[Samba] Re: LDAP unable to add Idmap
Adi Nugraha
adi at westindo.co.id
Wed Jan 12 08:06:54 GMT 2005
I used the schema from the samba source, and for the rest of it I just
followed the samba by example chapter 6, anyway here's my smb.conf :
[global]
unix charset = LOCALE
workgroup = VALHALLA
netbios name = VALKYRIE
interfaces = eth0, lo
passdb backend = ldapsam:ldap://192.168.88.2
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = lpstat
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon path =
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap suffix = dc=test,dc=co,dc=id
ldap user suffix = ou=People
idmap backend = ldap:ldap://192.168.88.2
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = Administrator, adi
map acl inherit = Yes
printing = cups
print command = /usr/bin/lp -d '%p' %s; rm %s
lpq command = /usr/bin/lpstat -o '%p'
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'
and here's the slapd.conf
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /etc/openldap/schema/local.schema
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
loglevel 256
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=test,dc=co,dc=id"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=test,dc=co,dc=id"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
#index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
anything wrong with this ??? and this is the output from smbclient :
Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
----- Original Message -----
From: "Jim C." <jcllings at javahop.com>
To: <samba at lists.samba.org>
Sent: Wednesday, January 12, 2005 1:18 PM
Subject: [Samba] Re: LDAP unable to add Idmap
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I think either you are getting your objectClasses messed up somehow or
> you have a messed up schema somewhere. Post the information you are
> trying to add.
>
> Actually, I don't understand why this must be done at all. For me at
> least, Samba usually does idmaps automagically if it's settings are
> correct in smb.conf.
>
> |>I'm trying to setup a Samba with ldap backend, I followed tha samba by
> |>example chapter 6, followed the instcution in the book, and when it says
>
> Jim C.
> - --
> - -----------------------------------------------------------------
> | I can be reached on the following Instant Messenger services: |
> |---------------------------------------------------------------|
> | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 |
> |---------------------------------------------------------------|
> | Y!: j_c_llings Jabber: jcllings @ njs.netlab.cz |
> - -----------------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW
> 6N/chSp7aSA2wGboCyEq4/A=
> =zeI7
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list