samba3 ldapsam winxp
Thomas Nintemann
t.nintemann at t-online.de
Thu Dec 4 21:19:14 GMT 2003
Hi, all
Thanks for this very great tool.....
I have setup samba-3.0.1-pre3 on SuSE 9.0.
As backend I use ldapsam with openldap2.1.
I use the smbldap-tools for useradd, userdel ....
Ad users works great,
Get my WinXP-SP1 in Domain, was no problem, but when i try to logon
as Admin or User in the Domain, i get an error in syslog that looks like this:
[2003/12/04 21:48:42, 0] lib/smbldap.c:smbldap_open(806)
Dec 4 21:48:42 medialist smbd[5923]: smbldap_open: cannot access LDAP when
not root..
Dec 4 21:48:42 medialist smbd[5923]: [2003/12/04 21:48:42, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1651)
Dec 4 21:48:42 medialist smbd[5923]: ldapsam_search_one_group: Problem during
the LDAP search: LDAP error: (Insufficient access)
Dec 4 21:48:42 medialist smbd[5923]: ldapsam_search_one_group: Query was:
ou=Groups,dc=developer,dc=net,
(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3954200623-2813036340-854579417-512))
I can logon my XP Workstation, but the logon process is very slow.
When logon is ready, i can't browse my domain or get any shares from the server.
The logon service in WinXP has stopped!
When i restart the windows logon service, it works good.
I can browse and get shares.
Next time i reboot the XP Machine, i'll get the same problem.
Is this a missconfiguration of my samba, or is this a bug?
Search in the samba mailinglists gives no answers to me.
Thanks for your answers....
Thomas Nintemann
Here are my config files:
---------------------------------------------------------------------------------
/etc/samba/smb.conf:
[global]
unix charset = ISO-8859-15
workgroup = DEVELOPER
interfaces = 192.168.120.254, 127.0.0.1
bind interfaces only = Yes
passdb backend = ldapsam:ldap://localhost:389
algorithmic rid base = 100000
username map = /etc/samba/smbusers
time server = Yes
addprinter command = /etc/samba/bin/addprinter
deleteprinter command = /etc/samba/bin/delprinter
add user script = /usr/local/sbin/smbldap-useradd.pl -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel.pl "%u"
add group script = /usr/local/sbin/smbldap-groupadd.pl -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel.pl "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x "%u"
"%g"
add machine script = /usr/local/sbin/smbldap-useradd.pl -w "%u"
logon path =
logon script = %U.bat
logon drive = H:
logon home = \\%L\%U
preferred master = yes
domain master = yes
domain logons = Yes
os level = 100
wins support = Yes
ldap suffix = dc=developer,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=ldapadmin,dc=developer,dc=net
ldap ssl = no
ldap passwd sync = Yes
add share command = /etc/samba/bin/modify_samba_config.pl
change share command = /etc/samba/bin/modify_samba_config.pl
delete share command = /etc/samba/bin/modify_samba_config.pl
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /bin/bash
comment = Samba 3.0 (%v+heimdal-krb5)
admin users = administrator, @ntadmin
printcap name = cups
printing = cups
load printers = Yes
printer admin = @ntadmin, @lp, administrator
use sendfile = Yes
oplocks = No
level2 oplocks = No
include = /etc/samba/smb_shares.conf
include = /etc/samba/smb_systems.conf
--------------------------------------------------------------------------------
/etc/openldap/slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
access to * by * read
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
lastmod on
password-hash {crypt}
allow bind_v2
schemacheck on
loglevel 0
sizelimit 1000
database ldbm
suffix "dc=developer,dc=net"
rootdn "cn=ldapadmin,dc=developer,dc=net"
cachesize 50000
dbcachesize 100000
mode 0600
rootpw {crypt}7oPVQ8ZCPwIqM
directory /var/lib/ldap
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
access to
attr=uid,sambaSID,cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName
by dn="cn=ldapadmin,dc=developer,dc=net" write
by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
by * read
access to attr=userPassword
by self read
by anonymous auth
by dn="cn=ldapadmin,dc=developer,dc=net" write
by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
by * none
access to *
by dn="cn=ldapadmin,dc=developer,dc=net" write
by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
by * read
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=ldapadmin,dc=developer,dc=net" write
by dn="cn=administrator,ou=Users,dc=developer,dc=net" write
by * none
access to attr=userpassword
by self write
by anonymous auth
by * none
---------------------------------------------------------------------------
/etc/openldap/ldap.conf:
host localhost
base dc=developer,dc=net
uri ldap://localhost/
nss_base_passwd dc=developer,dc=net?sub
nss_base_shadow dc=developer,dc=net?sub
nss_base_group ou=Groups,dc=developer,dc=net?one
ssl no
pam_password md5
pam_login_attribute uid
pam_crypt local
scope one
ldap_version 3
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the samba-technical
mailing list