[Samba] Ldapsam Editposix & idmap help required
Keith
keith at scott-land.net
Tue Aug 9 05:10:15 MDT 2011
Hi, I am more or less following this tutorial Ldapsam Editposix =
http://wiki.samba.org/index.php/Ldapsam_Editposix but can't quite get my
domain to work.
I think the issue is with the idmap part of the smb.conf but can't quite
figure out what's wrong with it or what the correct format should be.
My SMB.CONF file....
#interfaces = lo0 em0 127.0.0.1
bind interfaces only = no
workgroup = GYLE
encrypt passwords = true
passdb backend = ldapsam
ldap ssl = off
security = user
local master = yes
domain master = yes
os level = 33
preferred master = yes
domain logons = yes
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap admin dn = cn=admin,dc=gyle,dc=ourdomain,dc=com
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
ldap suffix = dc=gyle,dc=ourdomain,dc=com
#idmap uid = 2000-4000
#idmap gid = 2000-4000
#idmap domains = DEFAULT
idmap config DEFAULT:backend = ldap
idmap config DEFAULT:readonly = no
idmap config DEFAULT:default = yes
idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=gyle,dc=ourdomain,dc=com
idmap config DEFAULT:ldap_user_dn = cn=admin,dc=gyle,dc=ourdomain,dc=com
idmap config DEFAULT:ldap_url = ldap://localhost
idmap config DEFAULT:range = 50000-500000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=gyle,dc=ourdomain,dc=com
idmap alloc config:ldap_user_dn = cn=admin,dc=gyle,dc=ourdomain,dc=com
idmap alloc config:ldap_url = ldap://localhost
idmap alloc config:range = 50000-500000
I've commented out the line "idmap domains = DEFAULT" as if it don't
then I get lots of warnings.
So If I start up my ldap server and import an basic schema, then do the
following.....
# smbpasswd -w secret
Setting stored password for "cn=admin,dc=gyle,dc=ourdomain,dc=com" in
secrets.tdb
#net idmap secret DEFAULT secret
Secret stored
#net idmap secret alloc secret
Secret stored
# /usr/local/libexec/winbindd
# net sam provision
Checking for Domain Users group.
Adding the Domain Users group.
Unable to allocate a new gid to create Domain Users group!
Checking for Domain Admins group.
Adding the Domain Admins group.
Unable to allocate a new gid to create Domain Admins group!
Check for Administrator account.
Adding the Administrator user.
Can't create Administrator user, Domain Admins group not available!
#cat log.winbindd-idmap
[2011/08/09 12:00:25.850065, 1]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap_ldap.c:268(idmap_ldap_alloc_init)
idmap uid or idmap gid missing
[2011/08/09 12:00:25.850452, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend, deferred!
[2011/08/09 12:00:25.852415, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module ldap already registered!
[2011/08/09 12:00:25.852698, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/08/09 12:00:25.852769, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/08/09 12:00:25.852828, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/08/09 12:00:25.852915, 1]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap_ldap.c:268(idmap_ldap_alloc_init)
idmap uid or idmap gid missing
[2011/08/09 12:00:25.852945, 0]
/usr/obj/ports/samba-3.5.6-ldap/samba-3.5.6/source3/winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend, deferred!
If anyone can help then it would really be appreciated. Thanks for reading.
Oh yeah this is all being done on an OpenBSD 4.9 server running their
ldapd server.
Keith
More information about the samba
mailing list