[Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
José Ildefonso Camargo Tolosa
icamargo at merkurio.com.ve
Sun Jul 18 01:01:01 GMT 2004
Hi.
I think you are having a lot of trouble.
Take a look at:
http://samba.idealx.org/smbldap-howto.fr.html (it is in english).
And:
http://us1.samba.org/samba/docs/Samba-Guide.pdf (This is samba-3 by
example, use the pdf, the html is missing some images).
Look at chapter 6 and 7 (very good, but complement it with the url from
idealx).
There are only a couple of minor details in samba-3 by example,
otherwise it is an EXCELENT book (I would buy it, if I had the money :( ).
If you have any more questions, just ask.
c-ya!
Ildefonso Camargo
icamargo at merkurio.com.ve
icamargo at unet.edu.ve
ildefonso_camargo at yahoo.com
Craig White wrote:
>On Fri, 2004-07-16 at 13:39, abebe lsslp wrote:
>
>
>>Hey Craig,
>>Here is what's happening. I've got nothing, but
>>headache from looking at log level 10, but finally I
>>finished going over it. For those of you who have not
>>been following, check
>>http://150.208.105.24/smbldap-pdc.html
>>
>>
>>
>>>----
>>>
>>>
>>>>smbd/process.c:timeout_processing(1332)
>>>> timeout_processing: End of file from client
>>>>
>>>>
>>>(client
>>>
>>>
>>>>has disconnected).
>>>>
>>>>
>>>You are attempting to join WinXP to domain, are
>>>asked for the
>>>name/password/domain of a user who has sufficient
>>>privileges to add a
>>>machine to the domain and it fails to finish? The
>>>machine is indeed
>>>added to LDAP - that's all I can figure out from
>>>your email.
>>>
>>>First off - my understanding is that Machine
>>>accounts should still be
>>>located in the People subtree and not in the
>>>Computers subtree because
>>>subsequent searches will not locate it there. If
>>>this has been fixed,
>>>I'm sure someone will correct me.
>>>
>>>
>>>
>>I have tried it your way as well.
>>
>># 1
>>Changeed the Entry in '/etc/ldap.conf' to
>>
>>nss_base_passwd ou=People,dc=wbcoll,dc=edu?one
>>nss_base_shadow ou=People,dc=wbcoll,dc=edu?one
>>nss_base_group ou=Groups,dc=wbcoll,dc=edu?one
>>
>>#2
>>changed the entry in '/etc/samba/smb.conf' file, I
>>changed
>>
>>ldap machine suffix = ou=People
>>
>>#3
>>and finally, the entry in
>>'/etc/smbldap-tools/smbldap.conf'
>>
>># Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
>>computersdn="ou=People,dc=wbcoll,dc=edu"
>>
>>However, I am sure the "ou =Computers" entry works. A
>>lot of documentations, including idealx.org would have
>>corrected their documentations if it wasn't so.
>>
>>
>>
>>>Secondly - ldap log?
>>>
>>>
>>I couldn't find any hint that leads me to believe the
>>ldap doesn't work, but you might see something I
>>don't. you will find the whole 'slapd.log' file here:
>>http://150.208.105.24/smbldap-pdc/. (there are also
>>log files for the xp machine. ('winxp.log.html' is log
>>level 10 and 'winxp_log.html' is log level 3). Log
>>level 10 doesn't really tell me anything log level 3
>>doesn't.
>>
>>
>----
>SID's don't match...
>
>dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu
><snip>
>sambaPrimaryGroupSID: S-1-5-21-952094410-1508517273-1204454084-512
>sambaSID: S-1-5-21-952094410-1508517273-1204454084-2996
>
>pdbedit -Lv testuser1
><snip>
>User SID: S-1-5-21-1414736517-1990894286-2385622597-3000
>Primary Group SID: S-1-5-21-1414736517-1990894286-2385622597-513
>
>Who knows which SID is in smbldap_conf and which SID is in dn=SambaDomainName,dc=wbcoll,dc=edu
>
>This should be one of the first things you check.
>
>Also - just for a point of reference (not that what I do is at all correct or even recommended by the many people that know way more than I do), I set the primary posix gid for all users to a posix labeled group and my /etc/samba/smbusers looks like this:
># cat /etc/samba/smbusers
># Unix_name = SMB_name1 SMB_name2 ...
>root = Administrator administrator admin
>nobody = guest pcguest smbguest
>
>I hope this helps.
>
>Craig
>
>
>
More information about the samba
mailing list