[Samba] Trying to configure a SAMBA 3 PDC with OpenLDAP

vegeta2 at ica.luz.ve vegeta2 at ica.luz.ve
Sun Jan 11 06:17:06 GMT 2004


Hello,

I have some problems trying to configure a PDC with OpenLDAP backend using Samba 3.0.1.

My LDAP server is working fine and has the samba templates.

I am able to configure users. The procedure I am using is I first create the user in the LDAP server using posixAccount, shadowAccount, etc. Then, as root, I write 

     smbpasswd -a user

and it works fine.

I get the same effect if I use 

     pdbedit -a -u borra

The user is able to mount a share in the server. At this point things are working great.

My first problem is that I have been unable to add machines.
I tried a similar procedure. First create the machine in the LDAP server (without sambaSamAccount) and then

     smbpasswd -m -a theMachine

I have tried everything including pdbedit and smbldap-tools 0.8.2.
I get the following errors when trying to add a machine called tuqueque using 

     smbpasswd -m -a tuqueque -D256

Netbios name list:-
my_netbios_names[0]="BOA"
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=ica,dc=luz,dc=ve"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching for:[(&(uid=tuqueque$)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [tuqueque$] count=0
Finding user tuqueque$
Trying _Get_Pwnam(), username as lowercase is tuqueque$
Trying _Get_Pwnam(), username as uppercase is TUQUEQUE$
Checking combinations of 0 uppercase letters in tuqueque$
Get_Pwnam_internals didn't find user [tuqueque$]!


The smbldap-tools 0.8.2 do not work at all. They do not even work for adding users (which I already solved using smbpasswd).

I have other questions:
I have read that I have to create some groups (Domain Admins, Domain Users, Domain Guests), but the procedure for doing that when using LDAP is not clear. I tried adding the groups to the LDAP server and then using something like

    net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin

I get the following message:

     NT Group Domain Admins doesn't exist in mapping DB
       

Can somebody help me?

Here is my smb.conf:
[global]
hosts allow = 172.17.6.0/255.255.255.0
netbios name = BOA
workgroup = ICALUZ
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
os level = 33

ldap suffix = dc=ica,dc=luz,dc=ve
ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"

idmap backend = ldap:ldap://localhost
idmap gid = 10000-20000
idmap uid = 10000-20000
ldap idmap suffix = ou=Idmap

passdb backend = ldapsam:ldap://localhost
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Personas

ldap group suffix = ou=Grupos
ldap machine suffix = ou=Computadoras
#ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap filter = (uid=%u)

logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u\winprofile
logon script = logon.cmd

#logging
log level = 2
log file = /var/lib/samba/%m.log

[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = ntadmin

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0644
directory mask = 0755

[test]
path=/tmp
writeable=yes
public=yes


I have tried to follow the documentation, but it is somewhat confising when it refers to LDAP. It is never clear whether they are talking about the new style or the old Samba 2.x style. Maybe it is not completely updated.
Any help is appreciated.

Regards,
VS





More information about the samba mailing list