[Samba] Samba + LDAP problem...
Collins, Kevin
KCollins at nesbittengineering.com
Fri Jun 13 15:18:52 GMT 2003
Ok, after three more days of pulling my hair out, I'm still stuck. I've got
what I think is the problem, but I'm sure how to fix it.
I'm building a Samba PDC using the IDEALX.org HOWTO. I'm using samba 2.2.7
and openldap 2.0.27 that I compiled from the Red Hat Network. This is being
built on Red Hat Enterprise Linux ES 2.1.
Ok, So I get to the part of the HOWTO that instructs me to add the
administrator account. So I use 'smbldap-useradd.pl -a -m -g 200
administrator', but I get an error stating
'/usr/local/sbin/smbldap-useradd.pl: unknown group 200'.
This is odd because I can do a 'smbldap-groupshow.pl "domain admins"' and
*see* the 'Domain Admins' group. And that group has a gidNumber of 200!
How can I see the group, have it set with the proper information and yet get
an error that says it's not there?
Below are some files that I think are pertinent. The
/etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the
base.ldif that is from the IDEALX.org HOWTO.
I'm hoping that someone with much more experience than me will be able to
help me.
Thanks in advance....
***************begin ldap.conf************************
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05
17:54:38 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST 127.0.0.1
BASE dc=nesbitt,dc=local
***************end ldap.conf************************
***************begin sldap.conf*********************
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31
kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=nesbitt,dc=local"
rootdn "cn=manager,dc=nesbitt,dc=local"
rootpw <a secret>
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname
eq,subinitial
***************end sldap.conf***********************
***************begin smb.conf***********************
#
****************************************************************************
*
# -- Nesbitt Engineering, Inc. Stargazer Samba Configuration
--
#
****************************************************************************
*
# This is the main Samba configuration file for Stargazer - NEI's Promary
# Domain Controller and Lexington office File Server.
#
# This configuration file is only to be used for an LDAP enabled server that
# will be acting as a PDC. Modifications will be required for member
servers
# and machine that will act as "BDCs".
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this file we have used a #
# for commentry and a ; for parts of the config file that are
# either not enabled yet, or temporarly disabled
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
----------------------------------------------------------------------------
-
# "Fear the Penguin!"
# -- Kevin L. Collins
# Systems Manager
# Nesbitt Engineering, Inc.
#
****************************************************************************
*
# Changelog:
# Date - Version - Change
# * Info about change
#
----------------------------------------------------------------------------
-
# 06/04/03 - 1.0 - Original Creation
#
****************************************************************************
*
#============================= Global Settings
================================
[global]
# Server Name and description
workgroup = nesbitt.local
netbios name = stargazer
server string = Stargazer - Lexington File Server
# Samba log information
log file = /var/log/samba/%m.log
max log size = 0
# Security information
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n
*All*authentication*tokens*updated*successfully*
# To help performance
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Settings for PDC setup
local master = yes
os level = 80
domain master = yes
preferred master = no
domain logons = yes
# Activate these Network Services
wins support = yes
time server = yes
# User Information
logon path = \\%L\profiles\%u\%m
logon script = timeset.bat
logon drive = H:
logon home = \\%L\%u
# LDAP Declarations -- Needed to allow the LDAP backend to work
ldap suffix = dc=nesbitt,dc=local
ldap admin dn = cn=manager,dc=nesbitt,dc=local
ldap port = 389
ldap server = 127.0.0.1
ldap ssl = no
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
domain admin group = " @"Domain Admins" "
#============================= Share Definitions
===============================
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no
[profiles]
comment = Roaming User Profiles
path = /usr/local/samba/profiles
browsable = no
guest ok = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
***************end smb.conf*************************
**************begin base.ldif***********************
dn: dc=nesbitt,dc=local
objectClass: domain
dc: nesbitt
dn: ou=Groups,dc=nesbitt,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: Groups
description: System Groups
dn: ou=Users,dc=nesbitt,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: Users
description: Users of the Organization
dn: ou=Computers,dc=nesbitt,dc=local
objectClass: top
objectClass: OrganizationalUnit
ou: Computers
description: Windows Domain Computers
dn: cn=Domain Admins,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 200
cn: Domain Admins
memberUid: administrator
description: Windows Domain Users
dn: cn=Domain Users,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 201
cn: Domain Users
description: Windows Domain Users
dn: cn=Domain Guests,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 202
cn: Domain Guests
description: Windows Domain Guests Users
dn: cn=Administrators,ou=Groups,dc=nesbitt,dc=local
description: Members can fully administer the computer/domain
objectClass: posixGroup
gidNumber: 220
cn: Administrators
description: Windows Domain Members can fully administer the computer/domain
dn: cn=Users,ou=Groups,dc=nesbitt,dc=local
description: Ordinary users
objectClass: posixGroup
gidNumber: 221
cn: Users
description: Windows Domain Ordinary users
dn: cn=Guests,ou=Groups,dc=nesbitt,dc=local
description: Users granted guest access to the computer/domain
objectClass: posixGroup
gidNumber: 222
cn: Guests
memberUid: nobody
description: Windows Domain Users granted guest access to the
computer/domain
dn: cn=Power Users,ou=Groups,dc=nesbitt,dc=local
description: Members can share directories and printers
objectClass: posixGroup
gidNumber: 223
cn: Power Users
description: Windows Domain Members can share directories and printers
dn: cn=Account Operators,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 224
cn: Account Operators
description: Windows Domain Users to manipulate users accounts
dn: cn=Server Operators,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 225
cn: Server Operators
description: Windows Domain Server Operators
dn: cn=Print Operators,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 226
cn: Print Operators
description: Windows Domain Print Operators
dn: cn=Backup Operators,ou=Groups,dc=nesbitt,dc=local
objectClass: posixGroup
gidNumber: 227
cn: Backup Operators
description: Windows Domain Members can bypass file security to back up
files
dn: cn=Replicator,ou=Groups,dc=nesbitt,dc=local
description: Supports file replication in a domain
objectClass: posixGroup
gidNumber: 228
cn: Replicator
description: Windows Domain Supports file replication in a domain
**************end base.ldif*************************
--
Kevin L. Collins, MCSE
Systems Manager
Nesbitt Engineering, Inc.
More information about the samba
mailing list