[Samba] Samba domains with ldap

Matt Ingram mingram at cbnco.com
Thu Nov 3 18:45:50 GMT 2005 

anyone ?

Matt Ingram wrote:

> I've been following the Samba 3 by Example book by John Terpstra and 
> having problems getting things to work properly.
>
> Right now when I try to add a computer to the domain I get the 
> attached in the log files.  And Windows returns the error message:  
> "The following error occured attempting to join the domain "DEATH": 
> The user name could not be found.    The system name, "isdept88" in 
> this case, get's added to the ldap, but the system doesn't attach to 
> the domain. :S  Also attached are some of my config files.  I'm using 
> Samba 3.0.12-5, Openldap2-2.2.23-6, smbldap-tools 0.8.4.
> Thanks in advance for any ideas.
>
> [2005/11/01 09:29:53, 2] lib/interface.c:add_interface(81)
>  added interface ip=192.168.200.1 bcast=192.168.200.255 
> nmask=255.255.255.0
> [2005/11/01 09:29:53, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
> all old resources.
> [2005/11/01 09:29:53, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
> all old resources.
> [2005/11/01 09:29:53, 2] auth/auth.c:check_ntlm_password(305)
>  check_ntlm_password:  authentication for user [administrator] -> 
> [root] -> [root] succeeded
> [2005/11/01 09:29:53, 2] lib/access.c:check_access(324)
>  Allowed connection from  (192.168.200.25)
> [2005/11/01 09:29:53, 2] lib/interface.c:add_interface(81)
>  added interface ip=192.168.200.1 bcast=192.168.200.255 
> nmask=255.255.255.0
> [2005/11/01 09:29:53, 2] smbd/reply.c:reply_special(236)
>  netbios connect: name1=PDC             name2=ISDEPT88
> [2005/11/01 09:29:53, 2] smbd/reply.c:reply_special(243)
>  netbios connect: local=pdc remote=isdept88, name type = 0
> [2005/11/01 09:29:53, 2] smbd/server.c:exit_server(609)
>  Closing connections
> [2005/11/01 09:29:54, 2] 
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
>  Returning domain sid for domain DEATH -> 
> S-1-5-21-932451236-683595512-1290266429
> [2005/11/01 09:29:55, 2] smbd/server.c:exit_server(609)
>  Closing connections
>
>
>------------------------------------------------------------------------
>
>############################
># Credential Configuration #
>############################
># Notes: you can specify two differents configuration if you use a
># master ldap for writing access and a slave ldap server for reading access
># By default, we will use the same DN (so it will work for standard Samba
># release)
>slaveDN="cn=Manager,dc=hell,dc=com"
>slavePw="secret"
>masterDN="cn=Manager,dc=hell,dc=com"
>masterPw="secret"
>  
>
>------------------------------------------------------------------------
>
>host	192.168.200.2
>
>base	dc=hell,dc=com
>ldap_version	3
>binddn cn=Manager,dc=hell,dc=com
>bindpw secret
>rootbinddn cn=Manager,dc=hell,dc=com
>pam_password exop
>
>ssl	no
>nss_map_attribute	uniqueMember member
>pam_filter	objectclass=posixAccount
>nss_base_passwd	ou=Users,dc=hell,dc=com
>nss_base_shadow	ou=Users,dc=hell,dc=com
>nss_base_group	ou=Groups,dc=hell,dc=com
>  
>
>------------------------------------------------------------------------
>
>passwd:	files ldap
>shadow: 	files ldap
>group:	files ldap
>
>hosts:	files dns wins
>networks:	files dns
>
>services:	files
>protocols:	files
>rpc:	files
>ethers:	files
>netmasks:	files
>netgroup:	files
>publickey:	files
>
>bootparams:	files
>automount:	files nis
>aliases:	files
>  
>
>------------------------------------------------------------------------
>
>[global]
>	unix charset = LOCALE
>	workgroup = DEATH
>	netbios name = PDC
>	passdb backend = ldapsam:ldap://bdc.hell
>	username map = /etc/samba/smbusers
>	log level = 2
>	syslog = 0
>	name resolve order = wins bcast hosts
>	time server = Yes
>	printcap name = CUPS
>	show add printer wizard = No
>	add user script = /var/lib/samba/sbin/smbldap-useradd -a -m '%u'
>	delete user script = /var/lib/samba/sbin/smbldap-userdel '%u'
>	add group script = /var/lib/samba/sbin/smbldap-groupadd -p '%g'
>	delete group script = /var/lib/samba/sbin/smbldap-groupdel '%g'
>	add user to group script = /var/lib/samba/sbin/smbldap-groupmod -m '%u' '%g'
>	delete user from group script = /var/lib/samba/sbin/smbldap-groupmod -x '%u' '%g'
>	set primary group script = /var/lib/samba/sbin/smbldap-usermod -g '%g' '%u'
>	add machine script = /var/lib/samba/sbin/smbldap-useradd -w '%u'
>	shutdown script = /var/lib/samba/scripts/shutdown.sh
>	abort shutdown script = /sbin/shutdown -c
>	logon script = scripts\logon.bat
>	logon path = \\%L\%U
>	logon drive = P:
>	logon home = \\%L\%U
>	domain logons = Yes
>	preferred master = Yes
>	wins support = Yes
>	ldap suffix = dc=hell,dc=com
>	ldap machine suffix = ou=Users
>	ldap user suffix = ou=Users
>	ldap group suffix = ou=Groups
>	ldap idmap suffix = ou=Idmap
>	ldap admin dn = cn=Manager,dc=hell,dc=com
>	idmap backend = ldap://bdc.hell.com
>	idmap uid = 10000-20000
>	idmap gid = 10000-20000
>	map acl inherit = Yes
>	printing = cups
>	printer admin = Administrator
>
>[IPC$]
>	path = /tmp
>	hosts allow = 192.168.200.0/24, 127.0.0.1
>	hosts deny = 0.0.0.0/0
>
>[groupa]
>	comment = Accounting Files
>	path = /home/groups/groupa
>	read only = No
>
>[groupb]
>	comment = Financial Services Files
>	path = /home/groups/groupb
>	read only = No
>
>[homes]
>	comment = Home Directories
>	valid users = %S
>	read only = No
>	browseable = No
>
>[printers]
>	comment = SMB Print Spool
>	path = /var/spool/samba
>	guest ok = Yes
>	printable = Yes
>	browseable = No
>
>[netlogon]
>	comment = Network Logon Service
>	path = /home/netlogon
>	guest ok = Yes
>	locking = No
>
>[profiles]
>	comment = Profile Share
>	path = /home
>	read only = No
>	profile acls = Yes
>
>[profdata]
>	comment = Profile Data Share
>	path = /home/profdata
>	read only = No
>	profile acls = Yes
>
>[print$]
>        comment = Printer Drivers
>        path = /var/lib/samba/drivers
>        browseable = yes
>        guest ok = no
>        read only = yes
>        write list = root
>
>------------------------------------------------------------------------
>
>UID_START="1000"
>GID_START="1000"
>
>SID="S-1-5-21-932451236-683595512-1290266429"
>slaveLDAP="192.168.200.2"
>slavePort="389"
>masterLDAP="192.168.200.2"
>masterPort="389"
>ldapTLS="0"
>suffix="dc=hell,dc=com"
>usersdn="ou=Users,dc=hell,dc=com"
>
>computersdn="ou=Computers,dc=hell,dc=com"
>
>groupsdn="ou=Groups,dc=hell,dc=com"
>scope="sub"
>
>hash_encrypt="SSHA"
>userLoginShell="/bin/bash"
>userHomePrefix="/home"
>userGecos="System User"
>defaultUserGid="513"
>defaultComputerGid="553"
>skeletonDir="/etc/skel"
>defaultMaxPasswordAge="30"
>
>userSmbHome=""
>userProfile=""
>userHomeDrive="H:"
>userScript="" 
>
>with_smbpasswd="0"
>smbpasswd="/usr/bin/smbpasswd"
>mk_ntpasswd="/var/lib/samba/sbin/mkntpwd"
>  
>

-- 
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
\m/

More information about the samba mailing list