[Samba] using ldap only idmap
Mariano Absatz
el.baby at gmail.com
Sun Oct 18 04:22:01 MDT 2009
Can anyone help me on this? I'm really stuck...
On Thu, Oct 15, 2009 at 16:58, Mariano Absatz <el.baby at gmail.com> wrote:
> Hi,
>
> I'm trying to make a "pure ldap" setup, whereas users, groups, id mappings
> and everything that is supported with LDAP be in the LDAP tree and managed
> directly by samba.
>
> That is, I'm using:
>
> ldapsam:trusted = yes
> ldapsam:editposix = yes
>
> And NOT using smbldap-*.
>
> My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC
>
> I created the LDAP tree root (o=midominio) and all its branches (ou=people;
> ou=groups; ou= hosts and ou=idmap).
>
> I ran "net sam provision" to fill in the basic values.
>
> I stored the secrets in secrets.tdb:
> # smbpasswd -w ldap_admin_password
> # net idmap secret midominio ldap_admin_password
> # net idmap secret alloc ldap_admin_password
>
> I was able to join a samba server to the domain (net rpc join -S miserver
> -UAdministrator).
>
> However, when I try to join an XP host to the domain, I get an error (IIRC
> it's "An attached device is not functionning") in the workstation and the
> samba logs show the following:
>
> [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
> ldapsam_create_user: Unable to allocate a new user id: bailing out!
>
> The user I'm using to bind to the LDAP server is the LDAP administrator and
> it does have permissions on all the tree (in particular, within
> "ou=idmap,o=midominio")...
>
> I manually added an entry for the workstation's account posix data, then
> issued "smbpasswd -a workstation$"
>
> THEN I could join the domain...
>
> Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I
> can't find enough information to do it right.
>
> Any help REALLY appreciated...
--
Mariano Absatz - El Baby
www.clueless.com.ar
More information about the samba
mailing list