[Samba] PDC problem

Marian Neagul marian at info.uvt.ro
Wed Aug 2 10:39:43 GMT 2006 

Hello,

    I have a problem with a LDAP backed based Samba PDC.
    Last week, due an hardware problem, I lost my primary LDAP server
and PDC. I reinstalled the LDAP server and populated it with the old
data, I also reinstalled Samba.
    The problem is that I can't log in to samba as root
(cn=root,dc=info,dc=uvt,dc=ro). All others user accounts ar working 
except root.
     Eg.:
       `smbclient -U root //blue/` says: "session setup failed:
NT_STATUS_UNSUCCESSFUL"
   
    The machine accounts and the other user accounts are working
correctly but I can't join new machines using the root account.
    I want to mention that my Samba server is a production server with
~100 simultaneous users (2000 User accounts in LDAP).

    We use Samba 3.0.22 and openldap 2.3.

    My smb.conf file is (the comments are in romanian :) ):
   
    #==================== Setari globale ===================
[global]
        ; Numele domeniului
        workgroup = Terra
        ; Numele serverului vizibil din retea
        netbios name = BLUE
        ; Descrierea serverului:  NT Description
        server string = Free Windows V1.2a


        ;===== Setari legate de jurnal!
        ; Tin un log separat pentru fiecare masina in parte
        log file = /var/log/samba/log.%m
        ; Dimensiunea maxima a fisierului de jurnal (in Kilo)
        max log size = 2048
        ; Nivelul de jurnalizare
        log level = 6


        ;===== Securitate
        ; Clientii care au voie sa se conecteze
        hosts allow = 194.102.62. 10.10.10. 127.
        ; Modelul de securitate
        security = user
        ; Daca criptez sau nu parolele
        encrypt passwords = yes
        ; Chestiuni legate de socketuri
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        ; Interfetele pe care asculta samba
        interfaces = lo eth0 eth0:1 eth0:2
        ; Ne limitam doar la aceste interfete si ignoram restul
        bind interfaces only = yes
        ; Chestiuni referitoare la parole
        ;password level = 12
        ;username level = 12
        ; Incercam sa sincronizam parola de windows cu cea de UNIX
        unix password sync = Yes
        pam password change = yes

        ; Fisierele de configurare per masina
        ; Decomenteaza daca ai nevoie
        # include = /etc/samba/smb.conf.%m
; Cum procedam cu parolele :
        ; Parole vide
        null passwords = no
        ; Fisierele ascunse.
        hide unreadable = yes
        hide dot files = yes
        ; Contul `oaspete'. Momentan nu i-am setat parola ci doar shell
ca /bin/false
        guest account = pdcguest

        ;======= PDC
        ; Samba este master browser in domeniu
        local master = yes
        ; Precedenta serverului in alegeri
        os level = 65
        ; Samba este master de domeniu
        domain master = yes
        ; Samba forteaza alegerile si aproape sigur le castiga
        preferred master = yes
        ; Il face pe samba PDC
        domain logons = yes

        ; Drive-ul de logon
        logon drive = H:


        ;======== WINS - Rezolutia de nume
        ; Activez suportul pentru WINS
        wins support = yes
        ; Ordinea in care rezolv numele
        name resolve order = wins lmhosts host bcast
        ; Samba nu se comporta ca un proxy DNS
        dns proxy = no


        ;======== TIME - Server de timp
        ; Samba se comporta ca un server de `timp`
        time server = yes


        ;======== USER Management - Foloseste scripturile de la IDEALX
        add user script = /usr/sbin/smbldap-useradd -m "%u"        set
primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

        ;========LDAP
        ; Serverul de LDAP
        passdb backend = ldapsam:ldap://127.0.0.1/
        ; Daca sterg DN-ul sterg tot (Yes) sau doar atributele lui Samba
(No)
        ldap delete dn = Yes
        ; Toate informatiile sunt tinute in LDAP - Atnetie trebuie testat
        ldapsam:trusted = yes
        ; Conectarea la director nu se face criptat
        ldap ssl = no
        ; Sufixul nostru
        ldap suffix = dc=info,dc=uvt,dc=ro
        ; Administratorul
        ldap admin dn = cn=root,dc=info,dc=uvt,dc=ro
        ; Sufixul pentru grupuri
        ldap group suffix = ou=Groups
        ; Sufixul pentry utilizatori
        ldap user suffix = ou=Users
        ; Sufixul pentru Masini
        ldap machine suffix = ou=Computers
        ; Sufixul pentru Idmap
        ldap idmap suffix = ou=Idmap

        ; Mapare de id-uri
        idmap gid = 40000-50000
        idmap uid = 40000-50000

;=========================== SHARE

; In acest share se gaseste profilul implicit si scriptul de logon
[netlogon]
        path = /var/lib/samba/netlogon
        guest ok = Yes
        browseable = no
        write list = root

; In acest share se gasesc profilele
[profiles]
        ; Atentie trebuie modificata calea
        path = /home/%U
        browseable = no
        valid users = %S
        read only = no
        create mask = 0664
        directory mask = 0775

        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"




Do you have a sugestion related to this problem?

Marian Neagul

More information about the samba mailing list