[Samba] Fw: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?

Eddie Lania e.lania at home.nl
Sat Aug 3 12:21:12 GMT 2002 

Hi again,

I just wanted to add this to make my information more complete:

The id primary group id of user "eddie" in the ldap tree is 500:201.
201 is the group "Domain Users"
But you have to know that user "eddie" also excists with id and gid 500:500
in the /etc/passwd and /etc/group files.

Examining the log file below, this raises the following question to me:

Is the passdb backend plugin "ldap" perhaps using a normal "getent" function
do determine the correct user id and gid?
If so, this could explain why I have these errors, but does this mean that
the configuration of /etc/nsswitch.conf should be changed from:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

to:

passwd:     ldap files
shadow:     ldap files
group:      ldap files

And will this affect the way people log in using other applications like shh
for example?
Or should there be a different solution?

Also, the params:

ldap suffix = "dc=techdream,dc=net"
ldap user suffix = "ou=Users"
ldap machine suffix = "ou=Computers

Are, in my opinion "fairly undocumented" and I have not been able to gather
more information about them, so, the vallues that i've used are only guessed
by myself and I would like to know if their right or wrong.

It also seems to me that the smbgroupedit program is not usefull when
authenticating against a ldap server (I have tried to map some of the unix
groups to the "domain groups" but didn't notice any change).

Is this right?


Thanks again,

Eddie.

----- Original Message -----
From: "Eddie Lania" <e.lania at home.nl>
To: <samba at lists.samba.org>
Sent: Saturday, August 03, 2002 8:23 PM
Subject: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?


> Hello list,
>
> Can someone tell me why I keep getting these kind of errors in the samba
log
> files?
> I just went over from 2.2.5 to 3.0-alpha 18, I never had these errors in
the
> 2.2.5 version.
> Especially the rid [0] is a complete mistery to me since I have no account
> defined in my ldap service that has rid 0.
>
> Thank you very much for your help.
>
> Eddie Lania.
>
> ----------------
> [2002/08/03 19:21:27, 0, effective(1001, 202), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
>   get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2002/08/03 19:21:38, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
>   p450aukje (192.168.168.253) connect to service profiles initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:41, 1, effective(0, 0), real(0, 0)]
> smbd/service.c:close_cnum(843)
>   p450aukje (192.168.168.253) closed connection to service profiles
> [2002/08/03 19:21:41, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
>   p450aukje (192.168.168.253) connect to service netlogon initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:43, 1, effective(0, 0), real(0, 0)]
> smbd/service.c:close_cnum(843)
>   p450aukje (192.168.168.253) closed connection to service netlogon
> [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
>   p450aukje (192.168.168.253) connect to service homes initially as user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)]
> smbd/service.c:make_connection_snum(676)
>   p450aukje (192.168.168.253) connect to service netlogon initially as
user
> eddie (uid=500, gid=500) (pid 24710)
> [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
>   get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> [2002/08/03 19:21:53, 0, effective(0, 0), real(0, 0)]
> passdb/pdb_ldap.c:ldapsam_getsampwrid(1250)
>   We don't find this rid [0] count=0
> [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)]
> rpc_server/srv_util.c:get_domain_user_groups(346)
>   get_domain_user_groups: primary gid of user [eddie] is not a Domain
group
> !
>   get_domain_user_groups: You should fix it, NT doesn't like that
> -----------------
>
> This is how I compiled samba:
>
./configure --sbindir=/usr/local/samba/bin --with-logfilebase=/var/log/samba
>  --with-smbmount --with-ldapsam --with-acl-support
>
> Here my smb.conf:
>
> [global]
>         passdb backend = ldapsam:ldap://localhost
>         ldap suffix = "dc=techdream,dc=net"
>         ldap user suffix = "ou=Users"
>         ldap machine suffix = "ou=Computers"
>         ldap admin dn = "cn=Manager,dc=techdream,dc=net"
>         ldap ssl = off
>         use spnego = No
>         workgroup = TECHDREAM
>         time server = Yes
>         deadtime = 15
>         server string = Linux Samba Server %v
>         wins support = Yes
>         os level = 64
>         prefered master = Auto
>         domain master = Yes
>         local master = Yes
>         security = user
>         encrypt passwords = Yes
>         null passwords = Yes
>         passwd program = /usr/local/sbin/smbldap-passwd.pl
>         guest account = Guest
>         socket address = 192.168.168.192
>         interfaces = 192.168.168.0/24 127.0.0.1
>         bind interfaces only = Yes
>         domain logons = Yes
>         add user script = /usr/local/sbin/smbldap-useradd.pl -a -E
login.bat
> %u
>         add machine script = /usr/local/sbin/smbldap-useradd.pl -g 102 -w
%u
>         delete user script = /usr/local/sbin/smbldap-userdel.pl %u
>         logon path = \\%L\profiles\%U
>         logon drive = q:
>         logon home = \\%L\%U\.profile
>         logon script = login.bat
>         debug uid = Yes
>         log file = /var/log/samba/%m.log
>         max log size = 0
> [netlogon]
>         comment = Network Logon Service
>         path = /home/netlogon
>         read only = Yes
>         guest ok = Yes
>         write list = @"Administrators"
>         inherit acls = Yes
>         inherit permissions = Yes
> [homes]
>         path = /home/users/%U
>         read only = No
>         browseable = No
>         inherit acls = Yes
>         inherit permissions = Yes
>         csc policy = disable
> [profiles]
>         comment = User Profiles share
>         path = /home/profiles
>         read only = No
>         inherit acls = Yes
>         inherit permissions = Yes
>         csc policy = disable
> [users]
>         comment = Users directories
>         path = /home/users
>         read only = No
>         inherit acls = Yes
>         inherit permissions = Yes
> [public]
>         comment = Public Files share
>         path = /mnt/big_f32/public
>         force user = nobody
>         read only = No
> [apps]
>         comment = Applications share
>         path = /mnt/big_f32/apps
>         force user = nobody
>         read only = No
> [backup]
>         comment = Backup share
>         path = /mnt/big_f32/backup
>         force user = nobody
>         read only = Yes
>
>
>

More information about the samba mailing list