[Samba] Fw: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?
Eddie Lania
e.lania at home.nl
Sat Aug 3 12:21:12 GMT 2002
Hi again,
I just wanted to add this to make my information more complete:
The id primary group id of user "eddie" in the ldap tree is 500:201.
201 is the group "Domain Users"
But you have to know that user "eddie" also excists with id and gid 500:500
in the /etc/passwd and /etc/group files.
Examining the log file below, this raises the following question to me:
Is the passdb backend plugin "ldap" perhaps using a normal "getent" function
do determine the correct user id and gid?
If so, this could explain why I have these errors, but does this mean that
the configuration of /etc/nsswitch.conf should be changed from:
passwd: files ldap
shadow: files ldap
group: files ldap
to:
passwd: ldap files
shadow: ldap files
group: ldap files
And will this affect the way people log in using other applications like shh
for example?
Or should there be a different solution?
Also, the params:
ldap suffix = "dc=techdream,dc=net"
ldap user suffix = "ou=Users"
ldap machine suffix = "ou=Computers
Are, in my opinion "fairly undocumented" and I have not been able to gather
more information about them, so, the vallues that i've used are only guessed
by myself and I would like to know if their right or wrong.
It also seems to me that the smbgroupedit program is not usefull when
authenticating against a ldap server (I have tried to map some of the unix
groups to the "domain groups" but didn't notice any change).
Is this right?
Thanks again,
Eddie.
----- Original Message -----
From: "Eddie Lania" <e.lania at home.nl>
To: <samba at lists.samba.org>
Sent: Saturday, August 03, 2002 8:23 PM
Subject: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?
> Hello list,
>
> Can someone tell me why I keep getting these kind of errors in the samba
log
> files?
> I just went over from 2.2.5 to 3.0-alpha 18, I never had these errors in
the
> 2.2.5 version.
> Especially the rid [0] is a complete mistery to me since I have no account
> defined in my ldap service that has rid 0.
>
> Thank you very much for your help.
>
> Eddie Lania.
>
> ----------------
> [2002/08/03 19:21:27, 0, effective(1001, 202), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
> get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
> get_domain_user_groups: You should fix it, NT doesn't like that
> [2002/08/03 19:21:38, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
> p450aukje (192.168.168.253) connect to service profiles initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:41, 1, effective(0, 0), real(0, 0)]
> smbd/service.c:close_cnum(843)
> p450aukje (192.168.168.253) closed connection to service profiles
> [2002/08/03 19:21:41, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
> p450aukje (192.168.168.253) connect to service netlogon initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:43, 1, effective(0, 0), real(0, 0)]
> smbd/service.c:close_cnum(843)
> p450aukje (192.168.168.253) closed connection to service netlogon
> [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
> p450aukje (192.168.168.253) connect to service homes initially as user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
> p450aukje (192.168.168.253) connect to service netlogon initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
> get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
> get_domain_user_groups: You should fix it, NT doesn't like that
> [2002/08/03 19:21:53, 0, effective(0, 0), real(0, 0)]
> passdb/pdb_ldap.c:ldapsam_getsampwrid(1250)
> We don't find this rid [0] count=0
> [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
> get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
> get_domain_user_groups: You should fix it, NT doesn't like that
> -----------------
>
> This is how I compiled samba:
>
./configure --sbindir=/usr/local/samba/bin --with-logfilebase=/var/log/samba
> --with-smbmount --with-ldapsam --with-acl-support
>
> Here my smb.conf:
>
> [global]
> passdb backend = ldapsam:ldap://localhost
> ldap suffix = "dc=techdream,dc=net"
> ldap user suffix = "ou=Users"
> ldap machine suffix = "ou=Computers"
> ldap admin dn = "cn=Manager,dc=techdream,dc=net"
> ldap ssl = off
> use spnego = No
> workgroup = TECHDREAM
> time server = Yes
> deadtime = 15
> server string = Linux Samba Server %v
> wins support = Yes
> os level = 64
> prefered master = Auto
> domain master = Yes
> local master = Yes
> security = user
> encrypt passwords = Yes
> null passwords = Yes
> passwd program = /usr/local/sbin/smbldap-passwd.pl
> guest account = Guest
> socket address = 192.168.168.192
> interfaces = 192.168.168.0/24 127.0.0.1
> bind interfaces only = Yes
> domain logons = Yes
> add user script = /usr/local/sbin/smbldap-useradd.pl -a -E
login.bat
> %u
> add machine script = /usr/local/sbin/smbldap-useradd.pl -g 102 -w
%u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> logon path = \\%L\profiles\%U
> logon drive = q:
> logon home = \\%L\%U\.profile
> logon script = login.bat
> debug uid = Yes
> log file = /var/log/samba/%m.log
> max log size = 0
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> read only = Yes
> guest ok = Yes
> write list = @"Administrators"
> inherit acls = Yes
> inherit permissions = Yes
> [homes]
> path = /home/users/%U
> read only = No
> browseable = No
> inherit acls = Yes
> inherit permissions = Yes
> csc policy = disable
> [profiles]
> comment = User Profiles share
> path = /home/profiles
> read only = No
> inherit acls = Yes
> inherit permissions = Yes
> csc policy = disable
> [users]
> comment = Users directories
> path = /home/users
> read only = No
> inherit acls = Yes
> inherit permissions = Yes
> [public]
> comment = Public Files share
> path = /mnt/big_f32/public
> force user = nobody
> read only = No
> [apps]
> comment = Applications share
> path = /mnt/big_f32/apps
> force user = nobody
> read only = No
> [backup]
> comment = Backup share
> path = /mnt/big_f32/backup
> force user = nobody
> read only = Yes
>
>
>
More information about the samba
mailing list