[Samba] Samba 3.0.6 + LDAP

029ah 029ah at mail.ru
Tue Aug 31 13:06:12 GMT 2004


Hello!
I'm running samba 3.0.6 with schema patch and ldap-2.1.3
I've used this doc as example: 
http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html#ch6-massive
(Samba 3 by example, chapter 6 - Samba 3 PDC Configuration)
I've sucsessfully move users from files to ldap, and it works fine (ssh, 
ftp auth..).

The trouble is that I cannot join windows or linux computer to domain:

Mobile computer:
    root at 029ah-mobile pub # net rpc join -S 192.168.1.1 -U root
    Password: ********
    [2004/08/31 16:44:58, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(240)
      error looking up rid for user 029ah-mobile$: NT_STATUS_NONE_MAPPED
    Unable to join domain OSVA.RU.

But I can join domain from PDC-server:
    main-server samba # net rpc join -S 192.168.1.1 -U root
    Password:
    Joined domain OSVA.RU.

Windows XP/2000 tells something like "There is no mapping from user 
names to codes of data protection"
(Hard to tranlsate, Win is non-english).

I've tried to manually create Machine Account in LDAP tree:
smbldapadd -w X029AH-DESKTOP
smbpasswd -m X029AH-DESKTOP

(I've tried to store machines accounts in separate tree - Hosts, and in 
users tree - People)

Note: when I logging locally at windows machine, I can browse files 
shared by Samba PDC using usernames
and passwords stored in LDAP.

Note: why ldap filter does not work?

Here is smbd log:
[2004/08/31 16:12:27, 5] lib/smbldap.c:smbldap_search(963)
  smbldap_search: base => [dc=osva,dc=ru], filter => 
[(&(uid=X029AH-DESKTOP$)(objectclass=sambaSamAccount))], scope
=> [2]
[2004/08/31 16:12:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
  init_sam_from_ldap: Entry found for user: X029AH-DESKTOP$
[2004/08/31 16:12:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/08/31 16:12:27, 5] 
rpc_parse/parse_samr.c:init_samr_r_lookup_names(4755)
  init_samr_r_lookup_names
[2004/08/31 16:12:27, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1445)
  _samr_lookup_names: 1445
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_lookup_names
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
      0000 num_rids1: 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
      0004 ptr_rids : 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
      0008 num_types1: 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
      000c ptr_types : 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
      0010 status: NT_STATUS_NONE_MAPPED
[2004/08/31 16:12:27, 5] rpc_server/srv_pipe.c:api_rpcTNP(1581)
  api_rpcTNP: called samr successfully
[2004/08/31 16:12:27, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 56
[2004/08/31 16:12:27, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(911)
  read_from_pipe: 7763 name: samr len: 1024

smb.conf:
[global]                                                                                                                   

        workgroup = OSVA.RU
        netbios name = MAIN-SERVER
        server string = Central File Server
        admin users = x029ah root
        guest account = sambaguest
        security = user
        encrypt passwords = yes
        nt acl support = yes
        name resolve order = wins bcast hosts
        local master = yes
        preferred master = yes
        domain master = yes
        os level = 65
        wins support = yes
        dns proxy = no
        domain logons = yes
        logon path = \\%L\profiles\%U
        logon drive = H:
        logon home = \\%L\%U
        logon script = startup.bat
        add user script = /usr/local/sbin/smbldap-useradd.pl -a '%u'
        delete user script = /usr/local/sbin/smbldap-userdel.pl '%u'
        add user to group script = /usr/local/sbin/smbldap-groupmod.pl 
-m '%u' '%g'
        delete user from group script = 
/usr/local/sbin/smbldap-groupmod.pl -x '%u' '%g'
        set primary group script = /usr/local/sbin/smbldap-usermod.pl -g 
'%g' '%u'
        add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
        delete group script = /usr/local/sbin/smbldap-userdel.pl '%g'
        add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d 
/dev/null -g machines -c 'Machine Account' -s /bin/false %u
        passdb backend = ldapsam:ldap://osva.ru
        idmap backend = ldap:ldap://osva.ru
        ldap filter = (uid=%u)
        ldap delete dn = no
        ldap admin dn = cn=manager,dc=osva,dc=ru
        ldap suffix = dc=osva,dc=ru
        ldap passwd sync = yes
        ldap ssl = no
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=Group
        ldap idmap suffix = ou=Idmap
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = Yes



More information about the samba mailing list