[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

J. Echter j.echter at elektro-mayer-echter.de
Tue Aug 2 06:12:05 MDT 2011


Am 02.08.2011 14:06, schrieb Julien Celle:
> First of all, there is a problem between your samba conf and the 
> output of pdbedit : your server netbios name is defined in your 
> smb.conf as 'BDC' and your workgroup/domain as 'workgroup' whereas the 
> pdbedit output indicates that the profile is stored on '\\pdc...' and 
> that the user is defined on the domain 'BDC'.
> Setting those correctly to the same values should help.
>
> Le 02/08/2011 13:08, J. Echter a écrit :
>> Am 25.07.2011 14:38, schrieb J. Echter:
>>> Am 22.07.2011 17:48, schrieb TAKAHASHI Motonobu:
>>>> From: "J. Echter"<j.echter at elektro-mayer-echter.de>
>>>> Date: Thu, 21 Jul 2011 08:51:25 +0200
>>>>
>>>>> Am 20.07.2011 18:08, schrieb TAKAHASHI Motonobu:
>>>>> hi,
>>>>>
>>>>> tried all your hints. still now profiles found...
>>>> Hmmmm...
>>>>
>>>> My testing environment is available at
>>>> ftp://ftp.ring.gr.jp/pub/net/samba-jp/vmware_player_images/sambapdc-squeeze-20110713.zip 
>>>>
>>>>
>>>>
>>>> In this environment,
>>>>
>>>> 1) # chmod 1777 /var/lib/samba/shares/profiles
>>>> 2) changing "hide files" and "profiles acls" same as yours
>>>> 3) # pdbedit -p \\sambapdc\profiles\username username
>>>> 4) Logging on as the user, roaming profiles is successfully created.
>>>>
>>>> I'm using "ldapsam:editposix" instead of smbldap-tools, so this may
>>>> not help you...
>>>>
>>>> ---
>>>> TAKAHASHI Motonobu<monyo at samba.gr.jp>
>>> Hi,
>>>
>>> there's something wrong with my config... the successful logins are 
>>> only
>>> able because the users are already there as local unix accounts.
>>>
>>> i created a new user 'test' and this one can't even login.
>>>
>>> something with nsswitch seems configured wrong, imho. i get an error
>>> like 'no unix account found'.
>>>
>>> i will post the details about that later, i have to wait till i can
>>> switch the smb.conf again.
>>>
>>> cheers
>>>
>>> juergen.
>> hi,
>>
>> i'm back :) but still the old problem.
>>
>> i have my tdbsam server running, i set up another samba server, without
>> domain logons.
>>
>> i added a user 'test' to my ldap db. i added this user on the main pdc
>> with smbldap-useradd
>>
>> sudo pdbedit -v test on my new test machine tells me:
>>
>> Unix username: test
>> NT username: test
>> Account Flags: [U ]
>> User SID: S-1-5-21-3842863818-2180709222-141296495-3166
>> Primary Group SID: (NULL SID)
>> Full Name: test
>> Home Directory: \\pdc\test
>> HomeDir Drive: H:
>> Logon Script: test.bat
>> Profile Path: \\pdc\profiles\test
>> Domain: BDC
>> Account desc:
>> Workstations:
>> Munged dial:
>> Logon time: 0
>> Logoff time: never
>> Kickoff time: never
>> Password last set: Fr, 22 Jul 2011 23:33:55 CEST
>> Password can change: Fr, 22 Jul 2011 23:33:55 CEST
>> Password must change: never
>> Last bad password : 0
>> Bad password count : 0
>> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>>
>> i wonder because my domain is called workgroup, not bdc. BDC is the name
>> of the machine, not the domain.
>>
>> if im using this user to logon, it isn't found.
>>
>> phpldapadmin also shows a line like:
>> sambaDomainName=BDC
>> <http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engine&server_id=1&dn=sambaDomainName%3DBDC%2Cdc%3Dworkgroup%2Cdc%3Dlocal> 
>>
>>
>> sambaDomainName=workgroup
>> <http://192.168.0.200/phpldapadmin/cmd.php?cmd=template_engine&server_id=1&dn=sambaDomainName%3Dworkgroup%2Cdc%3Dworkgroup%2Cdc%3Dlocal> 
>>
>>
>>
>> here's the conf of my testing smb machine:
>>
>> [global]
>> domain master = no
>> domain logons = no
>> passdb backend = ldapsam:ldap://mule
>> idmap backend = ldap:ldap://mule
>> idmap uid = 10000-15000
>> idmap gid = 10000-15000
>> ldap suffix = dc=workgroup,dc=local
>> ldap user suffix = ou=smb-usr
>> ldap group suffix = ou=groups
>> ldap machine suffix = ou=computers
>> ldap idmap suffix = ou=idmap
>> ldap admin dn = cn=admin,dc=workgroup,dc=local
>> ldap ssl = no
>> ldap passwd sync = yes
>>
>> printing = bsd
>> netbios name = BDC
>> server string = BDC (%h)
>> workgroup = workgroup
>> interfaces = eth0,lo
>> security = user
>> encrypt passwords = true
>> map to guest = bad user
>> guest account = nobody
>> logon path = \\pdc\profile\%U
>> logon script = %U.bat
>> logon drive = H:
>> panic action = /usr/share/samba/panic-action %d
>>
>> my smbldap config is the following:
>>
>> sambaDomain="workgroup"
>> suffix="dc=workgroup,dc=local"
>> userProfile="\\pdc\profiles\%U"
>>
>> nsswitch.conf:
>>
>>
>> passwd: files ldap
>> shadow: files ldap
>> group: files ldap
>>
>> hosts: files wins dns
>> networks: files dns
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: nis
>>
>> i hope somebody can tell me whats going on. i'm completely lost since a
>> while :)
>>
>> thanks a nice day to all.
>>
>> juergen.
>
>
Hi,

my PDC has netbios name PDC and domain WORKGROUP, this one works (but 
not with LDAP)

i setup this box called BDC (i want to integrate it as BDC later on)

I thought im done setting domain to WORKGROUP, as its set in smbldap.conf.

I don't get why smbldap tools thinks im on a domain called BDC.

Would it help if i post some output from pdbedit or stuff like that? I 
really don't get where this error comes from.

thanks for helping

greetings

juergen.


More information about the samba mailing list