[Samba] Samba 3.2 Ldap problem

Ernesto Silva silva at ort.edu.uy
Thu Jul 3 23:47:19 GMT 2008 

Kissg,
	the ldap connection works fine, I've posted some ldap log lines and there is no problem there. I still believe the problem is in the idmap phase.

thanks, regards,
-- 
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 
Fax: (+5982) 900-2952


kissg wrote:
> Have you installed the libnss-ldap module on Server B? It's required if 
> you have your users in an LDAP-database.
> 
> What do you see if you type the command on Server B:
> 
> id <username>
> 
> For example, I have a user in my LDAP database, named "kissg_02a". In my 
> case, I see the followings:
> 
> root at lemontree# id kissg_02a
> uid=10003(kissg_02a) gid=513(Domain Users) groups=513(Domain Users)
> 
> Try to set "loglevel 256" on your slapd.conf and look for entries in 
> your syslog file, which have an "err" value, other than zero. If you 
> don't have any, it means that communication with the LDAP-server works 
> as expected, but Samba cannot access the uid attribute. It can also be, 
> that the samba.schema file changed since Samba version 3.0, and the new 
> version stores UIDs in a different attribute or in a different place of 
> the LDAP directory structure. Check if there is a new version available 
> for Samba 3.2.
> 
> Best regards
> Gergely Kiss
> 
> 2008/7/2 Ernesto Silva <silva at ort.edu.uy <mailto:silva at ort.edu.uy>>:
> 
>     Hi,
>            I've running a samba 3.0.22-13.30 server in standalone mode
>     (security=user) for quite a while. It's authenticated against an
>     openLdap and works great, say Server A.
> 
>     A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
>     it came with samba 3.2.0-18, so as I'm very lazy I copied the
>     smb.conf file from the working server to the new one  with little
>     modifications like the netbios name and which shares it serves, say
>     Server B. I'm connecting to the same Ldap server.
> 
>     The problem is that I can't reach any share, from the Server B logs...
> 
>            [2008/07/01 04:54:01,  1]
>     passdb/pdb_ldap.c:init_sam_from_ldap(567)
>              init_sam_from_ldap: No uid attribute found for this user!
>            [2008/07/01 04:54:01,  1]
>     passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
>              ldapsam_getsampwnam: init_sam_from_ldap failed for user
>     'xxxxx'!
> 
>     I've been "googleing" for the last 8 hours and I can't fix the
>     problem, with a more verbose debug level I can see that the Ldap
>     connection works fine. I've also checked the Ldap logs and
>     everything is fine.
> 
>     May be it's a problem with idmap-ing.
> 
>     Here is my smb.conf file from the Server B, I've placed comments on
>     lines which differ from the Server A and commented out lines I
>     believe are not relevant to Server B.
> 
>     -----------------------------------------------------------------
>     [global]
> 
>       passdb expand explicit = no
>       utmp = Yes
>       workgroup = CPD
>       netbios name = OPEN                # I've changed the
>       server string = File Server
>       passdb backend = ldapsam:ldap://ldapon.my.company
>       time server = Yes
>       printing = cups
>       printcap name = cups
>       printcap cache time = 750
>       cups options = raw
>       username map = /etc/samba/smbusers
>       map to guest = Bad User
>       wins support = no                  # it's 'Yes' in the old server
>       local master = no                  # it's 'Yes' in the old server
>       domain master = no                 # it's 'Yes' in the old server
>       domain logons = no                 # it's 'Yes' in the old server
>       security = user
>       preferred master = no
>       os level = 64
>       encrypt passwords = yes
>     #    logon script = test.bat
>     #    logon path = \\%L\profiles\%U
>     #    logon home = \\%L\%U
>     #    logon drive = z:
>     #    add user script = ldapsmb -a -u "%u"
>     #    delete user script = ldapsmb -d -u "%u"
>     #    add machine script = ldapsmb -a -s -wks "%u" -v --logfile
>     /var/log/samba/ldapsmb.log
>     #    add group script = ldapsmb -a -g "%g"
>     #    delete group script = ldapsmb -d -g "%g"
>     #    add user to group script = ldapsmb -j -u "%u" -g "%g"
>     #    delete user from group script = ldapsmb -j -u "%u" -g "%g"
>     #    set primary group script = ldapsmb -m -u "%u" -gid "%g"
>       ldap admin dn   = cn=Manager,dc=my,dc=company
>       ldap suffix     = dc=my,dc=company
>       ldap machine suffix     = ou=Computers
>       ldap group suffix   = ou=Groups
>       ldap idmap suffix   = ou=Idmap
>       ldap user suffix    = ou=People
>       ldap passwd sync    = Yes
>       log file = /var/log/samba/%m.log
>       log level = 1
>       load printers = no
> 
> 
>     [www2]
>       comment = webpages
>       path = /path/to/webpages
>       public = no
>       writeable = yes
>       browseable = yes
>       valid users = +groupA +groupB
>       force user = www2
>       create mask = 0775
>       dont descend = /bin,/boot,/dev,/etc,/lib,.....
> 
>     -----------------------------------------------------------------
> 
> 
>     Please, any ideas?
> 
>     Best regards,
>     -- 
>     Ing. Ernesto Silva.
>     Coordinador de Desarrollo Web y Sistemas Abiertos
>     Centro de Procesamiento de Datos
>     Universidad ORT Uruguay.
>     E-mail: silva at ort.edu.uy <mailto:silva at ort.edu.uy>
>     Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 Fax: (+5982) 900-2952
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
>

More information about the samba mailing list