[Samba] 'ldap machine suffix' is ignored?
Mike A. Kuznetsov
mike at molinos.ru
Mon Aug 7 13:34:07 GMT 2006
Hi, all!
I'm using samba-3.0.23 (Revision: 16921, from ports collection, under
FreeBSD 6.1 with OpenLDAP 2.3.24 & smbldap-tools-0.9.2a) as PDC with
following config:
[global]
dos charset = CP1251
unix charset = KOI8-R
workgroup = DOMAIN
server string = Samba Server
password server =
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
log level = 10
log file = /var/log/samba/%m.log
max smbd processes = 30
add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 256
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=root,dc=mydomain,dc=ru
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=ru
ldap ssl = no
ldap user suffix = ou=users
idmap backend = ldap:ldap://localhost
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
admin users = admin
hosts allow = X.X.X.128/255.255.255.128 # my net
hosts deny = ALL
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
And I can't join domain from WinXP workstation (WINHOST, for ex.) with
the error "No such user"
smbldap-useradd -w %u works perfectly and adds winhost$ to ou=computers
, ldapsearch found it.
The part of winhost.log:
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [winhost$]!
[2006/08/07 16:35:12, 3] passdb/pdb_interface.c:pdb_default_create_user(363)
_samr_create_user: Running the command
`/usr/local/sbin/smbldap-useradd -w winhost$' gave 0
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in winhost$
[2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [winhost$]!
[2006/08/07 16:35:12, 3] passdb/pdb_interface.c:pdb_default_create_user(376)
pdb_default_create_user: failed to create a new user structure:
NT_STATUS_NO_SUCH_USER
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_create_user
[2006/08/07 16:35:12, 6] rpc_parse/parse_prs.c:prs_debug(84)
000000 smb_io_pol_hnd user_pol
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0000 data1: 00000000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0004 data2: 00000000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint16(675)
0008 data3: 0000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint16(675)
000a data4: 0000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint8s(851)
000c data5: 00 00 00 00 00 00 00 00
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0014 access_granted: 00000000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704)
0018 user_rid : 00000000
[2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(763)
001c status: NT_STATUS_NO_SUCH_USER
When samba searches winhost$, it search in ou=users!!
The part of debug.log:
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SRCH
base="ou=users,dc=mydomain,dc=ru" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=winhost$))"
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass sh
adowLastChange shadowMax shadowExpire
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=4 SRCH
base="ou=users,dc=mydomain,dc=ru" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=winhost$))"
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=4 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass sh
adowLastChange shadowMax shadowExpire
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 fd=85 ACCEPT from
IP=127.0.0.1:53574 (IP=0.0.0.0:389)
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=0 BIND
dn="cn=root,dc=mydomain,dc=ru" method=128
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=0 BIND
dn="cn=root,dc=mydomain,dc=ru" mech=SIMPLE ssf=0
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=0 RESULT tag=97 err=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=1 SRCH
base="dc=mydomain,dc=ru" scope=2 deref=2
filter="(&(objectClass=posixAccount)(uid=winhost$))"
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=2 SRCH
base="sambaDomainName=DOMAIN,dc=mydomain,dc=ru" scope=0 deref=2
filter="(objectClass=sambaUnixIdPool)"
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=3 MOD
dn="sambaDomainName=DOMAIN,dc=mydomain,dc=ru"
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=3 MOD attr=uidNumber
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=3 RESULT tag=103 err=0
text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=4 SRCH
base="dc=mydomain,dc=ru" scope=2 deref=2 filter="(uidNumber=10009)"
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=5 ADD
dn="uid=winhost$,ou=computers,dc=mydomain,dc=ru"
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=5 RESULT tag=105 err=0
text=
Aug 7 16:35:12 main slapd[28229]: conn=19119 op=6 UNBIND
Aug 7 16:35:12 main slapd[28229]: conn=19119 fd=85 closed
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=5 SRCH
base="ou=users,dc=mydomain,dc=ru" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=winhost$))"
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=5 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass sh
adowLastChange shadowMax shadowExpire
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=5 SEARCH RESULT tag=101
err=0 nentries=0 text=
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=6 SRCH
base="ou=users,dc=mydomain,dc=ru" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=winhost$))"
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=6 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass sh
adowLastChange shadowMax shadowExpire
Aug 7 16:35:12 main slapd[28229]: conn=19118 op=6 SEARCH RESULT tag=101
err=0 nentries=0 text=
Any suggestions? Subj?
More information about the samba
mailing list