[Samba] Profile Problem with ldap backend
Paul Gienger
pgienger at ae-solutions.com
Tue Jul 13 13:01:01 GMT 2004
ds_shadof at uni-altai.ru wrote:
>The Samba 3.0.5rc1 server is configured as a PDC.
>
>
<snip>
>#WINBIND CONFIG!!!!
> winbind separator = +
> winbind use default domain = Yes
> winbind uid =10000-20000
> winbind gid =10000-20000
>#If i comment it then
>#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
># winbindd: idmap uid range missing or invalid
>#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
># winbindd: cannot continue, exiting.
># Could not init idmap -- netlogon proxy only
># strange thing.... on 3.0.4 i don't need to write it
> winbind enum users = yes
> winbind enum groups = yes
>
>
Firstoff, is there someplace that people get confused about the use of
winbind/idmap? It is strictly for use ONLY with a windows AD server as
your primary directory... well I guess maybe it would be used if you
wanted to do some kind of wierd authentication against a different samba
server, but why?!?!
Anyways, start by removing all your idmap entries and that will clear up
some log entries.
> password server= localhost
>
>
This one too. This is for authenticating against some other server,
like if you were simply a member of a domain using domain security.
<snip>
>#LDAP STARTS HERE
> passdb backend = ldapsam:ldap://localhost
> ldap admin dn = "cn=Manager,dc=liin,dc=org"
> ldap server = localhost
> ldap port = 389
> ldap suffix = dc=liin,dc=org
> ldap machine suffix = ou=people
> ldap user suffix = ou=people
> ldap group suffix = ou=groups
># ldap filter = "(&(uid%=%U)(ObjectClass=sambaSamAccount))"
>#LDAP continue
> ldap idmap suffix = ou=Idmap
> idmap backend = ldap:ldap//localhost
> idmap uid = 10000 - 20000
> idmap gid = 10000 - 20000
>
>
The 4 lines above should go too.
<snip the rest of smb.conf>
>When i try to logon WinXP(pro) says:
>"Windows cannot find the server profile and is logging you on with a temporart profile."
> or somenthing like that. I have russian copy of winxp.
>Next hi says:
>"Windows cannot find the local profile and is logging you on with a temporart profile."
>(it because i removed c:\Documents and Settings\Default User)
>
>
>Problem n2:
>Problem With Winbind(or not?)
>
>[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131)
> idmap_init: using 'ldap' as remote backend
>[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931)
> smbldap_search: base => [ou=Idmap,dc=liin,dc=org], filter => [(objectclass=sambaUnixIdPool)], scope => [2]
>[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543)
> smbldap_open_connection: ldap//localhost
>[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546)
> ldap_initialize: Time limit exceeded
>[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908)
> Connection to LDAP Server failed for the 1 try!
>
>
Looks like you're failing to connect to your local server. You've got
some confusion because of the multiple specifications here. Notice that
this failure is complaining about being able to connect to
ldap//localhost (see the missing colon?) You need to roto-till your
smb.conf then try again. Get the idmap stuff out and see if your errors
are more specific.
Assuming you do all that and still have issues: Have you verified that
your ldap setup is correct? That is: does your system authenticate fine
against ldap or are you just trying to store samba in ldap? If you're
just setting up one linux server then ldap is overkill for both system
auth and samba, in that case stick to tdb.
>[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646)
> fcntl_lock 7 13 0 1 1
>[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681)
> fcntl_lock: Lock call successful
>
>I use idealx smbldap-populate to fill ldap directory
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list