[Samba] Setting up new Samba domain (again)

Daniel L. Miller dmiller at amfes.com
Fri Aug 24 00:51:00 GMT 2007


Hi!

I'm trying to get a Samba-based domain working properly.  I'm using an 
LDAP backend.  Right now all the users have been created, and machine 
accounts as well - but some things at the domain level aren't 100%.  
Adding new machines usually results in a error, which I get around and 
then have it working - but I continue to see error messages in the 
logs.  I'm assuming it's something to do with an SID/RID situation.  I 
also cannot run winbind.

My ldap configuration appears to be good - samba/nss/pam are all happy 
reading the base username/password info from my directory.  A question - 
user-related commands typically operate without error, but host-related 
commands typically return something like:

net lookup name daniel$
[2007/08/23 17:48:02, 0] passdb/pdb_get_set.c:pdb_get_group_sid(211)
  pdb_get_group_sid: Failed to find Unix account for daniel$

I have my users in a ou=People,dc=etc... and my hosts in a 
ou=machines,dc=etc...  Is it a problem to have the hosts separate?  Or 
do I need to have both the Hosts and Users visible to my nss/pam ldap 
searches?

"net rpc user" returns the list of users defined in LDAP.  Other "net 
rpc" and "net rap" commands also seem to work fine.

"net getdomainsid" returns:
SID for domain BUBBA is: S-1-5-21-3700198395-718176177-3880976514
SID for domain AMFESLAN.LOCAL is: S-1-5-21-713085561-268141546-2762641992
There shouldn't be a "BUBBA" domain (that's the name of the server).

"net sam list builtin" returns nothing.

"net usersidlist" returns:
[2007/08/23 17:44:38, 0] utils/net_rpc.c:net_usersidlist(4724)
  Could not get the user/sid list

"net groupmap list" returns:
Domain Users (S-1-5-21-713085561-268141546-2762641992-513) -> domusers
Domain Admins (S-1-5-21-713085561-268141546-2762641992-512) -> domadmins
Hosts (S-1-5-21-713085561-268141546-2762641992-515) -> domhosts

Winbind logfile shows:
[2007/08/23 17:43:43, 0] libsmb/clientgen.c:cli_receive_smb(112)
  Receiving SMB: Server stopped responding

testparm shows no errors.  Output follows:
root at bubba:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[Data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = AMFESLAN.LOCAL
        realm = AMFESLAN.LOCAL
        server string = %h server (Samba, Ubuntu)
        obey pam restrictions = Yes
        passdb backend = ldapsam:ldap://localhost
        algorithmic rid base = 1000
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        time server = Yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x 
"%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap admin dn = "cn=admin,dc=amfeslan,dc=local"
        ldap group suffix = ou=group
        ldap idmap suffix = ou=People
        ldap machine suffix = ou=machines
        ldap passwd sync = Yes
        ldap suffix = dc=amfeslan,dc=local
        ldap ssl = no
        ldap user suffix = ou=People
        panic action = /usr/share/samba/panic-action %d
        idmap backend = ldap
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        recycle:keeptree = yes
        recycle:versions = yes
        printing = cups
        print command =
        lpq command = %p
        lprm command =
        veto oplock files = /*.QBW/*.qbw/*.MDB/*.mdb/
        vfs objects = recycle

[share specific stuff]


-- 
Daniel


More information about the samba mailing list