[Samba] Trying to configure a SAMBA 3 PDC with OpenLDAP

Marc Remolt JesoreHarale at gmx.de
Sun Jan 11 11:39:37 GMT 2004 

On Sun, 11 Jan 2004 02:17:06 -0400 (VET)
vegeta2 at ica.luz.ve wrote:

When you added the machine account by hand (the posix part), have you added the $ behind the machine name? Samba expects machines to be like 
tuqueque$ instead of tuqueque. It's just a quick guess. 
Btw, smbldap-tools work great for me (they automatically add all the needed groups for example - you'd like that), what exactly is your problem?

Jesore


> Hello,
> 
> I have some problems trying to configure a PDC with OpenLDAP backend using Samba 3.0.1.
> 
> My LDAP server is working fine and has the samba templates.
> 
> I am able to configure users. The procedure I am using is I first create the user in the LDAP server using posixAccount, shadowAccount, etc. Then, as root, I write 
> 
>      smbpasswd -a user
> 
> and it works fine.
> 
> I get the same effect if I use 
> 
>      pdbedit -a -u borra
> 
> The user is able to mount a share in the server. At this point things are working great.
> 
> My first problem is that I have been unable to add machines.
> I tried a similar procedure. First create the machine in the LDAP server (without sambaSamAccount) and then
> 
>      smbpasswd -m -a theMachine
> 
> I have tried everything including pdbedit and smbldap-tools 0.8.2.
> I get the following errors when trying to add a machine called tuqueque using 
> 
>      smbpasswd -m -a tuqueque -D256
> 
> Netbios name list:-
> my_netbios_names[0]="BOA"
> Trying to load: ldapsam:ldap://localhost
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
> Found pdb backend ldapsam
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
> smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
> smbldap_open_connection: ldap://localhost
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=ica,dc=luz,dc=ve"
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesful connected
> pdb backend ldapsam:ldap://localhost has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> smbldap_search_suffix: searching for:[(&(uid=tuqueque$)(objectclass=sambaSamAccount))]
> smbldap_open: already connected to the LDAP server
> ldapsam_getsampwnam: Unable to locate user [tuqueque$] count=0
> Finding user tuqueque$
> Trying _Get_Pwnam(), username as lowercase is tuqueque$
> Trying _Get_Pwnam(), username as uppercase is TUQUEQUE$
> Checking combinations of 0 uppercase letters in tuqueque$
> Get_Pwnam_internals didn't find user [tuqueque$]!
> 
> 
> The smbldap-tools 0.8.2 do not work at all. They do not even work for adding users (which I already solved using smbpasswd).
> 
> I have other questions:
> I have read that I have to create some groups (Domain Admins, Domain Users, Domain Guests), but the procedure for doing that when using LDAP is not clear. I tried adding the groups to the LDAP server and then using something like
> 
>     net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin
> 
> I get the following message:
> 
>      NT Group Domain Admins doesn't exist in mapping DB
>        
> 
> Can somebody help me?
> 
> Here is my smb.conf:
> [global]
> hosts allow = 172.17.6.0/255.255.255.0
> netbios name = BOA
> workgroup = ICALUZ
> security = user
> encrypt passwords = yes
> preferred master = yes
> domain master = yes
> local master = yes
> domain logons = yes
> os level = 33
> 
> ldap suffix = dc=ica,dc=luz,dc=ve
> ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"
> 
> idmap backend = ldap:ldap://localhost
> idmap gid = 10000-20000
> idmap uid = 10000-20000
> ldap idmap suffix = ou=Idmap
> 
> passdb backend = ldapsam:ldap://localhost
> ldap ssl = off
> ldap delete dn = no
> ldap user suffix = ou=Personas
> 
> ldap group suffix = ou=Grupos
> ldap machine suffix = ou=Computadoras
> #ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> ldap filter = (uid=%u)
> 
> logon path = \\%N\profiles\%u
> logon drive = H:
> logon home = \\homeserver\%u\winprofile
> logon script = logon.cmd
> 
> #logging
> log level = 2
> log file = /var/lib/samba/%m.log
> 
> [netlogon]
> path = /var/lib/samba/netlogon
> read only = yes
> write list = ntadmin
> 
> [profiles]
> path = /var/lib/samba/profiles
> read only = no
> create mask = 0644
> directory mask = 0755
> 
> [test]
> path=/tmp
> writeable=yes
> public=yes
> 
> 
> I have tried to follow the documentation, but it is somewhat confising when it refers to LDAP. It is never clear whether they are talking about the new style or the old Samba 2.x style. Maybe it is not completely updated.
> Any help is appreciated.
> 
> Regards,
> VS
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list