Samba-LDAP problem

hossein-younesi hosseinyounesi at gmail.com
Tue Jul 13 06:31:35 MDT 2010 

Hi,
this is my condition. I'm already using Fedora Directory Server (FDS) on
fedora and samba on centos and NOW I want to change my samba server to
ubuntu 10.04. these are my config files:

smb.conf
[CODE]
[global]

# hosi_config
	load printers = yes
	printing = cups
	printcap name = cups
	browseable = yes
	security = user
	client lanman auth = yes
	public = yes
	guest ok = yes

#1
	server string = ITCENTER2
	workgroup = ITCENTER2
	netbios name = ITCENTER_NET12

#2
	log level = 1
	syslog = 0
	log file = /var/log/samba/%m
	os level = 69
	max log size = 50
	name resolve order =  lmhosts hosts wins bcast
	time server = Yes
	wins support = Yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=9216 SO_RCVBUF=8192

#3
	logon script = logon.bat
	logon path =""
	logon drive =

#4
	domain logons = Yes
	preferred master = Yes
	domain master = Yes
	username map = /etc/samba/smbusers
	interfaces = 127.0.0.1 eth*
	bind interfaces only = yes
	hosts allow = 172.16. 192.168.

#5
	passdb backend = ldapsam:ldap://ldapserver
#	passdb backend = ldapsam:ldaps://ldapserver:636
	ldap admin dn = cn=Directory Manager
	ldap suffix = dc=me,dc=you,dc=they
	ldap group suffix = ou=Groups
	ldap user suffix = ou=Users
	ldap machine suffix = ou=Computers
	ldap ssl =  no
#	ldap ssl =  start_tls
#	ldpasam:trusted = yes
	add machine script = /usr/sbin/smbldap-useradd -w "%u"
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	ldap delete dn = Yes
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
	ldap passwd sync = Yes

[homes]
	comment = Home Directories
	path = /student/%U
	valid users = %U
	writeable = yes
	root preexec = /etc/samba/mkhomedir.sh %U %G

[netlogon]
	comment = Network Logon Service
	path = /home/netlogon
	guest ok = Yes
	locking = No
	browseable = no

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	public = yes
	guest ok = yes
	writable = yesdrwxr-xr-x
	printable = yes
	printer admin = root

[print$]
	comment = Printer Drivers
	path = /etc/samba/drivers
	browseable = yes
	write list = @domadmins root administrator lpadmin lp linlab

[/CODE]

ldap.conf
[CODE]
base dc=me,dc=you,dc=they
binddn cn=Directory Manager
bindpw 12345678

port 389
timelimit 120

bind_timelimit 120
idle_timelimit 3600

nss_base_passwd		ou=Departments,ou=users,dc=me,dc=you,dc=they?sub

nss_base_hosts		ou=Departments,ou=users,dc=me,dc=you,dc=they?sub

nss_base_shadow		ou=users,dc=me,dc=you,dc=they?one
nss_base_group		ou=Groups,dc=me,dc=you,dc=they?one

nss_initgroups_ignoreusers
root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman

uri ldap://ldapserver/
#ssl start_tls
#tls_cacertdthey /etc/openldap/cacerts
#pam_password md5

ldap_version 3
[/CODE]

I tried to join a windows xp and succeeded, and login with "root" user
succeeded too. But when I restart samba service, this error appears:
[CODE]
[2010/07/12 19:12:59,  0] lib/smbldap.c:1086(smbldap_connect_system)
  failed to bind to server ldap://ldapserver with dn="cn=Directory Manager"
Error: Can't contact LDAP server
  	(unknown)
[2010/07/12 19:12:59,  1] lib/smbldap.c:1265(another_ldap_try)
  Connection to LDAP server failed for the 1 try!
[/CODE]
and LDAP users can't login and this is given in error log (of windows
machine):

[CODE]
[2010/07/12 19:32:05,  1] auth/auth_util.c:577(make_server_info_sam)
  User 8510453 in passdb, but getpwnam() fails!
[2010/07/12 19:32:05,  0] auth/auth_sam.c:355(check_sam_security)
  check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2010/07/12 19:32:07,  0] passdb/pdb_get_set.c:211(pdb_get_group_sid)
  pdb_get_group_sid: Failed to find Unix account for MYUSER
[/CODE]

tho follwing commands work fine(!):
[CODE]
smbldap-useradd MYUSER
smbldap-passwd MYUSER
smbldap-usershow MYUSER
[/CODE]

I'm confused and I can't understand the problem :(
Any miss in config files? any bug?
samba version is 3.4.7
-- 
View this message in context: http://old.nabble.com/Samba-LDAP-problem-tp29149833p29149833.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.

More information about the samba-technical mailing list