[Samba] samba ldap problem
Morgan Hallgren
morgan.hallgren at gmail.com
Fri Jun 10 14:20:56 GMT 2005
I have tried to create a samba domain with a ldap backend.
This is how my ldap structure looks like.
# example.com
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: example
dc: example
# groups, example.com
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
# Domain Admins, groups, example.com
dn: cn=Domain Admins,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, groups, example.com
dn: cn=Domain Users,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-513
sambaGroupType: 2
displayName: Domain Users
# Domain Guests, groups, example.com
dn: cn=Domain Guests,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-514
sambaGroupType: 2
displayName: Domain Guests
# computers, example.com
dn: ou=computers,dc=example,dc=com
objectClass: organizationalUnit
ou: computers
# PDC, example.com
dn: sambaDomainName=PDC,dc=example,dc=com
objectClass: sambaDomain
sambaDomainName: PDC
sambaNextGroupRid: 90000
sambaNextUserRid: 90000
sambaSID: S-1-5-21-3527759599-3696857034-3584459987
sambaNextRid: 90000
# people, example.com
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
# root, people, example.com
dn: uid=root,ou=people,dc=example,dc=com
uid: root
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-500
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-512
displayName: root
sambaAcctFlags: [U ]
objectClass: account
objectClass: sambaSamAccount
sambaPwdMustChange: 2147483647
sambaLMPassword: 63D2114DE42F744B30A84C4AFE5AFFFF
sambaNTPassword: 5460FB29D247C383F63E1E3A417FC39B
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdCanChange: 1118395221
sambaPwdLastSet: 1118395221
# win2k$, Computers, example.com
dn: uid=win2k$,ou=Computers,dc=example,dc=com
uid: win2k$
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3022
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-1201
objectClass: sambaSamAccount
objectClass: account
displayName: win2k$
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W ]
sambaPwdCanChange: 1118395893
sambaNTPassword: 5C70F10A2EAD0B4FE5588114C98ED1ED
sambaPwdLastSet: 1118395893
# Martin Hallgren, people, example.com
dn: cn=Martin Hallgren,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: sambaSamAccount
krb5PrincipalName: martin at EXAMPLE.COM
krb5KeyVersionNumber: 1
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: Martin Hallgren
givenName: Martin
mail: martin at example.com
sn: Hallgren
uid: martin
uidNumber: 1050
gidNumber: 100
homeDirectory: /home/martin
loginShell: /bin/bash
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3250
sambaPwdCanChange: 1118395383
sambaPwdMustChange: 2147483647
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdLastSet: 1118395383
# nobody, people, example.com
dn: uid=nobody,ou=people,dc=example,dc=com
objectClass: account
objectClass: sambaSamAccount
objectClass: posixAccount
uid:: bm9ib2R5ICAgICAgICAgICAgICAgICA=
sambaPwdLastSet: 0
sambaLogonTime: 2147483647
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 2147483647
sambaPwdMustChange: 2147483648
displayName: Nobody
cn: Nobody
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
sambaPrimaryGroupSID: S-1-5-21-3527759599-3696857034-3584459987-514
gecos:: Tm9ib2R5IG9yIEd1ZXN0ICAgICAgIA==
homeDirectory:: L2Rldi9udWxsICAgICAgICAgICAgIA==
loginShell:: L2Rldi9udWxsICAgICA=
uidNumber: 65534
gidNumber: 65534
sambaAcctFlags: [UX ]
# Morgan Hallgren, people, example.com
dn: cn=Morgan Hallgren,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: sambaSamAccount
krb5PrincipalName: morgan at EXAMPLE.COM
krb5KeyVersionNumber: 1
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
cn: Morgan Hallgren
givenName: Morgan
mail: morgan at example.com
sn: Hallgren
uid: moja
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/morgan
loginShell: /bin/bash
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-3000
sambaPwdMustChange: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdCanChange: 1118412748
sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE
sambaNTPassword: 32ED87BDB5FDC5E9CBA88547376818D4
sambaPwdLastSet: 1118412748
# nobody, groups, example.com
dn: cn=nobody,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 501
cn: nobody
memberUid: nobody
description: Netbios Domain nobody
sambaSID: S-1-5-21-3527759599-3696857034-3584459987-501
sambaGroupType: 2
displayName: Domain nobody
And smb.conf
netbios name = samba
workgroup = PDC
server string = PDC [on Gentoo :: Samba server %v]
hosts allow = 192.168.0.0/24 127.0.0.0/8
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth0
bind interfaces only = yes
local master = yes
#os level = 65
os level = 99
domain master = yes
preferred master = yes
enable privileges = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = login.bat OR %U.bat
logon path = \\%L\%U\profile
logon drive = H:
logon home = \\%L\%U\.9xprofile
#logon home = \\%L\%u\.win_profile\%m
#logon path =
#logon home =
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
time server = yes
log file = /var/log/samba/log.%m
max log size = 50
#smb passwd file = /var/lib/samba/private/smbpasswd
passdb backend = ldapsam:ldap://kerberos.example.com
ldap ssl = start tls
ldap suffix = dc=example,dc=com
ldap user suffix = ou=people,dc=example,dc=com
ldap group suffix = ou=groups,dc=example,dc=com
ldap machine suffix = ou=computers,dc=example,dc=com
# FYI, the password for this user is stored in
# /etc/samba/secrets.tdb. It is created by running
# 'smbpasswd -w passwd'
ldap admin dn = cn=manager,dc=example,dc=com
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#syncningen med kerberos lösenorden
passwd chat debug = yes
debug level = 100
#ldap password sync = yes
#obey pam restrictions = no
#unix password sync = yes
#passwd program = /usr/sbin/kadmin -l passwd %u at EXAMPLE.COM
#passwd chat = "*" %n\r "*" %n\r "*"
unix charset = ISO8859-1
[netlogon]
path = /var/lib/samba/netlogon
public = no
writeable = no
browseable = no
[profiles]
path = /home/%u/profile
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
create mode = 0600
directory mode = 0700
[homes]
path = /home/%U
browseable = no
valid users = %S
writable = yes
guest ok = no
inherit permissions = yes
[public]
comment = Public Stuff
path = /var/lib/samba/profiles
public = yes
writeable = yes
browseable = yes
write list = @users
I have joined the computer win2k to the domain and I can log in as the
user moja. But then I try to open his home dir slapd is searching for
the nobody user.
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=1 BIND
dn="cn=manager,dc=example,dc=com" mech=SIMPLE ssf=0
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=1 RESULT tag=97 err=0
text=
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SRCH
base="ou=people,dc=example,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=nobody))"
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=3 SRCH
base="ou=people,dc=example,dc=com" scope=1
filter="(&(objectClass=posixAccount)(uid=nobody))"
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SRCH
base="ou=Groups,dc=example,dc=com" scope=1
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=example,dc=com)))"
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SRCH attr=gidNumber
Jun 10 15:49:39 st_olof slapd[7003]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SRCH
base="ou=Groups,dc=example,dc=com" scope=1
filter="(&(objectClass=posixGroup)(uniqueMember=cn=nobody,ou=groups,dc=example,dc=com))"
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SRCH attr=gidNumber
Jun 10 15:49:39 st_olof slapd[7004]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Jun 10 15:49:39 st_olof slapd[7004]: conn=93 op=5 SEARCH RESULT tag=101
err=0 nentries=0 text=
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 SRCH
base="ou=group,dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(uniqueMember=cn=nobody,ou=groups,dc=example,dc=com))"
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 SRCH attr=gidNumber
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=6 RESULT tag=101 err=32
text=
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 SRCH
base="ou=group,dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=example,dc=com)))"
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 SRCH attr=gidNumber
Jun 10 15:49:39 st_olof slapd[7003]: conn=93 op=7 RESULT tag=101 err=32
text=
Jun 10 15:49:39 st_olof slapd[7003]: conn=92 op=4 SRCH
base="ou=groups,dc=example,dc=com,dc=example,dc=com" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=501))"
This hangs the system for som secunds. Does anyone know way this
happends and how to get around it?
More information about the samba
mailing list