[Samba] avoiding the use of an LDAP entry for the samba domain?

Dominique Petitpierre Dominique.Petitpierre at adm.unige.ch
Thu Jan 27 16:56:27 GMT 2005


- Is there a way to avoid that samba tries to search
for an LDAP record for the domain, and for that matter
to try to add the missing record?

I noticed the following messages in the LDAP server log:

SRCH base="dc=unige,dc=ch" \
      scope=2 \
      filter="(&(sambaDomainName=VPNGROUP)(objectClass=sambaDomain))" \
      attrs="sambaDomainName sambaNextRid sambaNextUserRid \
             sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass"
ADD dn="sambaDomainName=VPNGROUP,dc=unige,dc=ch"

When using the smbpasswd backend the attributes that are not
already in smb.conf don't seem to be stored anywhere,
and everything is fine.
- Why is it different with the ldapsam backend?

Also I don't want samba to modify the data on the LDAP server in any
way (it is used for other purposes as well and modifications are made
through a different path), and would greatly prefer that such global
configuration informations were stored locally (on the samba server).

- Is there a way to achieve that while still using ldapsam?

I have tried to put smbpasswd before ldapsam in the definition
of the passdb backend, to no avail.

This occurs with samba 3.0.10 on Mandrake Linux 10.1,
withe the configuration file in annexe.

Thanks in advance for your answers!

Best regards,
Mr Dominique Petitpierre       Email: User at Domain
Division Informatique                 User=Dominique.Petitpierre

Annexe: non default [global] section of the smb.conf

# testparm -s | & sed -n -e '/\[global]/,/^$/p'
         workgroup = VPNGROUP
         server string = Samba Server %v
         passdb backend = smbpasswd, ldapsam:ldaps://foobar.unige.ch
         log level = 3 passdb:5 auth:10 winbind:2
         log file = /var/log/samba/log.%m
         max log size = 50
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         domain logons = Yes
         local master = No
         dns proxy = No
         ldap admin dn = cn=admin,ou=people,dc=unige,dc=ch
         ldap group suffix = ou=Group
         ldap idmap suffix = ou=Idmap
         ldap machine suffix = ou=Hosts
         ldap suffix = dc=unige,dc=ch
         ldap user suffix = ou=People
         hosts allow =, 192.168.

More information about the samba mailing list