[Samba] Re: LDAP unable to add Idmap
Adi Nugraha
adi at westindo.co.id
Wed Jan 12 08:47:55 GMT 2005
I Just noticed that the smbldap-tools didn't fill in the groups accounts in
the linux group file, any idea why this is ??
----- Original Message -----
From: "Adi Nugraha" <adi at westindo.co.id>
To: <samba at lists.samba.org>; "Jim C." <jcllings at javahop.com>
Sent: Wednesday, January 12, 2005 3:06 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap
> I used the schema from the samba source, and for the rest of it I just
> followed the samba by example chapter 6, anyway here's my smb.conf :
>
> [global]
> unix charset = LOCALE
> workgroup = VALHALLA
> netbios name = VALKYRIE
> interfaces = eth0, lo
> passdb backend = ldapsam:ldap://192.168.88.2
> username map = /etc/samba/smbusers
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> smb ports = 139 445
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = lpstat
> show add printer wizard = No
> add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m
'%u'
> delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
> add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
> delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
> add user to group script =
> /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
> delete user from group script =
> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
> set primary group script =
/var/lib/samba/sbin/smbldap-usermod.pl -g
> '%g' '%u'
> add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w
'%u'
> logon path =
> domain logons = Yes
> preferred master = Yes
> wins support = Yes
> ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=People
> ldap suffix = dc=test,dc=co,dc=id
> ldap user suffix = ou=People
> idmap backend = ldap:ldap://192.168.88.2
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> printer admin = Administrator, adi
> map acl inherit = Yes
> printing = cups
> print command = /usr/bin/lp -d '%p' %s; rm %s
> lpq command = /usr/bin/lpstat -o '%p'
> lprm command = /usr/bin/cancel '%p-%j'
> lppause command = lp -i '%p-%j' -H hold
> lpresume command = lp -i '%p-%j' -H resume
> queuepause command = /usr/bin/disable '%p'
> queueresume command = /usr/bin/enable '%p'
>
>
> and here's the slapd.conf
>
> include /usr/share/openldap/schema/core.schema
> include /usr/share/openldap/schema/cosine.schema
> include /usr/share/openldap/schema/corba.schema
> include /usr/share/openldap/schema/inetorgperson.schema
> include /usr/share/openldap/schema/java.schema
> include /usr/share/openldap/schema/krb5-kdc.schema
> include /usr/share/openldap/schema/kerberosobject.schema
> include /usr/share/openldap/schema/misc.schema
> include /usr/share/openldap/schema/nis.schema
> include /usr/share/openldap/schema/openldap.schema
> include /usr/share/openldap/schema/autofs.schema
> include /usr/share/openldap/schema/samba.schema
> include /usr/share/openldap/schema/kolab.schema
> include /etc/openldap/schema/local.schema
>
> pidfile /var/run/ldap/slapd.pid
> argsfile /var/run/ldap/slapd.args
>
> modulepath /usr/lib/openldap
>
> TLSCertificateFile /etc/ssl/openldap/ldap.pem
> TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
> TLSCACertificateFile /etc/ssl/openldap/ldap.pem
> loglevel 256
>
> #######################################################################
> # database definitions
> #######################################################################
>
> database bdb
> suffix "dc=test,dc=co,dc=id"
> #suffix "o=My Organization Name,c=US"
> rootdn "cn=Manager,dc=test,dc=co,dc=id"
> #rootdn "cn=Manager,o=My Organization Name,c=US"
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw secret
> # rootpw {crypt}ijFYNcSNctBYg
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessable by the slapd/tools. Mode 700 recommended.
> directory /var/lib/ldap
>
>
> # Indices to maintain
> #index objectClass eq
> #index objectClass,uid,uidNumber,gidNumber eq
> #index cn,mail,surname,givenname eq,subinitial
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUID eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
>
>
> anything wrong with this ??? and this is the output from smbclient :
>
> Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>
>
>
>
>
> ----- Original Message -----
> From: "Jim C." <jcllings at javahop.com>
> To: <samba at lists.samba.org>
> Sent: Wednesday, January 12, 2005 1:18 PM
> Subject: [Samba] Re: LDAP unable to add Idmap
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I think either you are getting your objectClasses messed up somehow or
> > you have a messed up schema somewhere. Post the information you are
> > trying to add.
> >
> > Actually, I don't understand why this must be done at all. For me at
> > least, Samba usually does idmaps automagically if it's settings are
> > correct in smb.conf.
> >
> > |>I'm trying to setup a Samba with ldap backend, I followed tha samba by
> > |>example chapter 6, followed the instcution in the book, and when it
says
> >
> > Jim C.
> > - --
> > - -----------------------------------------------------------------
> > | I can be reached on the following Instant Messenger services: |
> > |---------------------------------------------------------------|
> > | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 |
> > |---------------------------------------------------------------|
> > | Y!: j_c_llings Jabber: jcllings @ njs.netlab.cz |
> > - -----------------------------------------------------------------
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.5 (MingW32)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW
> > 6N/chSp7aSA2wGboCyEq4/A=
> > =zeI7
> > -----END PGP SIGNATURE-----
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list