[Samba] Samba 3.2 Ldap problem

Ernesto Silva silva at ort.edu.uy
Thu Jul 3 23:47:27 GMT 2008


Kevin, unix users works fine, I can login into the server with my username and password with both stored in the directory, the only "problem" here is that I don't have a home directory so I the Linux server warns me and assumes '/'.

Regards,
-- 
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 
Fax: (+5982) 900-2952


Kevin Bedford wrote:
> Ernesto Silva wrote:
>> Hi,
>>     I've running a samba 3.0.22-13.30 server in standalone mode 
>> (security=user) for quite a while. It's authenticated against an 
>> openLdap and works great, say Server A.
>>
>> A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it 
>> came with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf 
>> file from the working server to the new one  with little modifications 
>> like the netbios name and which shares it serves, say Server B. I'm 
>> connecting to the same Ldap server.
>>
>> The problem is that I can't reach any share, from the Server B logs...
>>
>>     [2008/07/01 04:54:01,  1] passdb/pdb_ldap.c:init_sam_from_ldap(567)
>>       init_sam_from_ldap: No uid attribute found for this user!
>>     [2008/07/01 04:54:01,  1] passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
>>       ldapsam_getsampwnam: init_sam_from_ldap failed for user 'xxxxx'!
>>
>> I've been "googleing" for the last 8 hours and I can't fix the 
>> problem, with a more verbose debug level I can see that the Ldap 
>> connection works fine. I've also checked the Ldap logs and everything 
>> is fine.
>>
>> May be it's a problem with idmap-ing.
>>
>> Here is my smb.conf file from the Server B, I've placed comments on 
>> lines which differ from the Server A and commented out lines I believe 
>> are not relevant to Server B.
>>
>> -----------------------------------------------------------------
>> [global]
>>
>>    passdb expand explicit = no
>>    utmp = Yes
>>    workgroup = CPD
>>    netbios name = OPEN                # I've changed the
>>    server string = File Server
>>    passdb backend = ldapsam:ldap://ldapon.my.company
>>    time server = Yes
>>    printing = cups
>>    printcap name = cups
>>    printcap cache time = 750
>>    cups options = raw
>>    username map = /etc/samba/smbusers
>>    map to guest = Bad User
>>    wins support = no                  # it's 'Yes' in the old server
>>    local master = no                  # it's 'Yes' in the old server
>>    domain master = no                 # it's 'Yes' in the old server
>>    domain logons = no                 # it's 'Yes' in the old server
>>    security = user
>>    preferred master = no
>>    os level = 64
>>    encrypt passwords = yes
>> #    logon script = test.bat
>> #    logon path = \\%L\profiles\%U
>> #    logon home = \\%L\%U
>> #    logon drive = z:
>> #    add user script = ldapsmb -a -u "%u"
>> #    delete user script = ldapsmb -d -u "%u"
>> #    add machine script = ldapsmb -a -s -wks "%u" -v --logfile 
>> /var/log/samba/ldapsmb.log
>> #    add group script = ldapsmb -a -g "%g"
>> #    delete group script = ldapsmb -d -g "%g"
>> #    add user to group script = ldapsmb -j -u "%u" -g "%g"
>> #    delete user from group script = ldapsmb -j -u "%u" -g "%g"
>> #    set primary group script = ldapsmb -m -u "%u" -gid "%g"
>>    ldap admin dn   = cn=Manager,dc=my,dc=company
>>    ldap suffix     = dc=my,dc=company
>>    ldap machine suffix     = ou=Computers
>>    ldap group suffix   = ou=Groups
>>    ldap idmap suffix   = ou=Idmap
>>    ldap user suffix    = ou=People
>>    ldap passwd sync    = Yes
>>    log file = /var/log/samba/%m.log
>>    log level = 1
>>    load printers = no
>>
>>
>> [www2]
>>    comment = webpages
>>    path = /path/to/webpages
>>    public = no
>>    writeable = yes
>>    browseable = yes
>>    valid users = +groupA +groupB
>>    force user = www2
>>    create mask = 0775
>>    dont descend = /bin,/boot,/dev,/etc,/lib,.....
>>
>> -----------------------------------------------------------------
>>
>>
>> Please, any ideas?
>>
>> Best regards,
> Is the new server set up to resolve Unix uid's and gid's from your LDAP 
> server?  Just a thought.
> 
> Cheers
> 
> 



More information about the samba mailing list