[Samba] Samba 3.2 Ldap problem
Ernesto Silva
silva at ort.edu.uy
Thu Jul 3 23:47:47 GMT 2008
Ok, that's a posibility, I know very little about the protocol internals. On the contrary I used to have an old samba server (appart from server A) authenticating against the Ldap simultaneously with Server A.
That old server is what I'm really trying to duplicate with a new installation on new hardware.
Thanks, regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
Quinn Fissler wrote:
> I think that you overlooked the SID
>
> In standalone mode you're not worrying about a domain - the data in LDAP
> is for your old server.
>
> The new samba installation has a new SID and it's doing its search in
> LDAP for that, finding no users.
>
> I've only used samba and ldap in a domain so don't know much about your
> options in standalone mode.
>
>
>
> 2008/7/2 Ernesto Silva <silva at ort.edu.uy <mailto:silva at ort.edu.uy>>:
>
> Hi,
> I've running a samba 3.0.22-13.30 server in standalone mode
> (security=user) for quite a while. It's authenticated against an
> openLdap and works great, say Server A.
>
> A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
> it came with samba 3.2.0-18, so as I'm very lazy I copied the
> smb.conf file from the working server to the new one with little
> modifications like the netbios name and which shares it serves, say
> Server B. I'm connecting to the same Ldap server.
>
> The problem is that I can't reach any share, from the Server B logs...
>
> [2008/07/01 04:54:01, 1]
> passdb/pdb_ldap.c:init_sam_from_ldap(567)
> init_sam_from_ldap: No uid attribute found for this user!
> [2008/07/01 04:54:01, 1]
> passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
> ldapsam_getsampwnam: init_sam_from_ldap failed for user
> 'xxxxx'!
>
> I've been "googleing" for the last 8 hours and I can't fix the
> problem, with a more verbose debug level I can see that the Ldap
> connection works fine. I've also checked the Ldap logs and
> everything is fine.
>
> May be it's a problem with idmap-ing.
>
> Here is my smb.conf file from the Server B, I've placed comments on
> lines which differ from the Server A and commented out lines I
> believe are not relevant to Server B.
>
> -----------------------------------------------------------------
> [global]
>
> passdb expand explicit = no
> utmp = Yes
> workgroup = CPD
> netbios name = OPEN # I've changed the
> server string = File Server
> passdb backend = ldapsam:ldap://ldapon.my.company
> time server = Yes
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> username map = /etc/samba/smbusers
> map to guest = Bad User
> wins support = no # it's 'Yes' in the old server
> local master = no # it's 'Yes' in the old server
> domain master = no # it's 'Yes' in the old server
> domain logons = no # it's 'Yes' in the old server
> security = user
> preferred master = no
> os level = 64
> encrypt passwords = yes
> # logon script = test.bat
> # logon path = \\%L\profiles\%U
> # logon home = \\%L\%U
> # logon drive = z:
> # add user script = ldapsmb -a -u "%u"
> # delete user script = ldapsmb -d -u "%u"
> # add machine script = ldapsmb -a -s -wks "%u" -v --logfile
> /var/log/samba/ldapsmb.log
> # add group script = ldapsmb -a -g "%g"
> # delete group script = ldapsmb -d -g "%g"
> # add user to group script = ldapsmb -j -u "%u" -g "%g"
> # delete user from group script = ldapsmb -j -u "%u" -g "%g"
> # set primary group script = ldapsmb -m -u "%u" -gid "%g"
> ldap admin dn = cn=Manager,dc=my,dc=company
> ldap suffix = dc=my,dc=company
> ldap machine suffix = ou=Computers
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap user suffix = ou=People
> ldap passwd sync = Yes
> log file = /var/log/samba/%m.log
> log level = 1
> load printers = no
>
>
> [www2]
> comment = webpages
> path = /path/to/webpages
> public = no
> writeable = yes
> browseable = yes
> valid users = +groupA +groupB
> force user = www2
> create mask = 0775
> dont descend = /bin,/boot,/dev,/etc,/lib,.....
>
> -----------------------------------------------------------------
>
>
> Please, any ideas?
>
> Best regards,
> --
> Ing. Ernesto Silva.
> Coordinador de Desarrollo Web y Sistemas Abiertos
> Centro de Procesamiento de Datos
> Universidad ORT Uruguay.
> E-mail: silva at ort.edu.uy <mailto:silva at ort.edu.uy>
> Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102 Fax: (+5982) 900-2952
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list