[Samba] Openldap samba 3.0.5 net group add does not work
Paul Gienger
pgienger at ae-solutions.com
Sat Jul 31 06:23:56 GMT 2004
I'm going to make an assumption here that you aren't using any Active
Directory...
Changes below (after correspoding lines):
> [global]
> workgroup = WORKGROUP
> netbios name = backup
> #username map = /etc/samba/smbusers
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/useradd -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupadd %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g
> machines %u
Add quotes around your % arguments here. Even though you quote them on
the command line that doesn't mean they get to the scripts that way
> preferred master = yes
> domain master = yes
> local master = yes
> security = users
> domain logons = yes
> os level = 35
> logon path = \\%L\profiles\%u
> logon drive = H:
> logon home = \\%L\%u\winprofile
> logon script = /etc/samba/logon/scripts
Unrelated to your issue, but you need to specify an absolute script
here, it appears you're just pointing to a directory. Either point to a
global script (logon.bat) or maybe a user/group script (%u.bat). This
path will also be relative to your netlogon share.
> #idmap backend = ldapsam:ldap://localhost
Good to comment this out, but remove it and any idmap related entries.
> ldap suffix = dc=sovereign
> ldap admin dn = "cn=Manager,ou=People,dc=sovereign"
> ldap ssl = no
> passdb backend = ldapsam:ldap://localhost
> ldap delete dn = no
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
Depending on your nss configuration, change this to ou=People. Search
the archives for an explanation, you can search for me if you wish, I've
responded more times than I wish to remember.
> ldap idmap suffix = ou=Idmap
> winbind separator = +
> winbind enum users = yes
These 3 should go bye bye, as well as any other winbind related entries,
at least for your PDC.
> template homedir = /home/winnt/%D/%U
> template shell = /bin/bash
> idmap uid = 10000-20000
> idmap gid = 10000-20000
delete 2x.
>
> Here is the ldap-init.ldif
> # Samba openldap configuration file
> # -------------------------------------------
> # Organization for Samba Base
> dn: dc=sovereign
> objectclass: dcObject
> objectclass: organization
> dc: sovereign
> o: sovereign network test
> description: ldap configuration
>
> # Organizational Role for Directory Management
> dn: cn=Manager,dc=sovereign
> objectclass: organizationalRole
> cn: Manager
> description: Manager
>
> # Setting up container for users
> dn: ou=People,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: People
>
> # Setting up admin handle for people
> dn: cn=admin,ou=People,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: *********************************
>
> # Setting up container for groups
> dn: ou=Groups,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Groups
>
> # Setting up admin for Groups ou
> dn: cn=admin,ou=Groups,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: *********************************
>
> # Setting up container for computers
> dn: ou=Computers,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Computers
>
> # Setting up admin handle for Computers OU
> dn: cn=admin,ou=Computers,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: ***********************************
>
> # Setting up container for idmap
> dn: ou=Idmap,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Idmap
>
> # Setting up admin for Groups ou
> dn: cn=admin,ou=Idmap,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: **********************************
>
> Gentoo box running kernel 2.6.7
>
> I am able to add users and machine accounts. If I use tdbsam net
> groupmap works.
Curious how you have your nss configured, or if logging on actually
works if you haven't toyed with it. Although chances are that if you are
running gentoo you toyed with EVERYTHING.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list