[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

J. Echter j.echter at elektro-mayer-echter.de
Tue Aug 2 05:08:46 MDT 2011

Am 25.07.2011 14:38, schrieb J. Echter:
> Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu:
>> From: "J. Echter"<j.echter at elektro-mayer-echter.de>
>> Date: Thu, 21 Jul 2011 08:51:25 +0200
>>> Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu:
>>> hi,
>>> tried all your hints. still now profiles found...
>> Hmmmm...
>> My testing environment is available at
>>    ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip
>> In this environment,
>> 1) # chmod 1777 /var/lib/samba/shares/profiles
>> 2) changing "hide files" and "profiles acls" same as yours
>> 3) # pdbedit -p \\sambapdc\profiles\username username
>> 4) Logging on as the user, roaming profiles is successfully created.
>> I'm using "ldapsam:editposix" instead of smbldap-tools, so this may
>> not help you...
>> ---
>> TAKAHASHI Motonobu<monyo at samba.gr.jp>
> Hi,
> there's something wrong with my config... the successful logins are only
> able because the users are already there as local unix accounts.
> i created a new user 'test' and this one can't even login.
> something with nsswitch seems configured wrong, imho. i get an error
> like 'no unix account found'.
> i will post the details about that later, i have to wait till i can
> switch the smb.conf again.
> cheers
> juergen.

i'm back :) but still the old problem.

i have my tdbsam server running, i set up another samba server, without 
domain logons.

i added a user 'test' to my ldap db. i added this user on the main pdc 
with smbldap-useradd

sudo pdbedit -v test on my new test machine tells me:

Unix username:        test
NT username:          test
Account Flags:        [U          ]
User SID:             S-1-5-21-3842863818-2180709222-141296495-3166
Primary Group SID:    (NULL SID)
Full Name:            test
Home Directory:       \\pdc\test
HomeDir Drive:        H:
Logon Script:         test.bat
Profile Path:         \\pdc\profiles\test
Domain:               BDC
Account desc:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Fr, 22 Jul 2011 23:33:55 CEST
Password can change:  Fr, 22 Jul 2011 23:33:55 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0

i wonder because my domain is called workgroup, not bdc. BDC is the name 
of the machine, not the domain.

if im using this user to logon, it isn't found.

phpldapadmin also shows a line like:

here's the conf of my testing smb machine:

    domain master = no
    domain logons = no
    passdb backend = ldapsam:ldap://mule
    idmap backend = ldap:ldap://mule
    idmap uid = 10000-15000
    idmap gid = 10000-15000
    ldap suffix = dc=workgroup,dc=local
    ldap user suffix = ou=smb-usr
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap idmap suffix = ou=idmap
    ldap admin dn = cn=admin,dc=workgroup,dc=local
    ldap ssl = no
    ldap passwd sync = yes

    printing = bsd
    netbios name = BDC
    server string = BDC (%h)
    workgroup = workgroup
    interfaces = eth0,lo
    security = user
    encrypt passwords = true
    map to guest = bad user
    guest account = nobody
    logon path = \\pdc\profile\%U
    logon script = %U.bat
    logon drive = H:
    panic action = /usr/share/samba/panic-action %d

my smbldap config is the following:



passwd:         files ldap
shadow:         files ldap
group:          files ldap

hosts:          files wins dns
networks:       files dns

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

i hope somebody can tell me whats going on. i'm completely lost since a 
while :)

thanks a nice day to all.


More information about the samba mailing list