[Samba] Samba 3.2 Ldap problem

kissg mail.gery at gmail.com
Wed Jul 2 06:16:00 GMT 2008 

Have you installed the libnss-ldap module on Server B? It's required if you
have your users in an LDAP-database.

What do you see if you type the command on Server B:

id <username>

For example, I have a user in my LDAP database, named "kissg_02a". In my
case, I see the followings:

root at lemontree# id kissg_02a
uid=10003(kissg_02a) gid=513(Domain Users) groups=513(Domain Users)

Try to set "loglevel 256" on your slapd.conf and look for entries in your
syslog file, which have an "err" value, other than zero. If you don't have
any, it means that communication with the LDAP-server works as expected, but
Samba cannot access the uid attribute. It can also be, that the samba.schema
file changed since Samba version 3.0, and the new version stores UIDs in a
different attribute or in a different place of the LDAP directory structure.
Check if there is a new version available for Samba 3.2.

Best regards
Gergely Kiss

2008/7/2 Ernesto Silva <silva at ort.edu.uy>:

> Hi,
>        I've running a samba 3.0.22-13.30 server in standalone mode
> (security=user) for quite a while. It's authenticated against an openLdap
> and works great, say Server A.
>
> A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came
> with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the
> working server to the new one  with little modifications like the netbios
> name and which shares it serves, say Server B. I'm connecting to the same
> Ldap server.
>
> The problem is that I can't reach any share, from the Server B logs...
>
>        [2008/07/01 04:54:01,  1] passdb/pdb_ldap.c:init_sam_from_ldap(567)
>          init_sam_from_ldap: No uid attribute found for this user!
>        [2008/07/01 04:54:01,  1]
> passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
>          ldapsam_getsampwnam: init_sam_from_ldap failed for user 'xxxxx'!
>
> I've been "googleing" for the last 8 hours and I can't fix the problem,
> with a more verbose debug level I can see that the Ldap connection works
> fine. I've also checked the Ldap logs and everything is fine.
>
> May be it's a problem with idmap-ing.
>
> Here is my smb.conf file from the Server B, I've placed comments on lines
> which differ from the Server A and commented out lines I believe are not
> relevant to Server B.
>
> -----------------------------------------------------------------
> [global]
>
>   passdb expand explicit = no
>   utmp = Yes
>   workgroup = CPD
>   netbios name = OPEN                # I've changed the
>   server string = File Server
>   passdb backend = ldapsam:ldap://ldapon.my.company
>   time server = Yes
>   printing = cups
>   printcap name = cups
>   printcap cache time = 750
>   cups options = raw
>   username map = /etc/samba/smbusers
>   map to guest = Bad User
>   wins support = no                  # it's 'Yes' in the old server
>   local master = no                  # it's 'Yes' in the old server
>   domain master = no                 # it's 'Yes' in the old server
>   domain logons = no                 # it's 'Yes' in the old server
>   security = user
>   preferred master = no
>   os level = 64
>   encrypt passwords = yes
> #    logon script = test.bat
> #    logon path = \\%L\profiles\%U
> #    logon home = \\%L\%U
> #    logon drive = z:
> #    add user script = ldapsmb -a -u "%u"
> #    delete user script = ldapsmb -d -u "%u"
> #    add machine script = ldapsmb -a -s -wks "%u" -v --logfile
> /var/log/samba/ldapsmb.log
> #    add group script = ldapsmb -a -g "%g"
> #    delete group script = ldapsmb -d -g "%g"
> #    add user to group script = ldapsmb -j -u "%u" -g "%g"
> #    delete user from group script = ldapsmb -j -u "%u" -g "%g"
> #    set primary group script = ldapsmb -m -u "%u" -gid "%g"
>   ldap admin dn   = cn=Manager,dc=my,dc=company
>   ldap suffix     = dc=my,dc=company
>   ldap machine suffix     = ou=Computers
>   ldap group suffix   = ou=Groups
>   ldap idmap suffix   = ou=Idmap
>   ldap user suffix    = ou=People
>   ldap passwd sync    = Yes
>   log file = /var/log/samba/%m.log
>   log level = 1
>   load printers = no
>
>
> [www2]
>   comment = webpages
>   path = /path/to/webpages
>   public = no
>   writeable = yes
>   browseable = yes
>   valid users = +groupA +groupB
>   force user = www2
>   create mask = 0775
>   dont descend = /bin,/boot,/dev,/etc,/lib,.....
>
> -----------------------------------------------------------------
>
>
> Please, any ideas?
>
> Best regards,
> --
> Ing. Ernesto Silva.
> Coordinador de Desarrollo Web y Sistemas Abiertos
> Centro de Procesamiento de Datos
> Universidad ORT Uruguay.
> E-mail: silva at ort.edu.uy
> Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 Fax: (+5982) 900-2952
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list