[Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend

Jon Detert jdetert at infinityhealthcare.com
Tue Jan 18 15:11:18 MST 2011

On Tue, Jan 18, 2011 at 3:39 PM, Alex Crow <acrow at integrafin.co.uk> wrote:
> On 18/01/11 21:08, Jon Detert wrote:
>> On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal
>> <gaiseric.vandal at gmail.com>  wrote:

-- snip --

>>>        net idmap secret MYDOMAIN  xxxx
>>>    net idmap secret alloc  xxxx
> You do *not* need this is the you are not using explicit idmap alloc, just
> the default idmap range. idmap alloc is apparently not working.

I _am_ specifying ranges via 'idmap uid' and 'idmap gid'.  I assume
that's different than what you meant by 'default idmap range'.

>> In any case, I tried the above, and got the same error for both command :
>> "The only currently supported backend is LDAP"
>> My smb.conf has a line expressly saying "idmap backend =
>> ldap:ldap://localhost".   Does smbd have to be running before running
>> the 'net idmap' commands?  If so, I'm screwed, cuz now that I fixed
>> the 'out=IDmap' typo, smbd dies immediately after trying to start it.
> You should leave the config as is.
> smbd really should not die. Are you sure smbd is not still running? Did you
> join your own domain on the PDC (eg net rpc join -S localhost)?

yes, I'm sure.  'ps -ef | grep mbd' shows just the nmbd process, not
any smbd process.  Also, the log.smbd ends with 'ERROR: failed to
setup guest info.'.

No, I did not join my own domain.  Should I have?

> I think you need to use the smbldap-tools. Once configured correctly they
> will prepopulate your LDAP tree for for you. There should be packages in the
> repos for most distros.

I'll look into that.  Centos doesn't have smbldap-tools in it's
official repos.  I imagine that someone has made rpms, though, for



More information about the samba mailing list