[Samba] Openldap samba 3.0.5 net group add does not work

Paul Gienger pgienger at ae-solutions.com
Sat Jul 31 06:23:56 GMT 2004


I'm going to make an assumption here that you aren't using any Active 
Directory...

Changes below (after correspoding lines):

> [global]
> workgroup = WORKGROUP
> netbios name = backup
> #username map = /etc/samba/smbusers


> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/useradd -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupadd %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g 
> machines %u

Add quotes around your % arguments here.  Even though you quote them on 
the command line that doesn't mean they get to the scripts that way

> preferred master = yes
> domain master = yes
> local master = yes
> security = users
> domain logons = yes
> os level = 35
> logon path = \\%L\profiles\%u
> logon drive = H:
> logon home = \\%L\%u\winprofile
> logon script = /etc/samba/logon/scripts

Unrelated to your issue, but you need to specify an absolute script 
here, it appears you're just pointing to a directory.  Either point to a 
global script (logon.bat) or maybe a user/group script (%u.bat).  This 
path will also be relative to your netlogon share.

> #idmap backend = ldapsam:ldap://localhost

Good to comment this out, but remove it and any idmap related entries.

> ldap suffix = dc=sovereign
> ldap admin dn = "cn=Manager,ou=People,dc=sovereign"
> ldap ssl = no
> passdb backend = ldapsam:ldap://localhost
> ldap delete dn = no
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers

Depending on your nss configuration, change this to ou=People.  Search 
the archives for an explanation, you can search for me if you wish, I've 
responded more times than I wish to remember.

> ldap idmap suffix = ou=Idmap
> winbind separator = +
> winbind enum users = yes

These 3 should go bye bye, as well as any other winbind related entries, 
at least for your PDC.

> template homedir = /home/winnt/%D/%U
> template shell = /bin/bash
> idmap uid = 10000-20000
> idmap gid = 10000-20000

delete 2x.

>
> Here is the ldap-init.ldif
> # Samba openldap configuration file
> # -------------------------------------------
> # Organization for Samba Base
> dn: dc=sovereign
> objectclass: dcObject
> objectclass: organization
> dc: sovereign
> o: sovereign network test
> description: ldap configuration
>
> # Organizational Role for Directory Management
> dn: cn=Manager,dc=sovereign
> objectclass: organizationalRole
> cn: Manager
> description: Manager
>
> # Setting up container for users
> dn: ou=People,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: People
>
> # Setting up admin handle for people
> dn: cn=admin,ou=People,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: *********************************
>
> # Setting up container for groups
> dn: ou=Groups,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Groups
>
> # Setting up admin for Groups ou
> dn: cn=admin,ou=Groups,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: *********************************
>
> # Setting up container for computers
> dn: ou=Computers,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Computers
>
> # Setting up admin handle for Computers OU
> dn: cn=admin,ou=Computers,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: ***********************************
>
> # Setting up container for idmap
> dn: ou=Idmap,dc=sovereign
> objectclass: top
> objectclass: organizationalUnit
> ou: Idmap
>
> # Setting up admin for Groups ou
> dn: cn=admin,ou=Idmap,dc=sovereign
> cn: admin
> objectclass: top
> objectclass: organizationalRole
> objectclass: simpleSecurityObject
> userPassword: **********************************
>
> Gentoo box running kernel 2.6.7
>
> I am able to add users and machine accounts.  If I use tdbsam net 
> groupmap works.

Curious how you have your nss configured, or if logging on actually 
works if you haven't toyed with it. Although chances are that if you are 
running gentoo you toyed with EVERYTHING.

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com




More information about the samba mailing list