[Samba] ldapsam - Failed to open group mapping database

Angel Galindo Muñoz agalindo at ub.edu
Tue May 11 12:33:40 GMT 2004


	Hi!

	I've been trying to install Samba 3.0.2a + ldapSam (Stand-Alone, not 
PDC)  on a RedHat Enterprise Edition 3.0 as a fileserver. It works fine 
but I still get some errors about groups and I can't find the answers in 
the mailing list log:


	Let's explain the error: When I connect with a W2k client it works 
fine, but then if I try to add extra permissions to a file it complains 
in some ways. The underlying FS is XFS (bestbits' linux 2.4.25 
ACL+Quotas patch) with ACLs enabled (I'm sure there isnt any filesystem 
error).



	The log looks like this:


[2004/05/11 12:52:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
   init_sam_from_ldap: Entry found for user: samba4
[2004/05/11 12:52:31, 0] groupdb/mapping.c:init_group_mapping(139)
   Failed to open group mapping database
[2004/05/11 12:52:31, 0] groupdb/mapping.c:get_group_from_gid(655)
   failed to initialize group mappingFailed to open group mapping database
[2004/05/11 12:52:31, 0] groupdb/mapping.c:get_group_from_gid(655)
   failed to initialize group mappingget_alias_user_groups: gid of user 
samba4 doesn't exist. Check your /etc/passwd and /etc/group files
[2004/05/11 12:52:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
   init_sam_from_ldap: Entry found for user: Domain Users
[2004/05/11 12:52:31, 2] rpc_server/srv_util.c:get_alias_user_groups(145)
   get_alias_user_groups: getgroups_user failed



	There are two clear messages:
  - "Failed to open group mapping database"
  -"gid of user samba4 doesn't exist...".



	This is a ldif snippet of the ldap SAM. I'm not using any tool, I need 
to be able to do it directly on LDAP , because the user managamement 
must be done by our middleware integration applications:


########
# User #
########
dn: uid=samba4, ou=People, ou=file, o=ub, c=es
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: top
sambaAcctFlags: [UX         ]
uid: samba4
cn: Usuari samba4
loginShell: /bin/bash
gidNumber: 1002
displayName: Usuari samba4
homeDirectory: /home/samba4
sambaNTPassword: 47592B71C1BFBB0F76F215901B4D1A37
sambaLMPassword: 63F31FE8389468A6AAD3B435B51404EE
sambaSID: S-1-5-21-349043978-4100265039-1442050830-1104
userPassword: {CRYPT}DmHwJp6jnwQcU
uidNumber: 1004
sambaPrimaryGroupSID: S-1-5-21-349043978-4100265039-1442050830-513

################
# Unix Groups: #
################
dn: cn=unixSambaAdmins, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaAdmins
gidNumber: 1003
description: El grup UNIX d administradors de Samba

dn: cn=unixSambaNobodyGroup, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaNobodyGroup
gidNumber: 1004
description: El grup UNIX de samba nobody

dn: cn=unixSambaUsuaris, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: posixgroup
cn: unixSambaUsuaris
gidNumber: 1002
description: El grup UNIX d usuaris Samba

##############
# NT Groups: #
##############
dn: cn=Domain Admins, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-512
gidNumber: 1003
sambaGroupType: 5
uid: Domain Admins

dn: cn=Domain Users, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-513
gidNumber: 1002
sambaGroupType: 5
uid: Domain Users

dn: cn=Domain Guests, ou=Groups, ou=file, o=ub,c=es
objectClass: top
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
sambaSID: S-1-5-21-349043978-4100265039-1442050830-514
gidNumber: 1004
sambaGroupType: 5
uid: Domain Guests



	The ldap ACLs grants to the manager DN used by samba has full access, 
there are no permision problems.

	More info about mapping: It looks like good (?) :

[root at sambap root]# /opt/samba/bin/net groupmap list
Domain Users (S-1-5-21-349043978-4100265039-1442050830-513) -> 
unixSambaUsuaris
Domain Admins (S-1-5-21-349043978-4100265039-1442050830-512) -> 
unixSambaAdmins
Domain Guests (S-1-5-21-349043978-4100265039-1442050830-514) -> 
unixSambaNobodyGroup


	Anyway let's also give the relevant sections of smb.conf:

[global]
    nt acl support = yes
    workgroup = SAMBAPROVES
    server string = Servidor Samba de Proves
    hosts allow = 161.116.2.
    printcap name = /etc/printcap
    load printers = yes
    printing = bsd
    log file = /var/log/samba/%m.log
    max log size = 5000
    log level = 2
    security = user
   encrypt passwords = yes
ldap admin dn=cn=xxxxxx,o=ub,c=es
passdb backend = ldapsam:ldap://xx.yy.zz:ppp
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = ou=file, o=ub, c=es
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    nt acl support = yes



	I'm very sure that my error is on Group Mapping but I've read Chapters 
11 (Account Info DBs) and 12 (Group Mapping) and I can't fix it.

	Any help would be very very appreciated.
	Thanks in advance!



-- 
Angel Galindo Muñoz



More information about the samba mailing list