[Samba] net rpc vampire is sucking my brain!
Gémes Géza
geza at kzsdabas.sulinet.hu
Wed Dec 3 18:50:26 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Byars, Jason M írta:
| Trying to migrate NT4 to samba 3.0.0 or 3.0.1pre3 with an ldap backend.
| I add a backup server account to the domain and joined. Getting the SID
| and the ldap init seem to work, and I start windbind. When I run net rpc
| vampire all I get is a ton of "Could not create posix account info for "
| errors. Then ofcourse pdbedit -L returns smbldap_search_suffix: Problem
| during the LDAP search: (No such object). I tried using smbpasswd and
| tdbsam backends, because I figure I have a mistake in my ldap init, but
| I still get the same errors. I'm including my smb.conf, sldap.conf and
| initldap.dif. Could someone please help? I'm sure I have overlooked
| something simple. Thanks
|
| Jason
|
| Smb.conf
| [global]
| workgroup = NEPHROLOGY
| server string = samba test dc
| #passdb backend = tdbsam
| passdb backend = ldapsam:ldap://localhost
| log file = /var/log/samba/%m.log
| max log size = 50
| socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
| domain logons = Yes
| local master = No
| domain master = No
| dns proxy = No
| wins server = 134.68.220.14
| ldap suffix = dc=nephrology,dc=iupui,dc=edu
| ldap machine suffix =
| ou=Computers,dc=nephrology,dc=iupui,dc=edu,dc=nephrology,dc=iupui,dc=edu
| ,dc=nephrology,dc=iupui,dc=edu
| ldap user suffix =
| ou=People,dc=nephrology,dc=iupui,dc=edu,dc=nephrology,dc=iupui,dc=edu,dc
| =nephrology,dc=iupui,dc=edu
| ldap group suffix =
| ou=Groups,dc=nephrology,dc=iupui,dc=edu,dc=nephrology,dc=iupui,dc=edu,dc
| =nephrology,dc=iupui,dc=edu
| ldap idmap suffix =
| dc=nephrology,dc=iupui,dc=edu,dc=nephrology,dc=iupui,dc=edu,dc=nephrolog
| y,dc=iupui,dc=edu
| ldap admin dn = "cn=root,dc=nephrology,dc=iupui,dc=edu"
| remote announce = 149.166.202.255
| idmap uid = 15000-20000
| idmap gid = 15000-20000
| [homes]
| comment = Home Directories
| read only = No
| browseable = No
|
| [printers]
| comment = All Printers
| path = /var/spool/samba
| printable = Yes
| browseable = No
|
| Initldap.dif
| #O rganization for Samba Base
| dn: dc=nephrology,dc=iupui,dc=edu
| objectclass: dcObject
| objectclass: organization
| dc: nephrology
| o: Nephrology Net
| description: The Samba-3 Network LDAP Example
|
| # Organizational Role for Directory Management
| dn: cn=root,dc=nephrology,dc=iupui,dc=edu
| objectclass: organizationalRole
| cn: root
| description: Directory Manager
|
| # Setting up container for users
| dn: ou=People,dc=nephrology,dc=iupui,dc=edu
| objectclass: top
| objectclass: organizationalUnit
| ou: People
|
| # Setting up admin handle for People OU
| dn: cn=root,ou=People,dc=nephrology,dc=iupui,dc=edu
| cn: root
| objectclass: top
| objectclass: organizationalRole
| objectclass: simpleSecurityObject
| userPassword: same as slapd
|
| # Setting up container for groups
| dn: ou=Groups,dc=nephrology,dc=iupui,dc=edu
| objectclass: top
| objectclass: organizationalUnit
| ou: Groups
|
| # Setting up admin handle for Groups OU
| dn: cn=root,ou=Groups,dc=nephrology,dc=iupui,dc=edu
| cn: root
| objectclass: top
| objectclass: organizationalRole
| objectclass: simpleSecurityObject
| userPassword: same as slapd
|
| # Setting up container for computers
| dn: ou=Computers,dc=nephrology,dc=iupui,dc=edu
| objectclass: top
| objectclass: organizationalUnit
| ou: Computers
|
| # Setting up admin handle for Computers OU
| dn: cn=root,ou=Computers,dc=nephrology,dc=iupui,dc=edu
| cn: root
| objectclass: top
| objectclass: organizationalRole
| objectclass: simpleSecurityObject
| userPassword: same as slapd
|
| Sladp.conf
| database ldbm
| suffix "dc=nephrology,dc=iupui,dc=edu"
| rootdn "cn=root,dc=nephrology,dc=iupui,dc=edu"
| # Cleartext passwords, especially for the rootdn, should
| # be avoided. See slappasswd(8) and slapd.conf(5) for details.
| # Use of strong authentication encouraged.
| # rootpw secret
| # rootpw {crypt}ijFYNcSNctBYg
| #rootpw {SSHA}GDtVlBhvQsENtjM3OD1GBFAWMkhv+3m/
| rootpw something sensible
| # The database directory MUST exist prior to running slapd AND
| # should only be accessible by the slapd and slap tools.
| # Mode 700 recommended.
| directory /var/lib/ldap
|
| # Indices to maintain for this database
| index objectClass eq,pres
| index ou,mail,givenname eq,pres,sub
| index uidNumber,gidNumber,loginShell eq,pres
| index uid,memberUid eq,pres,sub
| index nisMapName,nisMapEntry eq,pres,sub
| index cn pres,sub,eq
| index sn pres,sub,eq
| index displayName pres,sub,eq
| index sambaSID eq
| index sambaPrimaryGroupSID eq
| index sambaDomainName eq
| index default sub
| # Replicas of this database
| #replogfile /var/lib/ldap/openldap-master-replog
| #replica host=ldap-1.example.com:389 tls=yes
| # bindmethod=sasl saslmech=GSSAPI
| # authcId=host/ldap-master.example.com at EXAMPLE.COM
Two sidenotes to your problem:
I haven't ever had this problem of migration, since I'm runing samba DCs
from the begining, but I think the migration is working just like
administering your users with usrmgr.exe, it needs add user script, add
group script, add machine script, and others specified in smb.conf.
Another idea if you have specified ldap suffix, you need to write for
ldap user suffix, and others, just the ou part, and nothing else.
Good Luck!
Geza Gemes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/zjBx/PxuIn+i1pIRAkJLAJ9d87EGPlo3O1wnr8NCK8epRVuZCQCePg93
hoLKBpQsw5of+aPUlmCYVRU=
=yW8a
-----END PGP SIGNATURE-----
More information about the samba
mailing list