[Samba] IDMAP storage in LDAP using winbind
Meli Marco
Marco.Meli at gknsintermetals.com
Wed Mar 30 18:23:28 GMT 2005
Hi,
I running samba-3.0.13-1 on RH9
(openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) and configured as show
below, my intention is only to make IDMAP storage in LDAP using winbind.
I've looked on SAMBA3 by example book and relatives official guide on the
site.
First I have try to run samba and winbind retriving users and groups from
ADS and storing them in winbindd_idmap.tdb and winbindd_cache.tdb files and
it seems to work fine.
After I have introduce the LDAP backend and relative configuration as shown
below, but I have received the errors at the bottom of the message.
Why it doesn't work? I found only example that show domains with only one
prefix could I wrong the ldap configuration?
Thanks.
Marco.
/etc/samba/smb.conf
netbios name = XXXX03
os level = 16
wins server = XXX.XXX.XXX.XXX
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
unix charset = LOCALE
workgroup = WORKGROUP
realm = PREFIX1.PREFIX2.COM
security = ADS
password server = kdc01.sinter.gkn.com
encrypt passwords = yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
ldap ssl = No
ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com
ldap idmap suffix = ou=Idmap
ldap suffix = dc=prefix1,dc=prefix2,dc=com
idmap backend = ldap:ldap://localhost
idmap uid = 10000-40000
idmap gid = 10000-40000
hide unreadable = Yes
template homedir = /data/user/%U
template shell = /bin/false
use sendfile = Yes
/etc/nsswitch.conf
passwd: compat ldap
shadow: compat ldap
group: compat ldap
hosts: files dns wins
/etc/ldap.conf
host 127.0.0.1
base dc=prefix1,dc=prefix2,dc=com
binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com
bindpw secret
pam_password exop
nss_base_passwd ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_shadow ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_group ou=Group,dc=prefix1,dc=prefix2,dc=com?one
ssl no
/etc/openldap/idmap.ldif
dn: dc=prefix1,dc=prefix2,dc=com
objectClass: dcObject
objectClass: organization
dc: prefix1.prefix2
o: xxx
description: xxx
dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalUnit
ou: idmap
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log <FILE:/var/log/krb5libs.log>
kdc = FILE:/var/log/krb5kdc.log <FILE:/var/log/krb5kdc.log>
admin_server = FILE:/var/log/kadmind.log <FILE:/var/log/kadmind.log>
[libdefaults]
ticket_lifetime = 24000
default_realm = PREFIX1.PREFIX2.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
PREFIX1.PREFIX2.COM = {
kdc = KDC01.PREFIX1.PREFIX2.COM
}
[domain_realm]
.prefix1.prefix2.com = PREFIX1.PREFIX2.COM
prefix1.prefix2.com = PREFIX1.PREFIX2.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
/var/spool/samba/log.winbindd
[2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
idmap_init: failed to initialize remote backend!
[2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
Could not init idmap -- netlogon proxy only
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426
More information about the samba
mailing list