[Samba] SAMBA3 + LDAP + winbind
mallapadi niranjan
niranjan.ashok at gmail.com
Thu Jan 19 11:02:23 GMT 2006
Dear all
I have a system with samba PDC with LDAP, samba version being 3.0.21 and
openLDAP version 2.2.13
i have another linux system with samba version being 3.0.10 which is a
member server to samba pdc.
i have configured nss_ldap, and ldap.conf on the member server pointing to
my ldap server on samba pdc . The samba PDC LDAP is configured for simple
bind . Please Guide me on the following errors
1 )i have been getting the following errors:
on the member server when i issue the command on the Domain member server
root#net rpc info
i get the following error
rpc_parse/parse_prs.c prs_mem_get(537)
prs_mem_get: reading data size 14418130 would overrun buffer
2) on the domain member server i get the
error: nss_wins ldap_simple_bind can't contact LDAP server (keeps on
occuring)
3) And often on the samba PDC /var/log/message i get the following error
init_sam_from_ldap , Failed to get password history for user (keeps on
occuring)
In the below samba configuration the "winbind use default domain = no" ,
when i type the command 'net rpc info" i get the output
but when i type the command "wbinfo -U" error getting client list
should i have to enable winbind and set it to yes
actually i have already added users with the below configuration , and all
my users are working on
the present environment,
if i make winbind use default domain , will it make any difficerence, will
all the users information still be available .
The idmap in the below configuration is idmap uid "10000-20000" and idmap
gid "10000-20000" , but
when the user is created it is created with uid starting from 1000., 2000
etc.
please guide me
my samba pdc with LDAP, smb.conf file is
############################## ####################################
[global]
workgroup = msdpl.com
netbios name = medhapdc
passdb backend = ldapsam:ldap://msdpl.com
server string = Domain Controller
hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
enable privileges = yes
password level = 8
username level = 8
bind interfaces only = yes
local master = Yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon path =
logon drive = X:
logon home = \\medhapdc\%U
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
log file = /var/log/samba/%m.log
max log size = 50
nt acl support = yes
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=msdpl,dc=com
ldap admin dn = cn=manager,dc=msdpl,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://msdpl.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
winbind use default domain = no
template shell = /bin/false
######################################################[Share
Definations]###########################################
[homes]
comment = Home Directories
valid users = %S
browseable = no
read only = no
nt acl support = Yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon/scripts
guest ok = yes
browseable = no
write list = root
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0600
guest ok = Yes
printable = yes
use client driver = Yes
browseable = no
##################################################################
Regards
Niranjan
On 12/18/05, paul kölle <paul at subsignal.org> wrote:
>
> mallapadi niranjan wrote:
> > Hi all
> >
> > I have samb3 with LDAP , My query is
> >
> > 1. My clients are windows 2000 professional, and the clients are not
> able to
> > join the domain
> > but if add the computer name in /etc/passwd
> > ie computername$:x:110:200::/bin/false:/dev/null
> > and then do smbpasswd -a -m computername , the computer is able to join
> the
> > domain
> > but i have mentioned the add machine script in smb.conf file
> It seems you missed the nss_ldap part, what is in your /etc/ldap.conf
> and /etc/nsswitch.conf?
>
> >
> > 2. After Joining the domain, i am unable to login as Administrator, but
> able
> > to login as root
> > if i give command getent passwd | grep Administrator , there is no
> output
> again, nss_ldap setup broken.
>
> >
> > 3. How do i create groups , and add users to the groups, it is not
> taking
> > system groups,
> > when i do smbldap-populate, it adds people,group, Domain Admins, Domain
> > Users, etc and root, but not system groups
> > so how to add system groups ,
> depends, if you have the "add user to group script" and friends set up
> in smb.conf you can use usermgr.exe. You can use any ldap-tool to do it
> though.
>
> >
> > 4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok,
> or
> > this should be there, when i downloaded from the IDEALX website, it was
> not
> > there int the TAR.gz file.
> I think it has been replaced with some perl module recently.
>
> cheers
> Paul
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list