[Samba] SAMBA3 + LDAP + winbind

[mallapadi niranjan]

Dear all

I have a system with samba PDC with LDAP, samba version being 3.0.21 and
openLDAP version 2.2.13
i have another linux system with samba version being 3.0.10 which is a
member server to samba pdc.
i have configured nss_ldap, and ldap.conf on the member server  pointing to
my ldap server on samba pdc . The samba PDC LDAP is configured for simple
bind . Please Guide me on the following errors

1 )i have been getting the following errors:
   on the member server when i issue the command on the Domain member server

     root#net rpc info
    i get the following error
   rpc_parse/parse_prs.c prs_mem_get(537)
   prs_mem_get: reading data size 14418130 would overrun buffer

2) on the domain member server i get the
    error: nss_wins ldap_simple_bind  can't contact LDAP server (keeps on
occuring)

3) And often on the samba PDC /var/log/message i get the following error
    init_sam_from_ldap , Failed to get password history for user  (keeps on
occuring)

In the below samba configuration the "winbind use default domain = no" ,
when i type the command 'net rpc info" i get the output
but when i type the command "wbinfo -U" error getting client list
should i have to enable winbind and set it to yes

actually i have already added users with the below configuration , and all
my users are working on
the present environment,

if i make winbind use default domain , will it make any difficerence, will
all the users information still be available .

The idmap in the below configuration is idmap uid "10000-20000" and idmap
gid "10000-20000" , but
when the user is created it is created with uid starting from 1000., 2000
etc.
please guide me


my samba pdc with LDAP, smb.conf file is
############################## ####################################
[global]
  workgroup = msdpl.com
  netbios name = medhapdc
  passdb backend = ldapsam:ldap://msdpl.com
  server string = Domain Controller
  hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
  security = user
  encrypt passwords = yes
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = eth0, lo
  printing = cups
  disable spoolss = Yes
  printcap name = cups
  max print jobs = 100
  enable privileges = yes
   password level = 8
   username level = 8
  bind interfaces only = yes
  local master = Yes
  os level = 65
  domain master = yes
  preferred master = yes
  null passwords = no
  hide unreadable = yes
  hide dot files = yes
  domain logons = yes
  logon script = %u.bat
  logon path =
  logon drive = X:
  logon home = \\medhapdc\%U
  wins support = yes
  name resolve order = wins lmhosts host bcast
  dns proxy = no
  time server = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  nt acl support = yes
  ldap passwd sync = yes
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  ldap delete dn = Yes
  ldap ssl = no
  ldap suffix = dc=msdpl,dc=com
  ldap admin dn = cn=manager,dc=msdpl,dc=com
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmap
  idmap backend = ldap:ldap://msdpl.com
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  map acl inherit = yes
  winbind use default domain = no
  template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
   comment = Home Directories
   valid users = %S
   browseable = no
   read only = no
   nt acl support = Yes

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /usr/local/samba/lib/netlogon/scripts
   guest ok = yes
   browseable = no
   write list = root

[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0600
   guest ok = Yes
   printable = yes
   use client driver = Yes
   browseable = no

##################################################################

Regards
Niranjan


On 12/18/05, paul kölle <paul at subsignal.org> wrote:
>
> mallapadi niranjan wrote:
> > Hi all
> >
> > I have samb3 with LDAP , My query is
> >
> > 1. My clients are windows 2000 professional, and the clients are not
> able to
> > join the domain
> > but if add the computer name in /etc/passwd
> > ie computername$:x:110:200::/bin/false:/dev/null
> > and then do smbpasswd -a -m computername , the computer is able to join
> the
> > domain
> > but i have mentioned the add machine script in smb.conf file
> It seems you missed the nss_ldap part, what is in your /etc/ldap.conf
> and /etc/nsswitch.conf?
>
> >
> > 2. After Joining the domain, i am unable to login as Administrator, but
> able
> > to login as root
> > if i give command getent passwd | grep Administrator , there is no
> output
> again, nss_ldap setup broken.
>
> >
> > 3. How do i create groups , and add users to the groups, it is not
> taking
> > system groups,
> > when i do smbldap-populate, it adds people,group, Domain Admins, Domain
> > Users, etc and root, but not system groups
> > so how to add system groups ,
> depends, if you have the "add user to group script" and friends set up
> in smb.conf you can use usermgr.exe. You can use any ldap-tool to do it
> though.
>
> >
> > 4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok,
> or
> > this should be there, when i downloaded from the IDEALX website, it was
> not
> > there int the TAR.gz file.
> I think it has been replaced with some perl module recently.
>
> cheers
> Paul
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>