samba3 ldapsam winxp

Thomas Nintemann t.nintemann at t-online.de
Thu Dec 4 22:57:39 GMT 2003


Hi, all

 Thanks for this very great tool.....

 I have setup samba-3.0.1-pre3 on SuSE 9.0.
 As backend I use ldapsam with openldap2.1.

 I use the smbldap-tools for useradd, userdel ....

 Ad users works great,
 Get my WinXP-SP1 in Domain, was no problem, but when i try to logon
 as Admin or User in the Domain, i get an error in syslog that looks like this:

 [2003/12/04 21:48:42, 0] lib/smbldap.c:smbldap_open(806)
 Dec  4 21:48:42 medialist smbd[5923]:   smbldap_open: cannot access LDAP when
 not root..
 Dec  4 21:48:42 medialist smbd[5923]: [2003/12/04 21:48:42, 0]
 passdb/pdb_ldap.c:ldapsam_search_one_group(1651)
 Dec  4 21:48:42 medialist smbd[5923]:   ldapsam_search_one_group: Problem
during
 the LDAP search: LDAP error:  (Insufficient access)
 Dec  4 21:48:42 medialist smbd[5923]:   ldapsam_search_one_group: Query was:
 ou=Groups,dc=developer,dc=net,
 (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3954200623-2813036340-854579417-512))

 I can logon my XP Workstation, but the logon process is very slow.
 When logon is ready, i can't browse my domain or get any shares from the
server.

 The logon service in WinXP has stopped!
 When i restart the windows logon service, it works good.
 I can browse and get shares.
 Next time i reboot the XP Machine, i'll get the same problem.

 Is this a missconfiguration of my samba, or is this a bug?
 Search in the samba mailinglists gives no answers to me.

 Thanks for your answers....

 Thomas Nintemann


 Here are my config files:
 ---------------------------------------------------------------------------------
 /etc/samba/smb.conf:

 [global]
         unix charset = ISO-8859-15
         workgroup = DEVELOPER
         interfaces = 192.168.120.254, 127.0.0.1
         bind interfaces only = Yes
         passdb backend = ldapsam:ldap://localhost:389
         algorithmic rid base = 100000
         username map = /etc/samba/smbusers
         time server = Yes
         addprinter command = /etc/samba/bin/addprinter
         deleteprinter command = /etc/samba/bin/delprinter
         add user script = /usr/local/sbin/smbldap-useradd.pl -m "%u"
         delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
         add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
         delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
         add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m
"%u" "%g"
         delete user from group script =
/usr/local/sbin/smbldap-groupmod.pl -x "%u"
 "%g"
         add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u"
         logon path =
         logon script = %U.bat
         logon drive = H:
         logon home = \\%L\%U
         preferred master = yes
         domain master = yes
         domain logons = Yes
         os level = 100
         wins support = Yes
         ldap suffix = dc=developer,dc=net
         ldap machine suffix = ou=Computers
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap admin dn = cn=ldapadmin,dc=developer,dc=net
         ldap ssl = no
         ldap passwd sync = Yes
         add share command = /etc/samba/bin/modify_samba_config.pl
         change share command = /etc/samba/bin/modify_samba_config.pl
         delete share command = /etc/samba/bin/modify_samba_config.pl
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         template homedir = /home/%U
         template shell = /bin/bash
         comment = Samba 3.0 (%v+heimdal-krb5)
         admin users = administrator, @ntadmin
         printcap name = cups
         printing = cups
         load printers = Yes
         printer admin = @ntadmin, @lp, administrator
         use sendfile = Yes
         oplocks = No
         level2 oplocks = No
         include = /etc/samba/smb_shares.conf
         include = /etc/samba/smb_systems.conf

 --------------------------------------------------------------------------------
 /etc/openldap/slapd.conf:

 include         /etc/openldap/schema/core.schema
 include         /etc/openldap/schema/cosine.schema
 include         /etc/openldap/schema/inetorgperson.schema
 include         /etc/openldap/schema/corba.schema
 include         /etc/openldap/schema/openldap.schema
 include         /etc/openldap/schema/nis.schema
 include         /etc/openldap/schema/samba.schema
 access to * by * read
 pidfile         /var/run/slapd.pid
 argsfile        /var/run/slapd.args
 lastmod         on
 password-hash   {crypt}
 allow bind_v2
 schemacheck     on
 loglevel        0
 sizelimit       1000
 database        ldbm
 suffix          "dc=developer,dc=net"
 rootdn          "cn=ldapadmin,dc=developer,dc=net"
 cachesize       50000
 dbcachesize     100000
 mode            0600
 rootpw          {crypt}7oPVQ8ZCPwIqM
 directory       /var/lib/ldap
 index           cn,sn,uid,displayName           pres,sub,eq
 index           uidNumber,gidNumber             eq
 index           sambaSID                        eq
 index           sambaPrimaryGroupSID            eq
 index           sambaDomainName                 eq
 index           objectClass                     pres,eq
 index           default                         sub


 access to
 attr=uid,sambaSID,cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName
         by dn="cn=ldapadmin,dc=developer,dc=net" write
         by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
         by * read

 access to attr=userPassword
         by self read
         by anonymous auth
         by dn="cn=ldapadmin,dc=developer,dc=net" write
         by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
         by * none
 access to *
         by dn="cn=ldapadmin,dc=developer,dc=net" write
         by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
         by * read

 access to attrs=sambaLMPassword,sambaNTPassword
         by dn="cn=ldapadmin,dc=developer,dc=net" write
         by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
         by * none

 access to attr=userpassword
  by self write
  by anonymous auth
  by * none
 ---------------------------------------------------------------------------
 /etc/openldap/ldap.conf:

 host    localhost
 base    dc=developer,dc=net
 uri     ldap://localhost/

 nss_base_passwd         dc=developer,dc=net?sub
 nss_base_shadow         dc=developer,dc=net?sub
 nss_base_group          ou=Groups,dc=developer,dc=net?one

 ssl no
 pam_password md5
 pam_login_attribute     uid
 pam_crypt       local
 scope   one
 ldap_version    3








----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



More information about the samba-technical mailing list