[Samba] wbinfo problems and documentation questions
Tom Diehl
tdiehl at rogueind.com
Thu Sep 1 04:33:57 GMT 2005
Hi all,
I have a samba pdc running 3.0.20 + the patches on
http://hostopia.samba.org/samba/patches running RHEL4 on an x86_64 platform. I
have configured it to use an ldapsam backend per
http://us2.samba.org/samba/docs/man/Samba-Guide/2000users.html
Since there is not much in the way of testing listed in the "2000users" section
I used the tests listed under the making users happy section. With the
exception of the ldapsearch -x -b "dc=keenanmotorgroup,dc=com" "(ObjectClass=*)"
test all work as advertised. It appears to me that in order for this test to
work I need to have the following in the slapd.conf file:
access to dn.base=""
by self write
by * auth
access to attr=userPassword
by self write
by * auth
access to attr=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
Without the above in the slapd.conf file I only get the following output:
(pocono pts28) # ldapsearch -x -b "dc=keenanmotorgroup,dc=com" "(ObjectClass=*)"
# extended LDIF
#
# LDAPv3
# base <dc=keenanmotorgroup,dc=com> with scope sub
# filter: (ObjectClass=*)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
(pocono pts28) #
This is shown in the config files from :
http://us2.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-slapdconf
Am I correct that I only need the above if I want to do the ldap search command??
The other thing that does not work is wbinfo -u or wbinfo -g. When I do wbinfo -g
I get the following ldap error:
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=8 SRCH base="ou=Groups,dc=keenanmotorgroup,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=5))"
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=8 SRCH attr=cn sambaSid displayName description sambaGroupType
Aug 31 23:37:56 pocono slapd[9183]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=8 SEARCH RESULT tag=101 err=0 nentries=5 text=
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=9 SRCH base="ou=Groups,dc=keenanmotorgroup,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaGroupType=4))"
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=9 SRCH attr=cn sambaSid displayName description sambaGroupType
Aug 31 23:37:56 pocono slapd[9183]: <= bdb_equality_candidates: (sambaGroupType) index_param failed (18)
Aug 31 23:37:56 pocono slapd[9183]: conn=0 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
In the winbind log I get :
==> samba/winbindd <==
[2005/09/01 00:03:07, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[ 0]: request interface version
[2005/09/01 00:03:07, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[ 0]: request location of privileged pipe
[2005/09/01 00:03:07, 3] nsswitch/winbindd_group.c:winbindd_list_groups(811)
[ 0]: list groups
[2005/09/01 00:03:07, 3] lib/smbldap.c:smbldap_search_paged(1071)
smbldap_search_paged: base => [ou=Groups,dc=keenanmotorgroup,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=5))],scope => [2], pagesize => [1024]
[2005/09/01 00:03:07, 3] lib/smbldap.c:smbldap_search_paged(1110)
smbldap_search_paged: search was successfull
[2005/09/01 00:03:07, 3] lib/smbldap.c:smbldap_search_paged(1071)
smbldap_search_paged: base => [ou=Groups,dc=keenanmotorgroup,dc=com], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4))],scope => [2], pagesize => [1024]
[2005/09/01 00:03:07, 3] lib/smbldap.c:smbldap_search_paged(1110)
smbldap_search_paged: search was successfull
[2005/09/01 00:03:07, 3] nsswitch/winbindd_group.c:get_sam_group_entries(526)
get_sam_group_entries: Failed to enumerate domain local groups!
and the following output:
(pocono pts27) # wbinfo -g
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Print Operators
BUILTIN\Backup Operators
BUILTIN\Replicators
(pocono pts27) #
If I do wbinfo -u there are no entries made in the ldap log, the winbind log
shows this:
==> samba/winbindd <==
[2005/09/01 00:04:44, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[ 0]: request interface version
[2005/09/01 00:04:44, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[ 0]: request location of privileged pipe
[2005/09/01 00:04:44, 3] nsswitch/winbindd_user.c:winbindd_list_users(738)
[ 0]: list users
and the output of the command is as follows:
pocono pts27) # wbinfo -u
Error looking up domain users
(pocono pts27) #
Is wbinfo -u and wbinfo -g supposed to work for this setup??
Configs follow:
smb.conf:
[global]
unix charset = LOCALE
workgroup = KEENAN
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = "ldapsam:ldap://pocono.keenanmotorgroup.com ldap://indy.keenanmotorgroup.com"
enable privileges = Yes
username map = /etc/samba/smbusers
log level = 3
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
shutdown script = /home/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = "scripts\logon.bat"
logon path = \%L\profiles\%U
logon drive = H:
logon home = \%L\%U
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=keenanmotorgroup,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap suffix = dc=keenanmotorgroup,dc=com
ldap user suffix = ou=People
utmp = Yes
idmap backend = ldap://pocono.keenanmotorgroup.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
veto files = /*.eml/*.nws/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
browseable = No
locking = No
[profiles]
comment = Profile Share
path = /home/samba/profiles
read only = No
profile acls = Yes
[profdata]
comment = Profile Data Share
path = /home/samba/profdata
read only = No
profile acls = Yes
[IPC$]
path = /tmp
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
slapd.conf:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=keenanmotorgroup,dc=com"
rootdn "cn=Manager,dc=keenanmotorgroup,dc=com"
replica host=indy.keenanmotorgroup.com:389
suffix="dc=keenanmotorgroup,dc=com"
binddn="cn=updateuser,dc=keenanmotorgroup,dc=com"
bindmethod=simple credentials=mypass
access to attrs=sambaLMPassword,sambaNTPassword
by dn="cn=sambaadmin,dc=keenanmotorgroup,dc=com" write
by * none
replogfile /var/lib/ldap/replogfile
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
/etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns wins
I would be grateful if someone can help me. I am running out of ideas and google
is not helpful.
What am I missing??
Regards,
Tom
More information about the samba
mailing list