[Samba] Re: LDAP unable to add Idmap

Adi Nugraha adi at westindo.co.id
Wed Jan 12 08:06:54 GMT 2005


I used the schema from the samba source, and for the rest of it I just
followed the samba by example chapter 6, anyway here's my smb.conf :

[global]
        unix charset = LOCALE
        workgroup = VALHALLA
        netbios name = VALKYRIE
        interfaces = eth0, lo
        passdb backend = ldapsam:ldap://192.168.88.2
        username map = /etc/samba/smbusers
        log level = 1
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        smb ports = 139 445
        name resolve order = wins bcast hosts
        time server = Yes
        printcap name = lpstat
        show add printer wizard = No
        add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
        delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
        add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
        delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
        add user to group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
        delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
        set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
'%g' '%u'
        add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
        logon path =
        domain logons = Yes
        preferred master = Yes
        wins support = Yes
        ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=People
        ldap suffix = dc=test,dc=co,dc=id
        ldap user suffix = ou=People
        idmap backend = ldap:ldap://192.168.88.2
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        printer admin = Administrator, adi
        map acl inherit = Yes
        printing = cups
        print command = /usr/bin/lp -d '%p' %s; rm %s
        lpq command = /usr/bin/lpstat -o '%p'
        lprm command = /usr/bin/cancel '%p-%j'
        lppause command = lp -i '%p-%j' -H hold
        lpresume command = lp -i '%p-%j' -H resume
        queuepause command = /usr/bin/disable '%p'
        queueresume command = /usr/bin/enable '%p'


and here's the slapd.conf

include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /etc/openldap/schema/local.schema

pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args

modulepath      /usr/lib/openldap

TLSCertificateFile      /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
loglevel 256

#######################################################################
# database definitions
#######################################################################

database        bdb
suffix          "dc=test,dc=co,dc=id"
#suffix         "o=My Organization Name,c=US"
rootdn          "cn=Manager,dc=test,dc=co,dc=id"
#rootdn         "cn=Manager,o=My Organization Name,c=US"

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw          secret
# rootpw                {crypt}ijFYNcSNctBYg

# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap


# Indices to maintain
#index  objectClass                             eq
#index  objectClass,uid,uidNumber,gidNumber     eq
#index  cn,mail,surname,givenname               eq,subinitial
index   objectClass eq
index   cn pres,sub,eq
index   sn pres,sub,eq
index   uid pres,sub,eq
index   displayName pres,sub,eq
index   uidNumber eq
index   gidNumber eq
index   memberUID eq
index   sambaSID eq
index   sambaPrimaryGroupSID eq
index   sambaDomainName eq
index   default sub


anything wrong with this ??? and this is the output from smbclient :

Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME





----- Original Message -----
From: "Jim C." <jcllings at javahop.com>
To: <samba at lists.samba.org>
Sent: Wednesday, January 12, 2005 1:18 PM
Subject: [Samba] Re: LDAP unable to add Idmap


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I think either you are getting your objectClasses messed up somehow or
> you have a messed up schema somewhere. Post the information you are
> trying to add.
>
> Actually, I don't understand why this must be done at all.  For me at
> least, Samba usually does idmaps automagically if it's settings are
> correct in smb.conf.
>
> |>I'm trying to setup a Samba with ldap backend, I followed tha samba by
> |>example chapter 6, followed the instcution in the book, and when it says
>
> Jim C.
> - --
> - -----------------------------------------------------------------
> | I can be reached on the following Instant Messenger services: |
> |---------------------------------------------------------------|
> | MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
> |---------------------------------------------------------------|
> | Y!: j_c_llings            Jabber: jcllings @ njs.netlab.cz |
> - -----------------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW
> 6N/chSp7aSA2wGboCyEq4/A=
> =zeI7
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list