[Samba] More Samba 3.0 setup bugs. Was: LDAP passdb backends.
What's the difference?
Jim C
jcllings at tsunamicomm.net
Sat Jul 19 20:05:49 GMT 2003
>
>
>>I've not be able to find in the docs where it describes the differences
>>...
>>
>>the old LDAP schema thus I assume that the others are not.
>>
>>_nua no longer exists. ldapsam uses a new schema, designed to avoid
>>conflicts with other schemas, and for intergartion with things like idmap.
>>
Never the less, I would expect to see _nua again someday when it is
stabilized.
OK, I managed to get connected with ldapsam_compat however I got some
errors on the server side at log level 4.
Just for gigles, I switched to the old samba and got none at the same
log level. Now objectClass=sambaGroupMapping doesn't exist in the old
schema, as far as I know, so that is not a surprise but I am not sure I
understand why samba is looking for it. I've triple checked that the
password set by smbpasswd3 -w is correct but I still get errors/warnings
to that effect. I'm particularly interested in what, if anything, the
idmap suffix should be set to. Note that I have no known use for
winbind as my linux boxes all connect directly through LDAP. Listings
below are annotated.
Jul 19 12:24:01 enigma smbd3[12589]: [2003/07/19 12:24:01, 0]
lib/util_sock.c:get_socket_addr(900)
Jul 19 12:24:01 enigma smbd3[12589]: getpeername failed. Error was
Transport endpoint is not connected
Jul 19 12:24:01 enigma smbd3[12589]: [2003/07/19 12:24:01, 0]
lib/util_sock.c:read_socket_data(342)
Jul 19 12:24:01 enigma smbd3[12589]: read_socket_data: recv failure
for 4. Error = Connection reset by peer
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1363)
Jul 19 12:24:01 enigma smbd3[12588]: failed to decode PDU
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0]
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Jul 19 12:24:01 enigma smbd3[12588]: process_request_pdu: failed to do
schannel processing.
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0]
lib/smbldap.c:smbldap_open(799)
Jul 19 12:24:01 enigma smbd3[12588]: smbldap_open: cannot access LDAP
when not root..
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1634)
Jul 19 12:24:01 enigma smbd3[12588]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient
access)ldapsam_search_one_group: Query was:
ou=Group,dc=microverse,dc=net,
(&(objectClass=sambaGroupMapping)(gidNumber=1002))
gidNumber 1002 belongs to my domain users group, dusers but it does not
have an objectClass=sambaGroupMapping nore is one accessible according to GQ
Do I need to add the new schema? It does not seem logical that this
would be required with ldapsam_compat.
Followed by shorewall gripeing about some all2all pings which may or may
not be pertinent. Note that 192.168.1.252 is the test cleint:
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=
MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28
TOS=0x00 PREC=0x00 TTL=128 ID=7816 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=2816
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=
MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28
TOS=0x00 PREC=0x00 TTL=128 ID=7817 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3072
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=
MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28
TOS=0x00 PREC=0x00 TTL=128 ID=7818 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3328
testparm3 output is :
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdf-generator]"
Processing section "[public]"
Load smb config files from /etc/samba3/smb.conf
Loaded services file OK.
WARNING: You have some share names that are longer than 8 chars
These may give errors while browsing or may not be accessible
to some older clients
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MICROVERSE
server string = Samba Server %v
interfaces = 192.168.1.253/24
map to guest = Bad User
passdb backend = ldapsam_compat:ldap://127.0.0.1, smbpasswd, guest
pam password change = Yes
unix password sync = Yes
log level = 4
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add machine script = /usr/share/samba3/scripts/smbldap-useradd.pl -w
-d /dev/null -g Machines -c 'Machine Account' -s /bin/false %u
#The above is in correct but is OK for now.
domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
ldap suffix = dc=microverse,dc=net
ldap machine suffix = ou=Computers,dc=microverse,dc=net
ldap user suffix = ou=People,dc=microverse,dc=net
ldap group suffix = ou=Group,dc=microverse,dc=net
ldap idmap suffix = dc=microverse,dc=net
Could the above be the problem? What is an idmap? Seems to me that it
is winbind suff and I've not yet had a reason to use winbind.
ldap admin dn = cn=root,dc=microverse,dc=net
ldap ssl = no
printer admin = @adm
hosts allow = 192.168.1., 192.168.2., 127.
printing = cups
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba3/netlogon
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba3
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side
printer drivers.
browseable = No
[print$]
path = /var/lib/samba3/printers
write list = @adm, root
guest ok = Yes
[pdf-generator]
comment = PDF Generator (only valid users)
path = /var/tmp
printable = Yes
print command = /usr/share/samba3/scripts/print-pdf %s ~%u //%L/%u
%m %I "%J" &
[public]
path = /home/storeage
read only = No
guest only = Yes
guest ok = Yes
More information about the samba
mailing list