[Samba] Re: LDAP unable to add Idmap

Adi Nugraha adi at westindo.co.id
Wed Jan 12 08:47:55 GMT 2005


I Just noticed that the smbldap-tools didn't fill in the groups accounts in
the linux group file, any idea why this is ??
----- Original Message -----
From: "Adi Nugraha" <adi at westindo.co.id>
To: <samba at lists.samba.org>; "Jim C." <jcllings at javahop.com>
Sent: Wednesday, January 12, 2005 3:06 PM
Subject: Re: [Samba] Re: LDAP unable to add Idmap


> I used the schema from the samba source, and for the rest of it I just
> followed the samba by example chapter 6, anyway here's my smb.conf :
>
> [global]
>         unix charset = LOCALE
>         workgroup = VALHALLA
>         netbios name = VALKYRIE
>         interfaces = eth0, lo
>         passdb backend = ldapsam:ldap://192.168.88.2
>         username map = /etc/samba/smbusers
>         log level = 1
>         syslog = 0
>         log file = /var/log/samba/%m
>         max log size = 50
>         smb ports = 139 445
>         name resolve order = wins bcast hosts
>         time server = Yes
>         printcap name = lpstat
>         show add printer wizard = No
>         add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m
'%u'
>         delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
>         add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
>         delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
>         add user to group script =
> /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g'
>         delete user from group script =
> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
>         set primary group script =
/var/lib/samba/sbin/smbldap-usermod.pl -g
> '%g' '%u'
>         add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w
'%u'
>         logon path =
>         domain logons = Yes
>         preferred master = Yes
>         wins support = Yes
>         ldap admin dn = cn=Manager,dc=test,dc=co,dc=id
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap machine suffix = ou=People
>         ldap suffix = dc=test,dc=co,dc=id
>         ldap user suffix = ou=People
>         idmap backend = ldap:ldap://192.168.88.2
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         printer admin = Administrator, adi
>         map acl inherit = Yes
>         printing = cups
>         print command = /usr/bin/lp -d '%p' %s; rm %s
>         lpq command = /usr/bin/lpstat -o '%p'
>         lprm command = /usr/bin/cancel '%p-%j'
>         lppause command = lp -i '%p-%j' -H hold
>         lpresume command = lp -i '%p-%j' -H resume
>         queuepause command = /usr/bin/disable '%p'
>         queueresume command = /usr/bin/enable '%p'
>
>
> and here's the slapd.conf
>
> include /usr/share/openldap/schema/core.schema
> include /usr/share/openldap/schema/cosine.schema
> include /usr/share/openldap/schema/corba.schema
> include /usr/share/openldap/schema/inetorgperson.schema
> include /usr/share/openldap/schema/java.schema
> include /usr/share/openldap/schema/krb5-kdc.schema
> include /usr/share/openldap/schema/kerberosobject.schema
> include /usr/share/openldap/schema/misc.schema
> include /usr/share/openldap/schema/nis.schema
> include /usr/share/openldap/schema/openldap.schema
> include /usr/share/openldap/schema/autofs.schema
> include /usr/share/openldap/schema/samba.schema
> include /usr/share/openldap/schema/kolab.schema
> include /etc/openldap/schema/local.schema
>
> pidfile         /var/run/ldap/slapd.pid
> argsfile        /var/run/ldap/slapd.args
>
> modulepath      /usr/lib/openldap
>
> TLSCertificateFile      /etc/ssl/openldap/ldap.pem
> TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
> TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
> loglevel 256
>
> #######################################################################
> # database definitions
> #######################################################################
>
> database        bdb
> suffix          "dc=test,dc=co,dc=id"
> #suffix         "o=My Organization Name,c=US"
> rootdn          "cn=Manager,dc=test,dc=co,dc=id"
> #rootdn         "cn=Manager,o=My Organization Name,c=US"
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw          secret
> # rootpw                {crypt}ijFYNcSNctBYg
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessable by the slapd/tools. Mode 700 recommended.
> directory       /var/lib/ldap
>
>
> # Indices to maintain
> #index  objectClass                             eq
> #index  objectClass,uid,uidNumber,gidNumber     eq
> #index  cn,mail,surname,givenname               eq,subinitial
> index   objectClass eq
> index   cn pres,sub,eq
> index   sn pres,sub,eq
> index   uid pres,sub,eq
> index   displayName pres,sub,eq
> index   uidNumber eq
> index   gidNumber eq
> index   memberUID eq
> index   sambaSID eq
> index   sambaPrimaryGroupSID eq
> index   sambaDomainName eq
> index   default sub
>
>
> anything wrong with this ??? and this is the output from smbclient :
>
> Domain=[VALHALLA] OS=[Unix] Server=[Samba 3.0.9]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>
>
>
>
>
> ----- Original Message -----
> From: "Jim C." <jcllings at javahop.com>
> To: <samba at lists.samba.org>
> Sent: Wednesday, January 12, 2005 1:18 PM
> Subject: [Samba] Re: LDAP unable to add Idmap
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I think either you are getting your objectClasses messed up somehow or
> > you have a messed up schema somewhere. Post the information you are
> > trying to add.
> >
> > Actually, I don't understand why this must be done at all.  For me at
> > least, Samba usually does idmaps automagically if it's settings are
> > correct in smb.conf.
> >
> > |>I'm trying to setup a Samba with ldap backend, I followed tha samba by
> > |>example chapter 6, followed the instcution in the book, and when it
says
> >
> > Jim C.
> > - --
> > - -----------------------------------------------------------------
> > | I can be reached on the following Instant Messenger services: |
> > |---------------------------------------------------------------|
> > | MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
> > |---------------------------------------------------------------|
> > | Y!: j_c_llings            Jabber: jcllings @ njs.netlab.cz |
> > - -----------------------------------------------------------------
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.5 (MingW32)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFB5MEk57L0B7uXm9oRAum5AKCFT0wW97WB3woi1KZstoO5luYu+gCfcCSW
> > 6N/chSp7aSA2wGboCyEq4/A=
> > =zeI7
> > -----END PGP SIGNATURE-----
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list