[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
J. Echter
j.echter at elektro-mayer-echter.de
Fri Aug 5 01:51:27 MDT 2011
Am 04.08.2011 12:09, schrieb J. Echter:
> Am 03.08.2011 18:43, schrieb TAKAHASHI Motonobu:
>> From: "J. Echter"<j.echter at elektro-mayer-echter.de>
>> Date: Tue, 02 Aug 2011 14:12:05 +0200
>>
>>> I thought im done setting domain to WORKGROUP, as its set in
>>> smbldap.conf.
>>>
>>> I don't get why smbldap tools thinks im on a domain called BDC.
>>>
>>> Would it help if i post some output from pdbedit or stuff like that? I
>>> really don't get where this error comes from.
>> Have you set the SID same as PDC on BDC? For example
>>
>> -----
>> bdc# net rpc getsid
>> Storing SID S-1-5-21-2535719703-1779805756-2758924810 for Domain
>> DomanName in secrets.tdb
>> -----
>>
>> Remembet that before running the command, you have to set smb.conf
>> correctly as BDC.
>>
>>> here's the conf of my testing smb machine:
>>>
>>> [global]
>>> domain master = no
>>> domain logons = no
>>> passdb backend = ldapsam:ldap://mule
>>> idmap backend = ldap:ldap://mule
>>> idmap uid = 10000-15000
>>> idmap gid = 10000-15000
>> You have to set "domain logons = yes" to make this machine act as BDC.
>>
>> And are you running Winbind? If not, idmap backend/uid/gid does not mean
>> anything.
>>
>>> there's something wrong with my config... the successful logins are
>>> only
>>> able because the users are already there as local unix accounts.
>>>
>>> i created a new user 'test' and this one can't even login.
>> Have you correctly set nss-ldap on BDC? For example /etc/nss_ldap.conf
>>
>> "getent passwd<a-user-created-on-PDC>" on BDC shows his entry?
>>
>> ---
>> TAKAHASHI Motonobu<monyo at samba.gr.jp>
>>
>>
> ok, im sorry. im stupid. i overlooked that i disabled domain logons...
> now its showing the right domain with pdbedit -v
>
> thanks a lot.
>
> now im trying to logon again...
>
> cheers.
so,
i now have nsswitch, ldap and samba working... almost :)
i added an test user, and created a testshare with valid users = test
pdbedit -v test (all on bdc, users created on pdc)
Unix username: test
NT username: test
Account Flags: [U ]
User SID: S-1-5-21-3842863818-2180709222-141296495-3178
Primary Group SID: S-1-5-21-3842863818-2180709222-141296495-513
Full Name: test
Home Directory: \\mule\test
HomeDir Drive: H:
Logon Script: test.bat
Profile Path: \\mule\profile\test
Domain: WORKGROUP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fr, 05 Aug 2011 08:49:26 CEST
Password can change: Fr, 05 Aug 2011 08:49:26 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
getent passwd:
test:x:1089:513:System User:/home/test:/bin/false
getent group:
Domain Admins:*:512:Administrator
Domain Users:*:513:
Domain Guests:*:514:
Domain Computers:*:515:
if i try to access the share, windows xp keeps asking for my password.
/var/log/samba/log.smbd tells me:
pdb_get_group_sid: Failed to find Unix account for test
[2011/08/05 09:44:02, 0] auth/auth_sam.c:355(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
whats wrong now?
thanks for helping me. still lost.
More information about the samba
mailing list