using smbldap-*.
>>
>> My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC
>>
>> I created the LDAP tree root (o=midominio) and all its branches (ou=people;
>> ou=groups; ou= hosts and ou=idmap).
>>
>> I ran "net sam provision" to fill in the basic values.
>>
>> I stored the secrets in secrets.tdb:
>> # smbpasswd -w ldap_admin_password
>> # net idmap secret midominio ldap_admin_password
>> # net idmap secret alloc ldap_admin_password
>>
>> I was able to join a samba server to the domain (net rpc join -S miserver
>> -UAdministrator).
>>
>> However, when I try to join an XP host to the domain, I get an error (IIRC
>> it's "An attached device is not functionning") in the workstation and the
>> samba logs show the following:
>>
>> [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
>> ldapsam_create_user: Unable to allocate a new user id: bailing out!
>>
>> The user I'm using to bind to the LDAP server is the LDAP administrator and
>> it does have permissions on all the tree (in particular, within
>> "ou=idmap,o=midominio")...
>>
>> I manually added an entry for the workstation's account posix data, then
>> issued "smbpasswd -a workstation$"
>>
>> THEN I could join the domain...
>>
>> Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I
>> can't find enough information to do it right.
>>
>> Any help REALLY appreciated...
>>
>
>
>
>
More information about the samba
mailing list