[Samba] Samba 3.0.6 + LDAP
029ah
029ah at mail.ru
Tue Aug 31 13:06:12 GMT 2004
Hello!
I'm running samba 3.0.6 with schema patch and ldap-2.1.3
I've used this doc as example:
http://us3.samba.org/samba/docs/man/Samba-Guide/happy.html#ch6-massive
(Samba 3 by example, chapter 6 - Samba 3 PDC Configuration)
I've sucsessfully move users from files to ldap, and it works fine (ssh,
ftp auth..).
The trouble is that I cannot join windows or linux computer to domain:
Mobile computer:
root at 029ah-mobile pub # net rpc join -S 192.168.1.1 -U root
Password: ********
[2004/08/31 16:44:58, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(240)
error looking up rid for user 029ah-mobile$: NT_STATUS_NONE_MAPPED
Unable to join domain OSVA.RU.
But I can join domain from PDC-server:
main-server samba # net rpc join -S 192.168.1.1 -U root
Password:
Joined domain OSVA.RU.
Windows XP/2000 tells something like "There is no mapping from user
names to codes of data protection"
(Hard to tranlsate, Win is non-english).
I've tried to manually create Machine Account in LDAP tree:
smbldapadd -w X029AH-DESKTOP
smbpasswd -m X029AH-DESKTOP
(I've tried to store machines accounts in separate tree - Hosts, and in
users tree - People)
Note: when I logging locally at windows machine, I can browse files
shared by Samba PDC using usernames
and passwords stored in LDAP.
Note: why ldap filter does not work?
Here is smbd log:
[2004/08/31 16:12:27, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base => [dc=osva,dc=ru], filter =>
[(&(uid=X029AH-DESKTOP$)(objectclass=sambaSamAccount))], scope
=> [2]
[2004/08/31 16:12:27, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485)
init_sam_from_ldap: Entry found for user: X029AH-DESKTOP$
[2004/08/31 16:12:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/08/31 16:12:27, 5]
rpc_parse/parse_samr.c:init_samr_r_lookup_names(4755)
init_samr_r_lookup_names
[2004/08/31 16:12:27, 5] rpc_server/srv_samr_nt.c:_samr_lookup_names(1445)
_samr_lookup_names: 1445
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_lookup_names
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0000 num_rids1: 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0004 ptr_rids : 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
0008 num_types1: 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_uint32(635)
000c ptr_types : 00000000
[2004/08/31 16:12:27, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0010 status: NT_STATUS_NONE_MAPPED
[2004/08/31 16:12:27, 5] rpc_server/srv_pipe.c:api_rpcTNP(1581)
api_rpcTNP: called samr successfully
[2004/08/31 16:12:27, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 56
[2004/08/31 16:12:27, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(911)
read_from_pipe: 7763 name: samr len: 1024
smb.conf:
[global]
workgroup = OSVA.RU
netbios name = MAIN-SERVER
server string = Central File Server
admin users = x029ah root
guest account = sambaguest
security = user
encrypt passwords = yes
nt acl support = yes
name resolve order = wins bcast hosts
local master = yes
preferred master = yes
domain master = yes
os level = 65
wins support = yes
dns proxy = no
domain logons = yes
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
logon script = startup.bat
add user script = /usr/local/sbin/smbldap-useradd.pl -a '%u'
delete user script = /usr/local/sbin/smbldap-userdel.pl '%u'
add user to group script = /usr/local/sbin/smbldap-groupmod.pl
-m '%u' '%g'
delete user from group script =
/usr/local/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod.pl -g
'%g' '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /usr/local/sbin/smbldap-userdel.pl '%g'
add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d
/dev/null -g machines -c 'Machine Account' -s /bin/false %u
passdb backend = ldapsam:ldap://osva.ru
idmap backend = ldap:ldap://osva.ru
ldap filter = (uid=%u)
ldap delete dn = no
ldap admin dn = cn=manager,dc=osva,dc=ru
ldap suffix = dc=osva,dc=ru
ldap passwd sync = yes
ldap ssl = no
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
More information about the samba
mailing list