[Samba] Samba 3.2 Ldap problem
silva at ort.edu.uy
Fri Jul 4 00:15:07 GMT 2008
I didn't copied the secrets.tdb, I've used smbpasswd -w. In my Ldap I have an object named "sambaDomainName=OPEN,dc=my,dc=company" which I didn't create, it's automagically created by samba. That object has it's own sid, I've even deleted the secrets.tdb file and the ldap OPEN object, they are recreated with "smbpasswd -w xxxxx", so I assume everything is automagically right.
In addition I've tried the index on sambaSID attribute, I already have an "eq" index on it, and I can't create a "sub" index, I think this is because of the attribute definition.
I've updated to samba-3.2.0-21 but I'm still stuck.
I'm worried about your comment on users located by sid as all my users already has a sid assigned, is that sid server-dependant? I must assume it isn't, it's only user-dependant, isn't it?
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva at ort.edu.uy
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
> On Tue, Jul 1, 2008 at 8:16 PM, Ernesto Silva <silva at ort.edu.uy> wrote:
>> A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came
>> with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the
>> working server to the new one with little modifications like the netbios
>> name and which shares it serves, say Server B. I'm connecting to the same
>> Ldap server.
> Did you copy over the secrets.tdb as well? If not, you are going to
> have to use "net setlocalsid" to set the machine SID to match the old
> one, and "smbpasswd -w" to set the LDAP access password. Samba tracks
> users by SID now (which I don't like, personally, but it's something
> that the Samba Team apparently had to do if they wanted to
> interoperate with later versions of Microsoft's networking stack) so
> your users will have SIDs that were created by the old system.
> You also will want to put a "sub" index on the sambaSID attribute in
> OpenLDAP's slapd.conf file if you haven't already done so. Later
> versions of samba need it... you get a nice efficiency boost. Um, and
> watch your search limits in OpenLDAP also -the "machine suffix" and
> "user suffix" parameters in smb.conf are not applied as filters in the
> searches that samba makes in LDAP, so search returns might be bigger
> than you anticipate, and I'm not sure that samba can properly handle
> an RFC-compliant paged LDAP search result like OpenLDAP might return.
> I prefer using net setlocalsid and smbpasswd rather than just copying
> over an old secrets.tdb - but use tdbdump on the old one to see if
> there is anything else in there (like domain trust passwords) before
> you decide.
More information about the samba