[Samba] Samba with LDAP -> Can't include Windows Client
Benjamin Nagel [sedo.de]
benjamin at sedo.de
Thu Sep 1 12:12:30 GMT 2005
Hi,
at first sorry for my horrible englisch.
My name is Benjamin Nagel and I had setup a lot of Samba Server, but
untill now without LDAP as backend.
My data:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15
I had setup Samba and OpenLDAP like the IDEALX documentation. I can
create a linux user with the smbldap-useradd script and I can login with
this user.
But when I want to include a Windows XP client I get a error.
Samba create the machine account.
This is a snapshot of the client logfile:
[2005/09/01 13:26:49, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:26:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:26:50, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:26:50, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:26:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:26:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain MYDOMAIN ->
S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:26:52, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:32, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:32, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:43:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:43:33, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:34, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:43:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:43:34, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain MYDOMAIN ->
S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:43:36, 2] smbd/server.c:exit_server(575)
Closing connections
But the crazy thing is, that this groups exist:
[quote]
dn: cn=Domain Users,ou=Groups,dc=cologne,dc=mydomain,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3304255874-2887972702-1555624387-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 3c3a55c4-aa64-1029-879f-fa8a7468604f
creatorsName: cn=Manager,dc=cologne,dc=mydomain,dc=local
createTimestamp: 20050826100220Z
memberUid: root
memberUid: benjamin
entryCSN: 20050901101848Z#000003#00#000000
modifiersName: cn=Manager,dc=cologne,dc=mydomain,dc=local
modifyTimestamp: 20050901101848Z
[/quote]
smb.conf:
[quote]
[global]
workgroup = MYDOMAIN
netbios name = hawking
server string = hawking as Samba-Server
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=cologne,dc=mydomain,dc=local
ldap suffix = dc=cologne,dc=mydomain,dc=local
ldap group suffix = ou=Groups,dc=cologne,dc=mydomain,dc=local
ldap user suffix = ou=Users,dc=cologne,dc=mydomain,dc=local
ldap machine suffix = ou=Computers,dc=cologne,dc=mydomain,dc=local
ldap idmap suffix = ou=Idmap,dc=cologne,dc=mydomain,dc=local
ldap ssl = no
add machine script = /sbin/yast
/usr/share/YaST2/data/add_machine.ycp %m$
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
username map = /etc/samba/smbusers
logon script = %u.BAT
logon drive = Y:
logon path = \\%L\profiles\%U
logon home = \\%L\%U
domain logons = yes
preferred master = yes
domain master = yes
security = user
local master = yes
os level = 65
dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15
log level = 2
log file = /home/samba/logs/%m.log
wins support = yes
panic action = kill `cat /var/run/samba/smbd.pid`; rm
/var/run/samba/smbd.pid ; /etc/init.d/smb start
keepalive = 60
smb ports = 445 139
use sendfile = no
large readwrite = no
idmap backend = ldap:ldap://10.0.1.253
[/quote]
I hope you can help me, and that I hadn't read over the comment that fix
my problem.
Thanks,
Benjamin Nagel
More information about the samba
mailing list