[Samba] Samba3 by example problems

Angela Williams angie at eoh.co.za
Mon Jan 17 16:33:32 GMT 2005


Hi All,
I am going through a setup of a test samba3 box with rh9 with my self rolled 
copy of 3.0.10. I have removed the old rpm version of samba. I compiled 
3.0.10 with all defaults except for the install prefix which I set 
to /usr/local/samba3.

I followed the steps given in Chap 6 - making users happy in the online html 
version.
I changed a few things. Instead of MASSIVE as the PDC  name I used ROSSMOULD
and also changed the abmas to rossmould in all the ldap configs.
I also left off most of the shares so the my smb.conf file looks thusly

--------------------------------------
[global]
unix charset = LOCALE
workgroup = ROSSMOULD
netbios name = ROSSPDC
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://rosspdc.rossmould.biz
username map = /usr/local/samba3/private/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -m '%u' 
'%g'
delete user from group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -x 
'%u' '%g'
set primary group script = /var/lib/samba/sbin/ smbldap-usermod.pl -g '%g' 
'%u'
add machine script = /var/lib/samba/sbin/ smbldap-useradd.pl -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=rossmould,dc=biz
ldap machine suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=rossmould,dc=biz
idmap backend = ldap:ldap://rosspdc.rossmould.biz
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
printing = cups
printer admin = Administrator, sreynolds

# The shares

[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
locking = No

[profiles]
comment = Profile Share
path = /home/profiles
read only = No
profile acls = Yes

[profdata]
comment = Profile Data Share
path = /home/profdata
read only = No
profile acls = Yes

[print$]
comment = Printer Drivers
path = /home/drivers
browseable = yes
guest ok = no
read only = yes
write list = Administrator, sreynolds

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No

--------------------------------------

I have found the following inconsistencies.

First one was in Samba-3 PDC Configuration section 2
root#  testparm -s > test.conf

The $IPC share does not display which I assumed to be correct

Section 5 is also problematic.

root#  smbclient -L localhost -U%
Times out and if the smbd log is checked it falls over in trying to have 
chatties with the ldap server which is needless to say not running.
Ofcourse the net command fails as well.

I then plodded on and did the config of the ldap server and got it up and 
running. This is in LDAP Initialization and Creation of User and Group 
Accounts section 1. I used service ldap start - being redhatish

I then reran the sbclient -L massive -U% command,
Worked as advertised.
I could then run the net command to get the SID anf put it 
into /var/lib/samba/sbin/smbldap_conf.pm
I used the IdealX scripts that came with the 3.0.10 source and compiled 
mkntpwd just fine.

Next problem cropped up in adding the users with
root#  ./smbldap-populate.pl.
First crash was missing cpan module Net::LDAP so no probs just configured cpan 
and loaded it!
Now the perl script ran but barfed at 
adding new entry: ou=People,dc=rossmould,dc=biz
failed to add entry: Already exists at ./smbldap-populate.pl line 323, <GEN1> 
line 5.

The script had already added People and Groups ou's and then went on the add 
the Administrators ou after the error

(Rather confusing to have this list say that having computers in their own ou 
works but a big warning in the the e-book say it does not work!)

Be that as it may i then pressed on to checking the ldap database for per 
section 5 after ldap was stopped and started.
root#  slapcat | grep -i idmap gave no output so idmap does not exist in the 
database.
Then followed the instructions to create and ldif with the required ou for 
idmap but when I tried to run 
 ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get 
< /etc/openldap/idmap.LDIF
(All one line!)
I got back
ldap_add: Constraint violation
        additional info: structuralObjectClass: no user modification allowed

ldif_record() = 19

I'm rather new to ldap and other than playing around with some basic settings 
and adding and changing records with ldapadd and ldapmodify and ldif files 
and then searching the database I've not done anything else. 

I could go and set slapd to debug but I'd hate to reinvent the wheel if I can!

One added point I used just about all cut 'n paste from the html pages to the 
various config files. Even used cut 'n paste to select them! Found a few 
problems in the long lines in the smb.conf parts but vi's j phixed that!

Please help!

Cheers
Ang 

-- 
Angela Williams				Enterprise Outsourcing
SCO Unix/Linux & Cisco spoken here!	Bedfordview
awilliams at eoh.co.za			Gauteng South Africa




More information about the samba mailing list