[Samba] openldap PDC : can't add machine account ;
"too many domain info entries"
Simone Cittadini
simonec at comvert.com
Thu Sep 23 09:01:55 GMT 2004
I've ereditated this quite messy openldap server from the previous
administrator, samba (3) relies on it for acting as a PDC.
The main problem (while I build a new directory from scratch) is you
can't add a machine account to the domain :
On the client it says the credentials are invalid, anyway the real
problem (from samba logs) seems to be :
"Got too many (2) domain info entries for domain DOMAIN"
(I've replaced my domain name to 'DOMAIN' and sambahost name to 'host'
for no particular reason ...)
host:/etc/samba # strings secrets.tdb | grep SID
&SECRETS/SID/HOST
&SECRETS/SID/DOMAIN <-- I think this is the problem, since a clean
installation on a test machine gives only the first line from the same
command, but I can't figure how to remove the entry.
other useful infos can be :
1)
host:/ # smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE]
Server Comment
--------- -------
HOST Samba Server Version 3.0.4-SUSE
Workgroup Master
--------- -------
DOMAIN HOST
2)
host:/ # net getlocalsid
[2004/09/22 11:39:38, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
Got too many (2) domain info entries for domain DOMAIN
SID for domain HOST is: S-1-5-21-3942806058-2931819711-1847247862
3)
host:/ # pdbedit -Lv user
Got too many (2) domain info entries for domain DOMAIN
Got too many (2) domain info entries for domain DOMAIN
Unix username: user
NT username: user
Account Flags: [U ]
User SID: S-1-5-21-3942806058-2931819711-1847247862-2010
Primary Group SID: S-1-5-21-3942806058-2931819711-1847247862-513
Full Name: Some User
Home Directory: \\host\user
HomeDir Drive: H:
Logon Script: logon.bat
Profile Path: \\host\profiles\user
Domain: DOMAIN
[etc...]
4)
host:/ # net groupmap list
[2004/09/22 11:50:47, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
Got too many (2) domain info entries for domain DOMAIN
Domain (S-1-5-21-3942806058-2931819711-1847247862-1203) -> domain
Domain Guests (S-1-5-21-3942806058-2931819711-1847247862-514) -> nobody
Domain Users (S-1-5-21-3942806058-2931819711-1847247862-513) -> users
Domain Admins (S-1-5-21-3942806058-2931819711-1847247862-512) -> Domain
Admins
Guests (S-1-5-21-3942806058-2931819711-1847247862-546) -> Guests
Power Users (S-1-5-21-3942806058-2931819711-1847247862-547) -> Power Users
Account Operators (S-1-5-21-3942806058-2931819711-1847247862-548) ->
Account Operators
Server Operators (S-1-5-21-3942806058-2931819711-1847247862-549) ->
Server Operators
Print Operators (S-1-5-21-3942806058-2931819711-1847247862-550) -> Print
Operators
Backup Operators (S-1-5-21-3942806058-2931819711-1847247862-551) ->
Backup Operators
Replicator (S-1-5-21-3942806058-2931819711-1847247862-552) -> Replicator
Domain Computers (S-1-5-21-3942806058-2931819711-1847247862-553) ->
Domain Computers
5)
[the exported LDIF of ldap domain entry]
dn: sambaDomainName=DOMAIN, dc=domain, dc=com
sambaNextUserRid: 4000
sambaSID: S-1-5-21-3942806058-2931819711-1847247862
sambaNextGroupRid: 4001
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: DOMAIN
6 )
[relevant lines from smb.conf]
netbios name = HOST
workgroup = DOMAIN
passdb backend = ldapsam:ldap://localhost/
ldap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap ssl = on
ldap user suffix = ou=people
ldap group suffix = ou=Group
ldap machine suffix = ou=people
#ldap filter = ($(uid=%u)(objectclass=sambaSAMAccount))
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldaps://host.domain.com
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
thanks
--
Simone Cittadini
==================
COMVERT S.R.L.
via F.lli Bressan, 21
20126 Milano - ITALY
Tel +39.02.27006796(aspetta un beep)103
simonec at comvert.com
http://www.comvert.com
More information about the samba
mailing list