[Samba] LDAP configuration problems. How to debug?
Michael Zoet
Michael.Zoet at zoet.de
Wed Feb 25 16:26:50 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I'm trying to combine my LDAP Server (workin Unix authentication) with
SAMBA on an Ubuntu Hardy system.
For now I have a smb.conf and followed the steps in
http://download.gna.org/smbldap-tools/docs/samba-ldap-howto/. I had to
do some modifications beacause my LDAP DIT is not empty. So I had to
adapt the changes smbldap-populate would to by hand. (created my own
LDIF file for that.
Now when I start samba ( /etc/init.d/samba start ) smbd writes
[2009/02/25 17:05:43, 0] smbd/server.c:main(944)
smbd version 3.0.28a started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/02/25 17:05:43, 0]
auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2009/02/25 17:05:43, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/02/25 17:05:43, 0]
auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2009/02/25 17:05:43, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/02/25 17:05:43, 0] services/services_db.c:svcctl_init_keys(420)
svcctl_init_keys: key lookup failed! (WERR_ACCESS_DENIED)
[2009/02/25 17:05:43, 0]
auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2009/02/25 17:05:43, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/02/25 17:05:43, 0] smbd/server.c:main(1059)
ERROR: failed to setup guest info.
into log.smbd. After that smbd exits...
Can someone explain to me what smbd wants to tell me? There must be
something missing !? I really like to fix the problem but I have no
idea how to further debug this.
Kind regards,
Michael
here the contents of my smb.conf:
# Global parameters
[global]
workgroup = EXAMPLE.COM
netbios name = hera
enable privileges = yes
interfaces = 10.10.10.10
username map = /etc/samba/smbusers
server string = Samba Server %v
security = user
encrypt passwords = Yes
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /usr/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n
"*Retype new password*" %n\n"
ldap passwd sync = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
#Dos charset = 850
#Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://hercules/"
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=smbManager,dc=example,dc=com
ldap suffix = dc=example,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap idmap suffix = ou=Users
#ldap ssl = start tls
ldap ssl = Off
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
# printers configuration
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the
profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[homes]
comment = Home Share %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
[netlogon]
path = /home/samba/netlogon
browseable = No
read only = yes
[profiles]
path = /home/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
[printers]
comment = Network Printers
guest ok = yes
printable = yes
path = /home/samba/spool
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
[print$]
path = /home/samba/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
[PUB]
comment = Data Share
path = /pub
browseable = Yes
guest ok = Yes
read only = No
directory mask = 0775
create mask = 0664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJpXFJBvfZ5167qr8RAiPAAJ0YInwr4+/9QErXICCcZmLjQV32bQCfeWbG
djJ6VRIPrJRjzcZVSbRqtCc=
=yvdq
-----END PGP SIGNATURE-----
More information about the samba
mailing list