[Samba] Setting up new Samba domain (again)
Daniel L. Miller
dmiller at amfes.com
Fri Aug 24 00:51:00 GMT 2007
Hi!
I'm trying to get a Samba-based domain working properly. I'm using an
LDAP backend. Right now all the users have been created, and machine
accounts as well - but some things at the domain level aren't 100%.
Adding new machines usually results in a error, which I get around and
then have it working - but I continue to see error messages in the
logs. I'm assuming it's something to do with an SID/RID situation. I
also cannot run winbind.
My ldap configuration appears to be good - samba/nss/pam are all happy
reading the base username/password info from my directory. A question -
user-related commands typically operate without error, but host-related
commands typically return something like:
net lookup name daniel$
[2007/08/23 17:48:02, 0] passdb/pdb_get_set.c:pdb_get_group_sid(211)
pdb_get_group_sid: Failed to find Unix account for daniel$
I have my users in a ou=People,dc=etc... and my hosts in a
ou=machines,dc=etc... Is it a problem to have the hosts separate? Or
do I need to have both the Hosts and Users visible to my nss/pam ldap
searches?
"net rpc user" returns the list of users defined in LDAP. Other "net
rpc" and "net rap" commands also seem to work fine.
"net getdomainsid" returns:
SID for domain BUBBA is: S-1-5-21-3700198395-718176177-3880976514
SID for domain AMFESLAN.LOCAL is: S-1-5-21-713085561-268141546-2762641992
There shouldn't be a "BUBBA" domain (that's the name of the server).
"net sam list builtin" returns nothing.
"net usersidlist" returns:
[2007/08/23 17:44:38, 0] utils/net_rpc.c:net_usersidlist(4724)
Could not get the user/sid list
"net groupmap list" returns:
Domain Users (S-1-5-21-713085561-268141546-2762641992-513) -> domusers
Domain Admins (S-1-5-21-713085561-268141546-2762641992-512) -> domadmins
Hosts (S-1-5-21-713085561-268141546-2762641992-515) -> domhosts
Winbind logfile shows:
[2007/08/23 17:43:43, 0] libsmb/clientgen.c:cli_receive_smb(112)
Receiving SMB: Server stopped responding
testparm shows no errors. Output follows:
root at bubba:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[Data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = AMFESLAN.LOCAL
realm = AMFESLAN.LOCAL
server string = %h server (Samba, Ubuntu)
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost
algorithmic rid base = 1000
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = "cn=admin,dc=amfeslan,dc=local"
ldap group suffix = ou=group
ldap idmap suffix = ou=People
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=amfeslan,dc=local
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
idmap backend = ldap
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
recycle:keeptree = yes
recycle:versions = yes
printing = cups
print command =
lpq command = %p
lprm command =
veto oplock files = /*.QBW/*.qbw/*.MDB/*.mdb/
vfs objects = recycle
[share specific stuff]
--
Daniel
More information about the samba
mailing list