Samba-LDAP problem
hossein-younesi
hosseinyounesi at gmail.com
Fri Jul 16 01:11:43 MDT 2010
Hi uf,
the same result with IP address instead of name! I can check my ldap
connection with ldap browsers. How can I check connection between ldap and
samba? Any tools?
Thanks in advance
uf wrote:
>
>
> Hi,
> i think the problem is this
> passdb backend = ldapsam:ldap://ldapserver
> either try a FQDN or an ip-Address for testing
>
>
> Regards
>
>
>>
>> Hi,
>> this is my condition. I'm already using Fedora Directory Server (FDS) on
>> fedora and samba on centos and NOW I want to change my samba server to
>> ubuntu 10.04. these are my config files:
>>
>> smb.conf
>> [CODE]
>> [global]
>>
>> # hosi_config
>> load printers = yes
>> printing = cups
>> printcap name = cups
>> browseable = yes
>> security = user
>> client lanman auth = yes
>> public = yes
>> guest ok = yes
>>
>> #1
>> server string = ITCENTER2
>> workgroup = ITCENTER2
>> netbios name = ITCENTER_NET12
>>
>> #2
>> log level = 1
>> syslog = 0
>> log file = /var/log/samba/%m
>> os level = 69
>> max log size = 50
>> name resolve order = lmhosts hosts wins bcast
>> time server = Yes
>> wins support = Yes
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=9216
>> SO_RCVBUF=8192
>>
>> #3
>> logon script = logon.bat
>> logon path =""
>> logon drive =
>>
>> #4
>> domain logons = Yes
>> preferred master = Yes
>> domain master = Yes
>> username map = /etc/samba/smbusers
>> interfaces = 127.0.0.1 eth*
>> bind interfaces only = yes
>> hosts allow = 172.16. 192.168.
>>
>> #5
>> passdb backend = ldapsam:ldap://ldapserver
>> # passdb backend = ldapsam:ldaps://ldapserver:636
>> ldap admin dn = cn=Directory Manager
>> ldap suffix = dc=me,dc=you,dc=they
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=Users
>> ldap machine suffix = ou=Computers
>> ldap ssl = no
>> # ldap ssl = start_tls
>> # ldpasam:trusted = yes
>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> ldap delete dn = Yes
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>> ldap passwd sync = Yes
>>
>> [homes]
>> comment = Home Directories
>> path = /student/%U
>> valid users = %U
>> writeable = yes
>> root preexec = /etc/samba/mkhomedir.sh %U %G
>>
>> [netlogon]
>> comment = Network Logon Service
>> path = /home/netlogon
>> guest ok = Yes
>> locking = No
>> browseable = no
>>
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> browseable = no
>> public = yes
>> guest ok = yes
>> writable = yesdrwxr-xr-x
>> printable = yes
>> printer admin = root
>>
>> [print$]
>> comment = Printer Drivers
>> path = /etc/samba/drivers
>> browseable = yes
>> write list = @domadmins root administrator lpadmin lp linlab
>>
>> [/CODE]
>>
>> ldap.conf
>> [CODE]
>> base dc=me,dc=you,dc=they
>> binddn cn=Directory Manager
>> bindpw 12345678
>>
>> port 389
>> timelimit 120
>>
>> bind_timelimit 120
>> idle_timelimit 3600
>>
>> nss_base_passwd ou=Departments,ou=users,dc=me,dc=you,dc=they?sub
>>
>> nss_base_hosts ou=Departments,ou=users,dc=me,dc=you,dc=they?sub
>>
>> nss_base_shadow ou=users,dc=me,dc=you,dc=they?one
>> nss_base_group ou=Groups,dc=me,dc=you,dc=they?one
>>
>> nss_initgroups_ignoreusers
>> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
>>
>> uri ldap://ldapserver/
>> #ssl start_tls
>> #tls_cacertdthey /etc/openldap/cacerts
>> #pam_password md5
>>
>> ldap_version 3
>> [/CODE]
>>
>> I tried to join a windows xp and succeeded, and login with "root" user
>> succeeded too. But when I restart samba service, this error appears:
>> [CODE]
>> [2010/07/12 19:12:59, 0] lib/smbldap.c:1086(smbldap_connect_system)
>> failed to bind to server ldap://ldapserver with dn="cn=Directory
>> Manager"
>> Error: Can't contact LDAP server
>> (unknown)
>> [2010/07/12 19:12:59, 1] lib/smbldap.c:1265(another_ldap_try)
>> Connection to LDAP server failed for the 1 try!
>> [/CODE]
>> and LDAP users can't login and this is given in error log (of windows
>> machine):
>>
>> [CODE]
>> [2010/07/12 19:32:05, 1] auth/auth_util.c:577(make_server_info_sam)
>> User 8510453 in passdb, but getpwnam() fails!
>> [2010/07/12 19:32:05, 0] auth/auth_sam.c:355(check_sam_security)
>> check_sam_security: make_server_info_sam() failed with
>> 'NT_STATUS_NO_SUCH_USER'
>> [2010/07/12 19:32:07, 0] passdb/pdb_get_set.c:211(pdb_get_group_sid)
>> pdb_get_group_sid: Failed to find Unix account for MYUSER
>> [/CODE]
>>
>> tho follwing commands work fine(!):
>> [CODE]
>> smbldap-useradd MYUSER
>> smbldap-passwd MYUSER
>> smbldap-usershow MYUSER
>> [/CODE]
>>
>> I'm confused and I can't understand the problem :(
>> Any miss in config files? any bug?
>> samba version is 3.4.7
>> --
>> View this message in context:
>> http://old.nabble.com/Samba-LDAP-problem-tp29149833p29149833.html
>> Sent from the Samba - samba-technical mailing list archive at Nabble.com.
>>
>>
>
>
>
>
--
View this message in context: http://old.nabble.com/Samba-LDAP-problem-tp29149833p29180732.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list