[Samba] idmap problem
Tamás Pisch
pischta at gmail.com
Wed Jul 15 04:11:25 MDT 2009
Hi,
I configured a SaMBa PDC and a BDC with a master and a slave OpenLDAP. I set
up TLS, because I wanted secure syncrepl. Slapd runs with -h ldap://
127.0.0.1/ ldaps.///.
I successfully joined an XP client to the servers' domain, I see shares (but
I havent logged in as a domain user, because I have to create a default
profile first).
My problem is in the log.winbindd-idmap log file:
[2009/07/15 09:24:23, 1] winbindd/idmap.c:idmap_init(385)
Initializing idmap domains
[2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(396)
idmap_init: Ignoring domain MYDOMAIN
[2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(549)
ERROR: Could not get methods for backend ldapsam
[2009/07/15 09:24:23, 0] winbindd/idmap.c:idmap_init(801)
Aborting IDMAP Initialization ...
smb.conf:
netbios name = SRV3
dos charset = CP852
unix charset = UTF8
workgroup = MYDOMAIN
interfaces = 127.0.0.0/8, eth0
bind interfaces only = Yes
passdb backend = ldapsam:"ldap://127.0.0.1:389"
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/username.map
unix password sync = Yes
log level = 1 idmap:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
name resolve order = wins host bcast
time server = Yes
.
.
.
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=adm,dc=mydomain,dc=site
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=site
ldap user suffix = ou=People
eventlog list = Security, Application, Syslog
usershare max shares = 0
usershare path = /home/samba/usershares
panic action = /usr/share/samba/panic-action %d
idmap backend = ldapsam:ldap://127.0.0.1:389
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
veto oplock files = /*.pdf/*.pst/
/etc/ldap/ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=site
logdir /var/lib/ldap/log
TLS_REQCERT hard
TLS_CACERT /etc/ssl/certs/cacert.pem
slapd.conf:
#######################################################################
# Global Directives:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel conns stats filter
idletimeout 30
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
sizelimit unlimited
tool-threads 1
TLSCertificateFile /etc/ssl/certs/srv3cert.pem
TLSCertificateKeyFile /etc/ssl/private/srv3key.pem
TLSCACertificateFile /etc/ssl/certs/cacert.pem
TLSVerifyClient never
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
database hdb
suffix "dc=mydomain,dc=site"
rootdn "cn=adm,dc=mydomain,dc=site"
rootpw {SSHA}.......
directory "/var/lib/ldap"
dbconfig set_cachesize 0 100000000 1
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_regionmax 262144
dbconfig set_lg_bsize 524288
dbconfig set_lg_dir /var/lib/ldap/log
dbconfig set_flags DB_LOG_AUTOREMOVE
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index sambaSIDList eq
index sambaGroupType eq
index entryCSN,entryUUID eq
lastmod on
checkpoint 512 30
access to *
by dn.exact="cn=replicator,dc=mydomain,dc=site" tls_ssf=128 read
by * break
access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdCanChange
by dn="cn=admin,dc=mydomain,dc=site" write
by dn="cn=replicator,dc=mydomain,dc=site" read
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=mydomain,dc=site" write
by dn="cn=replicator,dc=mydomain,dc=site" read
by self write
by * read
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
libnss-ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=site
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
nss_base_passwd ou=People,dc=mydomain,dc=site?one
nss_base_shadow ou=People,dc=mydomain,dc=site?one
nss_base_group ou=Groups,dc=mydomain,dc=site?one
logdir /var/lib/ldap/log
ldap_version 3
rootbinddn cn=adm,dc=mydomain,dc=site
port 389
pam_password exop
ssl off
Thanks,
Tamas.
More information about the samba
mailing list