[Samba] Samba 3.2 Ldap problem

Ernesto Silva silva at ort.edu.uy
Thu Jul 3 23:47:47 GMT 2008 

Ok, that's a posibility, I know very little about the protocol internals. On the contrary I used to have an old samba server (appart from server A) authenticating against the Ldap simultaneously with Server A.

That old server is what I'm really trying to duplicate with a new installation on new hardware.

Thanks, regards,
-- 
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 
Fax: (+5982) 900-2952


Quinn Fissler wrote:
> I think that you overlooked the SID
> 
> In standalone mode you're not worrying about a domain - the data in LDAP 
> is for your old server.
> 
> The new samba installation has a new SID and it's doing its search in 
> LDAP for that, finding no users.
> 
> I've only used samba and ldap in a domain so don't know much about your 
> options in standalone mode.
> 
> 
> 
> 2008/7/2 Ernesto Silva <silva at ort.edu.uy <mailto:silva at ort.edu.uy>>:
> 
>     Hi,
>            I've running a samba 3.0.22-13.30 server in standalone mode
>     (security=user) for quite a while. It's authenticated against an
>     openLdap and works great, say Server A.
> 
>     A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
>     it came with samba 3.2.0-18, so as I'm very lazy I copied the
>     smb.conf file from the working server to the new one  with little
>     modifications like the netbios name and which shares it serves, say
>     Server B. I'm connecting to the same Ldap server.
> 
>     The problem is that I can't reach any share, from the Server B logs...
> 
>            [2008/07/01 04:54:01,  1]
>     passdb/pdb_ldap.c:init_sam_from_ldap(567)
>              init_sam_from_ldap: No uid attribute found for this user!
>            [2008/07/01 04:54:01,  1]
>     passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
>              ldapsam_getsampwnam: init_sam_from_ldap failed for user
>     'xxxxx'!
> 
>     I've been "googleing" for the last 8 hours and I can't fix the
>     problem, with a more verbose debug level I can see that the Ldap
>     connection works fine. I've also checked the Ldap logs and
>     everything is fine.
> 
>     May be it's a problem with idmap-ing.
> 
>     Here is my smb.conf file from the Server B, I've placed comments on
>     lines which differ from the Server A and commented out lines I
>     believe are not relevant to Server B.
> 
>     -----------------------------------------------------------------
>     [global]
> 
>       passdb expand explicit = no
>       utmp = Yes
>       workgroup = CPD
>       netbios name = OPEN                # I've changed the
>       server string = File Server
>       passdb backend = ldapsam:ldap://ldapon.my.company
>       time server = Yes
>       printing = cups
>       printcap name = cups
>       printcap cache time = 750
>       cups options = raw
>       username map = /etc/samba/smbusers
>       map to guest = Bad User
>       wins support = no                  # it's 'Yes' in the old server
>       local master = no                  # it's 'Yes' in the old server
>       domain master = no                 # it's 'Yes' in the old server
>       domain logons = no                 # it's 'Yes' in the old server
>       security = user
>       preferred master = no
>       os level = 64
>       encrypt passwords = yes
>     #    logon script = test.bat
>     #    logon path = \\%L\profiles\%U
>     #    logon home = \\%L\%U
>     #    logon drive = z:
>     #    add user script = ldapsmb -a -u "%u"
>     #    delete user script = ldapsmb -d -u "%u"
>     #    add machine script = ldapsmb -a -s -wks "%u" -v --logfile
>     /var/log/samba/ldapsmb.log
>     #    add group script = ldapsmb -a -g "%g"
>     #    delete group script = ldapsmb -d -g "%g"
>     #    add user to group script = ldapsmb -j -u "%u" -g "%g"
>     #    delete user from group script = ldapsmb -j -u "%u" -g "%g"
>     #    set primary group script = ldapsmb -m -u "%u" -gid "%g"
>       ldap admin dn   = cn=Manager,dc=my,dc=company
>       ldap suffix     = dc=my,dc=company
>       ldap machine suffix     = ou=Computers
>       ldap group suffix   = ou=Groups
>       ldap idmap suffix   = ou=Idmap
>       ldap user suffix    = ou=People
>       ldap passwd sync    = Yes
>       log file = /var/log/samba/%m.log
>       log level = 1
>       load printers = no
> 
> 
>     [www2]
>       comment = webpages
>       path = /path/to/webpages
>       public = no
>       writeable = yes
>       browseable = yes
>       valid users = +groupA +groupB
>       force user = www2
>       create mask = 0775
>       dont descend = /bin,/boot,/dev,/etc,/lib,.....
> 
>     -----------------------------------------------------------------
> 
> 
>     Please, any ideas?
> 
>     Best regards,
>     -- 
>     Ing. Ernesto Silva.
>     Coordinador de Desarrollo Web y Sistemas Abiertos
>     Centro de Procesamiento de Datos
>     Universidad ORT Uruguay.
>     E-mail: silva at ort.edu.uy <mailto:silva at ort.edu.uy>
>     Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 Fax: (+5982) 900-2952
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
>

More information about the samba mailing list