[Samba] Samba 3.2 Ldap problem

Ernesto Silva silva at ort.edu.uy
Wed Jul 2 00:16:56 GMT 2008

	I've running a samba 3.0.22-13.30 server in standalone mode (security=user) for quite a while. It's authenticated against an openLdap and works great, say Server A.

A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the working server to the new one  with little modifications like the netbios name and which shares it serves, say Server B. I'm connecting to the same Ldap server.

The problem is that I can't reach any share, from the Server B logs...

	[2008/07/01 04:54:01,  1] passdb/pdb_ldap.c:init_sam_from_ldap(567)
	  init_sam_from_ldap: No uid attribute found for this user!
	[2008/07/01 04:54:01,  1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
	  ldapsam_getsampwnam: init_sam_from_ldap failed for user 'xxxxx'!

I've been "googleing" for the last 8 hours and I can't fix the problem, with a more verbose debug level I can see that the Ldap connection works fine. I've also checked the Ldap logs and everything is fine.

May be it's a problem with idmap-ing.

Here is my smb.conf file from the Server B, I've placed comments on lines which differ from the Server A and commented out lines I believe are not relevant to Server B.


    passdb expand explicit = no
    utmp = Yes
    workgroup = CPD
    netbios name = OPEN                # I've changed the
    server string = File Server
    passdb backend = ldapsam:ldap://ldapon.my.company
    time server = Yes
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    username map = /etc/samba/smbusers
    map to guest = Bad User
    wins support = no                  # it's 'Yes' in the old server
    local master = no                  # it's 'Yes' in the old server
    domain master = no                 # it's 'Yes' in the old server
    domain logons = no                 # it's 'Yes' in the old server
    security = user
    preferred master = no
    os level = 64
    encrypt passwords = yes
#    logon script = test.bat
#    logon path = \\%L\profiles\%U
#    logon home = \\%L\%U
#    logon drive = z:
#    add user script = ldapsmb -a -u "%u"
#    delete user script = ldapsmb -d -u "%u"
#    add machine script = ldapsmb -a -s -wks "%u" -v --logfile /var/log/samba/ldapsmb.log
#    add group script = ldapsmb -a -g "%g"
#    delete group script = ldapsmb -d -g "%g"
#    add user to group script = ldapsmb -j -u "%u" -g "%g"
#    delete user from group script = ldapsmb -j -u "%u" -g "%g"
#    set primary group script = ldapsmb -m -u "%u" -gid "%g"
    ldap admin dn   = cn=Manager,dc=my,dc=company
    ldap suffix     = dc=my,dc=company
    ldap machine suffix     = ou=Computers
    ldap group suffix   = ou=Groups
    ldap idmap suffix   = ou=Idmap
    ldap user suffix    = ou=People
    ldap passwd sync    = Yes
    log file = /var/log/samba/%m.log
    log level = 1
    load printers = no

    comment = webpages
    path = /path/to/webpages
    public = no
    writeable = yes
    browseable = yes
    valid users = +groupA +groupB
    force user = www2
    create mask = 0775
    dont descend = /bin,/boot,/dev,/etc,/lib,.....


Please, any ideas?

Best regards,
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 
Fax: (+5982) 900-2952

More information about the samba mailing list