[Samba] OpenLDAP integration

Peter Van den Wildenbergh peter at srecengineering.com
Wed Nov 12 15:29:56 GMT 2008


Brad Nielsen wrote:
> I've followed the OpenLDAP + SAMBA Domain Controller tutorial
> step-by-step: http://ubuntuforums.org/showthread.php?t=640760
>
> And after long hours, and enless googling, I've yet to find a solution.
>
> LDAP works great
> SAMBA works great.
>
> But the intergration between them don't work.
>
> Here is the samba log:
> root:/etc# tail /var/log/samba/log.smbd
>   smbd version 3.0.28a started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2008
> [2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_administrators(792)
>   create_builtin_administrators: Failed to create Administrators
> [2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_users(758)
>   create_builtin_users: Failed to create Users
> [2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_administrators(792)
>   create_builtin_administrators: Failed to create Administrators
> [2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_users(758)
>   create_builtin_users: Failed to create Users
>
> I've tried to "net groupmap" the group's, but they've already been
> mapped, and still no luck.
>
> I'm running Ubuntu 8.04, samba version 3.0.28a-1ubuntu4.5
>
> When i try to access the share from the local machine with smbclient, I get:
> root:/etc# smbclient //hostname/Storage -U ricky
> Password:
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> (Note: I renamed "hostname" with the original hostname, i don't want
> to post any internal info.)
>
> And if I do a ldapsearch, it brings up all of the right information.
>
> My LDAP configuration in the smb.conf looks like this:
>
>         passdb backend = ldapsam:ldap://localhost/
>
>         ldap admin dn = cn=admin,dc=domain,dc=com
>         ldap user suffix = ou=Users
>         ldap suffix = dc=domain,dc=com
>         ldap idmap suffix = ou=Users
>         ldap passwd sync = Yes
>         ldap delete dn = Yes
>         ldap machine suffix = ou=Computers
>         ldap group suffix = ou=Groups
>
> (Note: I renamed "domain com" with the original domain, I don't want
> to post any internal info.)
>
> I've double, triple, quad triple, and had someone else look at it, and
> we are not seeing what could be going wrong.
>
> If there is anyone who can shine some light on this, it'd be greatly
> appreciated!
>
> Thanks!
>
> - Bradley
>   
Looks like you are hitting the same stone-wall I encountered couple days 
ago.

Try creating a user using -m and not -a

This is what I use:
smbldap-useradd -c "${fname} ${lname}" -M ${email} -N ${fname} -S 
${lname} -A 1 -a -D H: -E allusers.bat -m -d "/data/home/${uid}" ${uid}

Let me know if that fixes it, because I did 'a lot' trying to get this 
going and I am still not 100% convinced that this is the solution that 
does it all...



Regards

Peter

-- 

Peter Van den Wildenbergh
Owner & Principal I.T. Consultant
meta-logica
13 Cimarron Meadows Close
Okotoks   AB   T1S 1T5

SREC office
E-mail : peter at srecengineering.com
Phone  : 403.984.9591 (ext. 591)

meta-logica office
E-mail : peter at meta-logica.com
Web    : www.meta-logica.com
Phone  : (403) 478-META [6382]




More information about the samba mailing list