[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

Fri Aug 5 01:51:27 MDT 2011

Am 04.08.2011 12:09, schrieb J. Echter:
> Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu:
>> From: "J. Echter"<j.echter at elektro-mayer-echter.de>
>> Date: Tue, 02 Aug 2011 14:12:05 +0200
>>
>>> I thought im done setting domain to WORKGROUP, as its set in 
>>> smbldap.conf.
>>>
>>> I don't get why smbldap tools thinks im on a domain called BDC.
>>>
>>> Would it help if i post some output from pdbedit or stuff like that? I
>>> really don't get where this error comes from.
>> Have you set the SID same as PDC on BDC? For example
>>
>> -----
>> bdc# net rpc getsid
>> Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain 
>> DomanName in secrets.tdb
>> -----
>>
>> Remembet that before running the command, you have to set smb.conf
>> correctly as BDC.
>>
>>> here's the conf of my testing smb machine:
>>>
>>> [global]
>>> domain master = no
>>> domain logons = no
>>> passdb backend = ldapsam:ldap://mule
>>> idmap backend = ldap:ldap://mule
>>> idmap uid = 10000-15000
>>> idmap gid = 10000-15000
>> You have to set "domain logons = yes" to make this machine act as BDC.
>>
>> And are you running Winbind? If not, idmap backend/uid/gid does not mean
>> anything.
>>
>>> there's something wrong with my config... the successful logins are 
>>> only
>>> able because the users are already there as local unix accounts.
>>>
>>> i created a new user 'test' and this one can't even login.
>> Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf
>>
>> "getent passwd<a-user-created-on-PDC>" on BDC shows his entry?
>>
>> ---
>> TAKAHASHI Motonobu<monyo at samba.gr.jp>
>>
>>
> ok, im sorry. im stupid. i overlooked that i disabled domain logons... 
> now its showing the right domain with pdbedit -v
>
> thanks a lot.
>
> now im trying to logon again...
>
> cheers.
so,

i now have nsswitch, ldap and samba working... almost :)

i added an test user, and created a testshare with valid users = test

pdbedit -v test (all on bdc, users created on pdc)

Unix username:        test
NT username:          test
Account Flags:        [U          ]
User SID:             S-1-5-21-3842863818-2180709222-141296495-3178
Primary Group SID:    S-1-5-21-3842863818-2180709222-141296495-513
Full Name:            test
Home Directory:       \\mule\test
HomeDir Drive:        H:
Logon Script:         test.bat
Profile Path:         \\mule\profile\test
Domain:               WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Fr, 05 Aug 2011 08:49:26 CEST
Password can change:  Fr, 05 Aug 2011 08:49:26 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

getent passwd:

test:x:1089:513:System User:/home/test:/bin/false

getent group:

Domain Admins:*:512:Administrator
Domain Users:*:513:
Domain Guests:*:514:
Domain Computers:*:515:

if i try to access the share, windows xp keeps asking for my password.

/var/log/samba/log.smbd tells me:

   pdb_get_group_sid: Failed to find Unix account for test
[2011/08/05 09:44:02,  0] auth/auth_sam.c:355(check_sam_security)
   check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'

whats wrong now?

thanks for helping me. still lost.