[Samba] cannot add machine account with ldapsam
Johannes Ullmann
j.ullmann at evva.com
Wed Sep 17 09:41:37 GMT 2003
Hello,
Im using samba-3.0.0rc4 with ldapsam.
adding users works fine but when i try to add a machine account i alway
get this error:
pdc:/usr/bin# pdbedit -v -a -m -u test_pc
ldapsam_modify_entry: Failed to add user dn=
uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com with: Object class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = test_pc$
(dn = uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com)
Unable to add machine! (does it already exist?)
the same error message appears also in my ldap logfile:
Sep 17 10:55:21 ldap1 slapd[30889]: connection_get(23)
Sep 17 10:55:21 ldap1 slapd[30892]: do_add: ndn
(UID=TEST_PC$,OU=SYSTEMS,DC=OVID,DC=EVVA,DC=COM)
Sep 17 10:55:21 ldap1 slapd[30892]: ==> ldbm_back_add:
uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com
Sep 17 10:55:21 ldap1 slapd[30892]: Entry
(uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com): object class
'sambaSamAccount' requires attribute 'sambaSID'
Sep 17 10:55:21 ldap1 slapd[30892]: send_ldap_result: 65::object class
'sambaSamAccount' requires attribute 'sambaSID'
Sep 17 10:55:21 ldap1 slapd[30889]: connection_get(22)
Sep 17 10:55:21 ldap1 slapd[30889]: connection_get(23)
When i turn the schema check off in my slapd.conf then i'm able to add
machine accounts but they have no SID and so they don't work.
I think pdbedit or smbpasswd does not create a right ldap-entry.
I read in the lists archive that some others had the same problem
before, has anyone a solution for this?
I have attached the full logs and my conf files and a machine-account
ldif without a sid:
thanks
Johannes
-------------- next part --------------
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
lp_load: refreshing parameters
Initialising global parameters
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = samba
doing parameter server string = %h server (Samba %v)
doing parameter netbios name = pdc
handle_netbios_name: set global_myname to: PDC
doing parameter os level = 33
doing parameter wins support = yes
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = user
doing parameter encrypt passwords = true
doing parameter obey pam restrictions = yes
doing parameter invalid users = root
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
doing parameter preferred master = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter domain logons = yes
doing parameter logon path = \\%N\profiles\%u
doing parameter logon drive = H:
doing parameter logon home = \\homeserver\%u\winprofile
doing parameter logon script = logon.cmd
doing parameter ldap admin dn = "cn=admin,dc=ovid,dc=evva,dc=com"
doing parameter ldap ssl = off
doing parameter passdb backend = ldapsam:ldap://ldap1.ovid.evva.com, guest
doing parameter ldap delete dn = no
doing parameter ldap user suffix = "ou=People,dc=ovid,dc=evva,dc=com"
doing parameter ldap machine suffix = "ou=Systems,dc=ovid,dc=evva,dc=com"
doing parameter ldap suffix = "dc=ovid,dc=evva,dc=com"
doing parameter ldap passwd sync = yes
doing parameter preserve case = yes
doing parameter short preserve case = yes
doing parameter socket options = TCP_NODELAY
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Trying to load: ldapsam:ldap://ldap1.ovid.evva.com
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://ldap1.ovid.evva.com (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA))]
smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA))]
smbldap_open_connection: ldap://ldap1.ovid.evva.com
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://ldap1.ovid.evva.com as "cn=admin,dc=ovid,dc=evva,dc=com"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://ldap1.ovid.evva.com has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="PDC"
Trying to load: ldapsam:ldap://ldap1.ovid.evva.com
Attempting to find an passdb backend to match ldapsam:ldap://ldap1.ovid.evva.com (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA))]
smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA))]
smbldap_open_connection: ldap://ldap1.ovid.evva.com
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://ldap1.ovid.evva.com as "cn=admin,dc=ovid,dc=evva,dc=com"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://ldap1.ovid.evva.com has a valid init
Trying to load: guest
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
pdb_set_username: setting username test_pc$, was
pdb_set_group_sid: setting group sid S-1-5-21-1593997865-1707716320-546860595-515
pdb_set_group_sid_from_rid:
setting group sid S-1-5-21-1593997865-1707716320-546860595-515 from rid 515
smbldap_search_suffix: searching for:[(&(uid=test_pc$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching for:[(uid=test_pc$)]
smbldap_search_suffix: searching for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: test_pc$
ldapsam_modify_entry: Failed to add user dn= uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com with: Object class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = test_pc$ (dn = uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com)
-------------- next part --------------
dn: uid=ksc$, ou=Systems, dc=ovid,dc=evva,dc=com
sambaPwdLastSet: 1063724193
sambaAcctFlags: [W ]
sambaPwdMustChange: 2147483647
objectClass: sambaSamAccount
objectClass: account
uid: ksc$
sambaPwdCanChange: 1063724193
sambaNTPassword: D976DD0394F9D034E9D66E1F429B4ED1
sambaPrimaryGroupSID: S-1-5-21-1593997865-1707716320-546860595-515
sambaLMPassword: 044435E2B91B17E3AAD3B435B51404EE
-------------- next part --------------
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
#schemacheck off
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Where to store the replica logs
replogfile /var/lib/ldap/replog
# Read slapd.conf(5) for possible values
loglevel 4
#######################################################################
# ldbm database definitions
#######################################################################
# The backend type, ldbm, is the default standard
database ldbm
# The base of your directory
suffix "dc=ovid,dc=evva,dc=com"
# Where the database file are physically stored
directory "/var/lib/ldap"
# Indexing options
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
## required to support pdb_getsampwnam
index uid pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName pres,sub,eq
## uncomment these if you are storing posixAccount and
## posixGroup entries in the directory as well
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
# Save the time that the entry gets modified
lastmod on
rootdn "cn=admin,dc=ovid,dc=evva,dc=com"
rootpw ovid
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attribute=userPassword
by dn="" write
by anonymous auth
by self write
by * none
access to dn=".*,uid=([^,]+),ou=People,dc=ovid,dc=evva,dc=com"
by dn="uid=$1,ou=People,dc=ovid,dc=evva,dc=com" write
access to *
by self write
by * read
# The admin dn has full write access
access to *
by dn="" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="" write
# by dnattr=owner write
## allow the "ldap admin dn" access, but deny everyone else
#access to attrs=lmPassword,ntPassword
# by dn="cn=admin,ou=People,dc=ovid,dc=evva,dc=com" write
# by * none
-------------- next part --------------
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(22)
Sep 17 11:01:00 ldap1 slapd[31273]: ==> ldbm_back_bind: dn: cn=admin,dc=ovid,dc=evva,dc=com
Sep 17 11:01:00 ldap1 slapd[31273]: send_ldap_result: 0::
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(22)
Sep 17 11:01:00 ldap1 slapd[30892]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[30892]: 0 0 0
Sep 17 11:01:00 ldap1 slapd[30892]: filter: (&(objectClass=sambaDomain)(sambaDomainName=SAMBA))
Sep 17 11:01:00 ldap1 slapd[30892]: attrs:
Sep 17 11:01:00 ldap1 slapd[30892]: sambaDomainName
Sep 17 11:01:00 ldap1 slapd[30892]: sambaNextRid
Sep 17 11:01:00 ldap1 slapd[30892]: sambaNextUserRid
Sep 17 11:01:00 ldap1 slapd[30892]: sambaNextGroupRid
Sep 17 11:01:00 ldap1 slapd[30892]: sambaSID
Sep 17 11:01:00 ldap1 slapd[30892]: sambaAlgorithmicRidBase
Sep 17 11:01:00 ldap1 slapd[30892]: objectClass
Sep 17 11:01:00 ldap1 slapd[30892]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[30890]: ==> ldbm_back_bind: dn: cn=admin,dc=ovid,dc=evva,dc=com
Sep 17 11:01:00 ldap1 slapd[30890]: send_ldap_result: 0::
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[31273]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[31273]: 0 0 0
Sep 17 11:01:00 ldap1 slapd[31273]: filter: (&(objectClass=sambaDomain)(sambaDomainName=SAMBA))
Sep 17 11:01:00 ldap1 slapd[31273]: attrs:
Sep 17 11:01:00 ldap1 slapd[31273]: sambaDomainName
Sep 17 11:01:00 ldap1 slapd[31273]: sambaNextRid
Sep 17 11:01:00 ldap1 slapd[31273]: sambaNextUserRid
Sep 17 11:01:00 ldap1 slapd[31273]: sambaNextGroupRid
Sep 17 11:01:00 ldap1 slapd[31273]: sambaSID
Sep 17 11:01:00 ldap1 slapd[31273]: sambaAlgorithmicRidBase
Sep 17 11:01:00 ldap1 slapd[31273]: objectClass
Sep 17 11:01:00 ldap1 slapd[31273]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(20)
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(20)
Sep 17 11:01:00 ldap1 slapd[30892]: ==> ldbm_back_bind: dn: cn=admin,dc=ovid,dc=evva,dc=com
Sep 17 11:01:00 ldap1 slapd[30892]: send_ldap_result: 0::
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(20)
Sep 17 11:01:00 ldap1 slapd[30890]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[30890]: 1 0 0
Sep 17 11:01:00 ldap1 slapd[30890]: filter: (&(objectClass=posixAccount)(uid=test_pc$))
Sep 17 11:01:00 ldap1 slapd[30890]: attrs:
Sep 17 11:01:00 ldap1 slapd[30890]: uid
Sep 17 11:01:00 ldap1 slapd[30890]: userPassword
Sep 17 11:01:00 ldap1 slapd[30890]: uidNumber
Sep 17 11:01:00 ldap1 slapd[30890]: gidNumber
Sep 17 11:01:00 ldap1 slapd[30890]: cn
Sep 17 11:01:00 ldap1 slapd[30890]: homeDirectory
Sep 17 11:01:00 ldap1 slapd[30890]: loginShell
Sep 17 11:01:00 ldap1 slapd[30890]: gecos
Sep 17 11:01:00 ldap1 slapd[30890]: description
Sep 17 11:01:00 ldap1 slapd[30890]: objectClass
Sep 17 11:01:00 ldap1 slapd[30890]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[31273]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[31273]: 0 0 0
Sep 17 11:01:00 ldap1 slapd[31273]: filter: (&(uid=test_pc$)(objectClass=sambaSamAccount))
Sep 17 11:01:00 ldap1 slapd[31273]: attrs:
Sep 17 11:01:00 ldap1 slapd[31273]: uid
Sep 17 11:01:00 ldap1 slapd[31273]: uidNumber
Sep 17 11:01:00 ldap1 slapd[31273]: gidNumber
Sep 17 11:01:00 ldap1 slapd[31273]: homeDirectory
Sep 17 11:01:00 ldap1 slapd[31273]: sambaPwdLastSet
Sep 17 11:01:00 ldap1 slapd[31273]: sambaPwdCanChange
Sep 17 11:01:00 ldap1 slapd[31273]: sambaPwdMustChange
Sep 17 11:01:00 ldap1 slapd[31273]: sambaLogonTime
Sep 17 11:01:00 ldap1 slapd[31273]: sambaLogoffTime
Sep 17 11:01:00 ldap1 slapd[31273]: sambaKickoffTime
Sep 17 11:01:00 ldap1 slapd[31273]: cn
Sep 17 11:01:00 ldap1 slapd[31273]: displayName
Sep 17 11:01:00 ldap1 slapd[31273]: sambaHomeDrive
Sep 17 11:01:00 ldap1 slapd[31273]: sambaHomePath
Sep 17 11:01:00 ldap1 slapd[31273]: sambaLogonScript
Sep 17 11:01:00 ldap1 slapd[31273]: sambaProfilePath
Sep 17 11:01:00 ldap1 slapd[31273]: description
Sep 17 11:01:00 ldap1 slapd[31273]: sambaUserWorkstations
Sep 17 11:01:00 ldap1 slapd[31273]: sambaSID
Sep 17 11:01:00 ldap1 slapd[31273]: sambaPrimaryGroupSID
Sep 17 11:01:00 ldap1 slapd[31273]: sambaLMPassword
Sep 17 11:01:00 ldap1 slapd[31273]: sambaNTPassword
Sep 17 11:01:00 ldap1 slapd[31273]: sambaDomainName
Sep 17 11:01:00 ldap1 slapd[31273]: objectClass
Sep 17 11:01:00 ldap1 slapd[31273]: sambaAcctFlags
Sep 17 11:01:00 ldap1 slapd[31273]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[30892]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[30892]: 0 0 0
Sep 17 11:01:00 ldap1 slapd[30892]: filter: (uid=test_pc$)
Sep 17 11:01:00 ldap1 slapd[30892]: attrs:
Sep 17 11:01:00 ldap1 slapd[30892]: uid
Sep 17 11:01:00 ldap1 slapd[30892]: uidNumber
Sep 17 11:01:00 ldap1 slapd[30892]: gidNumber
Sep 17 11:01:00 ldap1 slapd[30892]: homeDirectory
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdLastSet
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdCanChange
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdMustChange
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogonTime
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogoffTime
Sep 17 11:01:00 ldap1 slapd[30892]: sambaKickoffTime
Sep 17 11:01:00 ldap1 slapd[30892]: cn
Sep 17 11:01:00 ldap1 slapd[30892]: displayName
Sep 17 11:01:00 ldap1 slapd[30892]: sambaHomeDrive
Sep 17 11:01:00 ldap1 slapd[30892]: sambaHomePath
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogonScript
Sep 17 11:01:00 ldap1 slapd[30892]: sambaProfilePath
Sep 17 11:01:00 ldap1 slapd[30892]: description
Sep 17 11:01:00 ldap1 slapd[30892]: sambaUserWorkstations
Sep 17 11:01:00 ldap1 slapd[30892]: sambaSID
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPrimaryGroupSID
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLMPassword
Sep 17 11:01:00 ldap1 slapd[30892]: sambaNTPassword
Sep 17 11:01:00 ldap1 slapd[30892]: sambaDomainName
Sep 17 11:01:00 ldap1 slapd[30892]: objectClass
Sep 17 11:01:00 ldap1 slapd[30892]: sambaAcctFlags
Sep 17 11:01:00 ldap1 slapd[30892]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[30892]: SRCH "dc=ovid,dc=evva,dc=com" 2 0
Sep 17 11:01:00 ldap1 slapd[30892]: 0 0 0
Sep 17 11:01:00 ldap1 slapd[30892]: filter: (&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))
Sep 17 11:01:00 ldap1 slapd[30892]: attrs:
Sep 17 11:01:00 ldap1 slapd[30892]: uid
Sep 17 11:01:00 ldap1 slapd[30892]: uidNumber
Sep 17 11:01:00 ldap1 slapd[30892]: gidNumber
Sep 17 11:01:00 ldap1 slapd[30892]: homeDirectory
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdLastSet
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdCanChange
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPwdMustChange
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogonTime
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogoffTime
Sep 17 11:01:00 ldap1 slapd[30892]: sambaKickoffTime
Sep 17 11:01:00 ldap1 slapd[30892]: cn
Sep 17 11:01:00 ldap1 slapd[30892]: displayName
Sep 17 11:01:00 ldap1 slapd[30892]: sambaHomeDrive
Sep 17 11:01:00 ldap1 slapd[30892]: sambaHomePath
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLogonScript
Sep 17 11:01:00 ldap1 slapd[30892]: sambaProfilePath
Sep 17 11:01:00 ldap1 slapd[30892]: description
Sep 17 11:01:00 ldap1 slapd[30892]: sambaUserWorkstations
Sep 17 11:01:00 ldap1 slapd[30892]: sambaSID
Sep 17 11:01:00 ldap1 slapd[30892]: sambaPrimaryGroupSID
Sep 17 11:01:00 ldap1 slapd[30892]: sambaLMPassword
Sep 17 11:01:00 ldap1 slapd[30892]: sambaNTPassword
Sep 17 11:01:00 ldap1 slapd[30892]: sambaDomainName
Sep 17 11:01:00 ldap1 slapd[30892]: objectClass
Sep 17 11:01:00 ldap1 slapd[30892]: sambaAcctFlags
Sep 17 11:01:00 ldap1 slapd[30892]:
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
Sep 17 11:01:00 ldap1 slapd[31273]: do_add: ndn (UID=TEST_PC$,OU=SYSTEMS,DC=OVID,DC=EVVA,DC=COM)
Sep 17 11:01:00 ldap1 slapd[31273]: ==> ldbm_back_add: uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com
Sep 17 11:01:00 ldap1 slapd[31273]: Entry (uid=test_pc$,ou=Systems,dc=ovid,dc=evva,dc=com): object class 'sambaSamAccount' requires attribute 'sambaSID'
Sep 17 11:01:00 ldap1 slapd[31273]: send_ldap_result: 65::object class 'sambaSamAccount' requires attribute 'sambaSID'
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(22)
Sep 17 11:01:00 ldap1 slapd[30889]: connection_get(23)
-------------- next part --------------
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = samba
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
netbios name = pdc
os level =33
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
security = user
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
# passdb backend = tdbsam guest
obey pam restrictions = yes
guest account = nobody
invalid users = root
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Augustin Luton <aluton at hybrigenics.fr> for
# sending the correct chat script for the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no
#=====================================
#Domain options:
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u\winprofile
logon script = logon.cmd
#==========================LDAP==============================
# ldap related parameters
# define the DN to use when binding to the directory servers
# The password for this DN is not stored in smb.conf. Rather it
# must be set by using 'smbpasswd -w secretpw' to store the
# passphrase in the secrets.tdb file. If the "ldap admin dn" values
# change, this password will need to be reset.
#ldap admin dn = "cn=admin,ou=People,dc=ovid,dc=evva,dc=com"
ldap admin dn = "cn=admin,dc=ovid,dc=evva,dc=com"
# Define the SSL option when connecting to the directory
# ('off', 'start tls', or 'on' (default))
ldap ssl = off
# syntax: passdb backend = ldapsam:ldap://server-name[:port]
passdb backend = ldapsam:ldap://ldap1.ovid.evva.com, guest
# smbpasswd -x delete the entire dn-entry
ldap delete dn = no
# the machine and user suffix added to the base suffix
# wrote WITHOUT quotes. NULL suffixes by default
ldap user suffix = "ou=People,dc=ovid,dc=evva,dc=com"
ldap machine suffix = "ou=Systems,dc=ovid,dc=evva,dc=com"
# Trust unix account information in LDAP
# (see the smb.conf manpage for details)
# ldap trust ids = Yes #??Geht NED???
# specify the base DN to use when searching the directory
ldap suffix = "dc=ovid,dc=evva,dc=com"
# generally the default ldap search filter is ok
# ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap passwd sync = yes
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups
# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin
######## File sharing ########
# Name mangling options
preserve case = yes
short preserve case = yes
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
; domain master = auto
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = no
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
read only = yes
write list = ntadmin
[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
More information about the samba
mailing list