[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

Craig White craigwhite at azapple.com
Sat Jul 17 05:53:22 GMT 2004 

On Fri, 2004-07-16 at 13:39, abebe lsslp wrote:
> Hey Craig, 
> Here is what's happening. I've got nothing, but
> headache from looking at log level 10, but finally I
> finished going over it. For those of you who have not
> been following, check
> http://150.208.105.24/smbldap-pdc.html
> 
> > ----
> > > smbd/process.c:timeout_processing(1332)
> > >   timeout_processing: End of file from client
> > (client
> > > has disconnected).
> > 
> > You are attempting to join WinXP to domain, are
> > asked for the
> > name/password/domain of a user who has sufficient
> > privileges to add a
> > machine to the domain and it fails to finish? The
> > machine is indeed
> > added to LDAP - that's all I can figure out from
> > your email.
> > 
> > First off - my understanding is that Machine
> > accounts should still be
> > located in the People subtree and not in the
> > Computers subtree because
> > subsequent searches will not locate it there. If
> > this has been fixed,
> > I'm sure someone will correct me.
> >
> 
> I have tried it your way as well. 
> 
> # 1
> Changeed the Entry in '/etc/ldap.conf' to 
> 
> nss_base_passwd ou=People,dc=wbcoll,dc=edu?one
> nss_base_shadow ou=People,dc=wbcoll,dc=edu?one
> nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one
> 
> #2
> changed the entry in '/etc/samba/smb.conf' file, I
> changed 
> 
> ldap machine suffix = ou=People
> 
> #3
> and finally, the entry in
> '/etc/smbldap-tools/smbldap.conf'
> 
> # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
> computersdn="ou=People,dc=wbcoll,dc=edu"
> 
> However, I am sure the "ou =Computers" entry works. A
> lot of documentations, including idealx.org would have
> corrected their documentations if it wasn't so.  
> 
> > Secondly - ldap log?
> 
> I couldn't find any hint that leads me to believe the
> ldap doesn't work, but you might see something I
> don't.  you will find the whole 'slapd.log' file here:
> http://150.208.105.24/smbldap-pdc/. (there are also
> log files for the xp machine. ('winxp.log.html' is log
> level 10 and 'winxp_log.html' is log level 3). Log
> level 10 doesn't really tell me anything log level 3
> doesn't.    
----
SID's don't match...

dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
<snip>
sambaPrimaryGroupSID: S-1-5-21-952094410-1508517273-1204454084-512
sambaSID: S-1-5-21-952094410-1508517273-1204454084-2996

pdbedit -Lv testuser1
<snip>
User SID:             S-1-5-21-1414736517-1990894286-2385622597-3000
Primary Group SID:    S-1-5-21-1414736517-1990894286-2385622597-513

Who knows which SID is in smbldap_conf and which SID is in dn=SambaDomainName,dc=wbcoll,dc=edu

This should be one of the first things you check.

Also - just for a point of reference (not that what I do is at all correct or even recommended by the many people that know way more than I do), I set the primary posix gid for all users to a posix labeled group and my /etc/samba/smbusers looks like this:
# cat /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = Administrator administrator admin
nobody = guest pcguest smbguest

I hope this helps.

Craig

More information about the samba mailing list