[Samba] Openldap samba 3.0.5 net group add does not work

Matt Hoyt mrhoyt3 at hotmail.com
Sat Jul 31 17:23:56 GMT 2004


It still doesn't work.  Do I need to download padl.com tools for transfering 
/etc/passwd and /etc/group to openldap?  Here is my nsswitch.conf file and 
the last few lines for syslog showing openldap calls.

/etc/nsswitch.conf:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4 
2002/11/18 19:39:22 azarah Exp $

passwd:      files winbind
shadow:      files
group:       files winbind

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files wins

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files

Jul 31 12:21:39 backup slapd[13506]: conn=525 op=37 SRCH attr=sambaSID 
uidNumber gidNumber objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=37 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SRCH 
base="ou=Groups,dc=sovereign" scope=2 
filter="(&(objectClass=sambaGroupMapping)(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SRCH attr=gidNumber 
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=38 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SRCH 
base="ou=Groups,dc=sovereign" scope=2 
filter="(&(|(objectClass=posixGroup)(objectClass=sambaIdmapEntry))(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SRCH attr=gidNumber 
sambaSID sambaGroupType sambaSIDList description displayName cn objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=39 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SRCH 
base="ou=People,dc=sovereign" scope=2 
filter="(&(objectClass=sambaIdmapEntry)(gidNumber=441))"
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SRCH attr=sambaSID 
uidNumber gidNumber objectClass
Jul 31 12:21:39 backup slapd[13506]: conn=525 op=40 SEARCH RESULT tag=101 
err=0 nentries=0 text=
Jul 31 12:21:39 backup slapd[13483]: conn=525 fd=24 closed


Matt Hoyt




>From: Paul Gienger <pgienger at ae-solutions.com>
>To: Matt Hoyt <mrhoyt3 at hotmail.com>,MailingList_Samba 
<samba at lists.samba.org>
>Subject: Re: [Samba] Openldap samba 3.0.5 net group add does not work
>Date: Sat, 31 Jul 2004 01:23:56 -0500
>
>I'm going to make an assumption here that you aren't using any
>Active Directory...
>
>Changes below (after correspoding lines):
>
>>[global]
>>workgroup = WORKGROUP
>>netbios name = backup
>>#username map = /etc/samba/smbusers
>
>
>>add user script = /usr/sbin/useradd -m %u
>>delete user script = /usr/sbin/useradd -r %u
>>add group script = /usr/sbin/groupadd %g
>>delete group script = /usr/sbin/groupadd %g
>>add user to group script = /usr/sbin/usermod -G %g %u
>>add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null
>>-g machines %u
>
>Add quotes around your % arguments here.  Even though you quote them
>on the command line that doesn't mean they get to the scripts that
>way
>
>>preferred master = yes
>>domain master = yes
>>local master = yes
>>security = users
>>domain logons = yes
>>os level = 35
>>logon path = \\%L\profiles\%u
>>logon drive = H:
>>logon home = \\%L\%u\winprofile
>>logon script = /etc/samba/logon/scripts
>
>Unrelated to your issue, but you need to specify an absolute script
>here, it appears you're just pointing to a directory.  Either point
>to a global script (logon.bat) or maybe a user/group script
>(%u.bat).  This path will also be relative to your netlogon share.
>
>>#idmap backend = ldapsam:ldap://localhost
>
>Good to comment this out, but remove it and any idmap related
>entries.
>
>>ldap suffix = dc=sovereign
>>ldap admin dn = "cn=Manager,ou=People,dc=sovereign"
>>ldap ssl = no
>>passdb backend = ldapsam:ldap://localhost
>>ldap delete dn = no
>>ldap user suffix = ou=People
>>ldap group suffix = ou=Groups
>>ldap machine suffix = ou=Computers
>
>Depending on your nss configuration, change this to ou=People.
>Search the archives for an explanation, you can search for me if you
>wish, I've responded more times than I wish to remember.
>
>>ldap idmap suffix = ou=Idmap
>>winbind separator = +
>>winbind enum users = yes
>
>These 3 should go bye bye, as well as any other winbind related
>entries, at least for your PDC.
>
>>template homedir = /home/winnt/%D/%U
>>template shell = /bin/bash
>>idmap uid = 10000-20000
>>idmap gid = 10000-20000
>
>delete 2x.
>
>>
>>Here is the ldap-init.ldif
>># Samba openldap configuration file
>># -------------------------------------------
>># Organization for Samba Base
>>dn: dc=sovereign
>>objectclass: dcObject
>>objectclass: organization
>>dc: sovereign
>>o: sovereign network test
>>description: ldap configuration
>>
>># Organizational Role for Directory Management
>>dn: cn=Manager,dc=sovereign
>>objectclass: organizationalRole
>>cn: Manager
>>description: Manager
>>
>># Setting up container for users
>>dn: ou=People,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: People
>>
>># Setting up admin handle for people
>>dn: cn=admin,ou=People,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: *********************************
>>
>># Setting up container for groups
>>dn: ou=Groups,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Groups
>>
>># Setting up admin for Groups ou
>>dn: cn=admin,ou=Groups,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: *********************************
>>
>># Setting up container for computers
>>dn: ou=Computers,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Computers
>>
>># Setting up admin handle for Computers OU
>>dn: cn=admin,ou=Computers,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: ***********************************
>>
>># Setting up container for idmap
>>dn: ou=Idmap,dc=sovereign
>>objectclass: top
>>objectclass: organizationalUnit
>>ou: Idmap
>>
>># Setting up admin for Groups ou
>>dn: cn=admin,ou=Idmap,dc=sovereign
>>cn: admin
>>objectclass: top
>>objectclass: organizationalRole
>>objectclass: simpleSecurityObject
>>userPassword: **********************************
>>
>>Gentoo box running kernel 2.6.7
>>
>>I am able to add users and machine accounts.  If I use tdbsam net
>>groupmap works.
>
>Curious how you have your nss configured, or if logging on actually
>works if you haven't toyed with it. Although chances are that if you
>are running gentoo you toyed with EVERYTHING.
>
>--
>Paul Gienger                     Office: 701-281-1884
>Applied Engineering Inc.         Information Systems Consultant
>Fax:    701-281-1322
>URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com
>
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



More information about the samba mailing list