[Samba] ldapsam backend for standalone server - is it possible?

J Xu janix2000 at yahoo.co.uk
Tue May 8 11:53:59 GMT 2007

Hi, List,

I am wondering if it is possible to set up a
standalone server with ldapsam backend. I mean, not to
set it up as a domain controller; ideally I don't want
a windows domain but would like to stick with the
windows workgroup mode.

All the samba officail documents and other docs on the
web are for set it up as a [primary|backup] domain

Below I list the mimimal working samba configurations:

        workgroup = MYGROUP
        netbios name = LDAPSMB
        server string = Samba Server
        security = user
        passdb backend = ldapsam:ldap://
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192
        printcap name = /etc/printcap
        dns proxy = No
        ldap admin dn = "cn=admin,dc=mydomain,dc=com"
        ldap suffix = dc=mydomain,dc=com
        ldap group suffix = ou=Groups
        ldap user suffix = ou=People
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        cups options = raw
        local master = yes
        preferred master = yes
        os level = 33
        domain master = yes
        domain logons = yes

        comment = Home Directories
        read only = No
        browseable = No

        comment = Network Logon Service
        path = /home/samba/netlogon
        share modes = No

        path = /home/samba/profiles
        browseable = No

        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

This setup is more or less for a backup domain
controller. If I remove "domain master = yes" and
"domain logons = yes" directives and netlogon and
profiles shares, I then can not login - "smbclient
//localhost/<testuser>" would give an error like this:

session setup failed: NT_STATUS_LOGON_FAILURE

Any help please?

1) I know how to set up a standalone server with
tdbsam backend and I can  setup a ldapsam based domain
controller. Just that I could't get a standalone
server with ldapsam backend.
2) I've put effort to make sure I have proper SIDs in
my ldap database. During attempts to setup a
standalone server, I tried to change all user/group
SIDs to the local domain (i.e., the one got with "net
getlocalsid"), of course with appreciated RIDs
appended. And of couser the domain SID (i.e., the one
got with "net getdomainsid <mygroup>") only worked
when I set the samba server as domain controller. I
even tried to start with a clean ldap database and
empty samba secrets.tdb.

What kind of emailer are you? Find out today - get a free analysis of your email personality. Take the quiz at the Yahoo! Mail Championship. 

More information about the samba mailing list