[Samba] Trouble with moving to a domain

Daniel Davidson danield at igb.uiuc.edu
Fri Dec 1 20:11:05 GMT 2006

I have been using samba with LDAP for a couple of years now (upgraded
from 2 to 3) and have never needed to make the server behave like a PDC.
Now we have a new project, and I need to get that fired up.

I have attempted to follow the directions in a couple of walkthroughs to
no avail.  My problem seems to be coming from mapping the windows group
names to a linux group name and/or adding the domain member to the ldap

Here is the error I am getting:

[root at file-server samba]# net -d2 groupmap add rid=512 ntgroup="Domain
Admins" unixgroup=cnrg
[2006/12/01 14:00:22, 2] lib/interface.c:add_interface(79)
  added interface ip= bcast=
[2006/12/01 14:00:22, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IGB))]
[2006/12/01 14:00:22, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2006/12/01 14:00:23, 0]
  ldapsam_add_group_mapping_entry: failed to add group 102 error: �_
(Internal (implementation specific) error)
adding entry for group Domain Admins failed!
[2006/12/01 14:00:23, 2] utils/net.c:main(859)
  return code = -1

And the smb.conf global section:
	workgroup = igb
	netbios name = IGB-FILE-SERVER
	server string = Samba Server
	passdb backend = ldapsam:ldap://auth.igb.uiuc.edu
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	domain logons = Yes
	dns proxy = No
	wins support = Yes
	ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
	ldap group suffix = ou=group
	ldap suffix = dc=igb,dc=uiuc,dc=edu
	ldap ssl = on
	ldap user suffix = ou=People
	ldap machine suffix =  ou=computer
	cups options = raw

	add machine script
= /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd -w
	preferred master = Yes
	domain master = Yes
	password server = None
	idmap uid = 16777216-33554431
	idmap gid = 16777216-33554431
	template shell = /bin/false
	username map = /etc/samba/smbusers
	winbind use default domain = no

and what I think are the appropriate ldap entries:
# igb.uiuc.edu
dn: dc=igb,dc=uiuc,dc=edu
dc: igb
objectClass: dcObject
objectClass: organizationalUnit
ou: igb dot uiuc dot edu

# People, igb.uiuc.edu
dn: ou=People,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: People

# group, igb.uiuc.edu
dn: ou=group,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: group

# computer, igb.uiuc.edu
dn: ou=computer,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: computer

# cnrg, group, igb.uiuc.edu
dn: cn=cnrg,ou=group,dc=igb,dc=uiuc,dc=edu
cn: cnrg
objectClass: posixGroup
gidNumber: 102
description: Computer and Network Resource Group
memberUid: danield

# danield, People, igb.uiuc.edu
dn: uid=danield,ou=People,dc=igb,dc=uiuc,dc=edu
uid: danield
cn: Daniel Davidson
mail: danield at igb.uiuc.edu
uidNumber: 600
gidNumber: 600
homeDirectory: /home/a-m/danield
gecos: Daniel Davidson
sambaSID: S-1-5-21-3679620730-2824407525-958489067-600
sambaLMPassword: barf
sambaNTPassword: barf
loginShell: /bin/bash
sn: Davidson
givenName: Daniel
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount

I thank anyone in advance who can give me a hand,


More information about the samba mailing list