[Samba] Samba 3.2 Ldap problem
Ernesto Silva
silva at ort.edu.uy
Thu Jul 3 23:47:19 GMT 2008
Kissg,
the ldap connection works fine, I've posted some ldap log lines and there is no problem there. I still believe the problem is in the idmap phase.
thanks, regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
kissg wrote:
> Have you installed the libnss-ldap module on Server B? It's required if
> you have your users in an LDAP-database.
>
> What do you see if you type the command on Server B:
>
> id <username>
>
> For example, I have a user in my LDAP database, named "kissg_02a". In my
> case, I see the followings:
>
> root at lemontree# id kissg_02a
> uid=10003(kissg_02a) gid=513(Domain Users) groups=513(Domain Users)
>
> Try to set "loglevel 256" on your slapd.conf and look for entries in
> your syslog file, which have an "err" value, other than zero. If you
> don't have any, it means that communication with the LDAP-server works
> as expected, but Samba cannot access the uid attribute. It can also be,
> that the samba.schema file changed since Samba version 3.0, and the new
> version stores UIDs in a different attribute or in a different place of
> the LDAP directory structure. Check if there is a new version available
> for Samba 3.2.
>
> Best regards
> Gergely Kiss
>
> 2008/7/2 Ernesto Silva <silva at ort.edu.uy <mailto:silva at ort.edu.uy>>:
>
> Hi,
> I've running a samba 3.0.22-13.30 server in standalone mode
> (security=user) for quite a while. It's authenticated against an
> openLdap and works great, say Server A.
>
> A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
> it came with samba 3.2.0-18, so as I'm very lazy I copied the
> smb.conf file from the working server to the new one with little
> modifications like the netbios name and which shares it serves, say
> Server B. I'm connecting to the same Ldap server.
>
> The problem is that I can't reach any share, from the Server B logs...
>
> [2008/07/01 04:54:01, 1]
> passdb/pdb_ldap.c:init_sam_from_ldap(567)
> init_sam_from_ldap: No uid attribute found for this user!
> [2008/07/01 04:54:01, 1]
> passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
> ldapsam_getsampwnam: init_sam_from_ldap failed for user
> 'xxxxx'!
>
> I've been "googleing" for the last 8 hours and I can't fix the
> problem, with a more verbose debug level I can see that the Ldap
> connection works fine. I've also checked the Ldap logs and
> everything is fine.
>
> May be it's a problem with idmap-ing.
>
> Here is my smb.conf file from the Server B, I've placed comments on
> lines which differ from the Server A and commented out lines I
> believe are not relevant to Server B.
>
> -----------------------------------------------------------------
> [global]
>
> passdb expand explicit = no
> utmp = Yes
> workgroup = CPD
> netbios name = OPEN # I've changed the
> server string = File Server
> passdb backend = ldapsam:ldap://ldapon.my.company
> time server = Yes
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> username map = /etc/samba/smbusers
> map to guest = Bad User
> wins support = no # it's 'Yes' in the old server
> local master = no # it's 'Yes' in the old server
> domain master = no # it's 'Yes' in the old server
> domain logons = no # it's 'Yes' in the old server
> security = user
> preferred master = no
> os level = 64
> encrypt passwords = yes
> # logon script = test.bat
> # logon path = \\%L\profiles\%U
> # logon home = \\%L\%U
> # logon drive = z:
> # add user script = ldapsmb -a -u "%u"
> # delete user script = ldapsmb -d -u "%u"
> # add machine script = ldapsmb -a -s -wks "%u" -v --logfile
> /var/log/samba/ldapsmb.log
> # add group script = ldapsmb -a -g "%g"
> # delete group script = ldapsmb -d -g "%g"
> # add user to group script = ldapsmb -j -u "%u" -g "%g"
> # delete user from group script = ldapsmb -j -u "%u" -g "%g"
> # set primary group script = ldapsmb -m -u "%u" -gid "%g"
> ldap admin dn = cn=Manager,dc=my,dc=company
> ldap suffix = dc=my,dc=company
> ldap machine suffix = ou=Computers
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap user suffix = ou=People
> ldap passwd sync = Yes
> log file = /var/log/samba/%m.log
> log level = 1
> load printers = no
>
>
> [www2]
> comment = webpages
> path = /path/to/webpages
> public = no
> writeable = yes
> browseable = yes
> valid users = +groupA +groupB
> force user = www2
> create mask = 0775
> dont descend = /bin,/boot,/dev,/etc,/lib,.....
>
> -----------------------------------------------------------------
>
>
> Please, any ideas?
>
> Best regards,
> --
> Ing. Ernesto Silva.
> Coordinador de Desarrollo Web y Sistemas Abiertos
> Centro de Procesamiento de Datos
> Universidad ORT Uruguay.
> E-mail: silva at ort.edu.uy <mailto:silva at ort.edu.uy>
> Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102 Fax: (+5982) 900-2952
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list