[Samba] confusion and problem with Samba v3.3.8 as PDC with ldapsam backend
Jon Detert
jdetert at infinityhealthcare.com
Tue Jan 18 16:17:25 MST 2011
On Tue, Jan 18, 2011 at 4:24 PM, Gaiseric Vandal
<gaiseric.vandal at gmail.com> wrote:
> Run the following command- and make sure that that the guest account is
> mapping to a real unix account.
>
> #testparm -v | grep "guest account"
it is mapping to 'nobody', which looks like this:
# getent passwd nobody
nobody:x:99:99:Nobody:/:/sbin/nologin
#
> On 01/18/2011 05:11 PM, Jon Detert wrote:
>>
>> On Tue, Jan 18, 2011 at 3:39 PM, Alex Crow<acrow at integrafin.co.uk> wrote:
>>
>>>
>>> On 18/01/11 21:08, Jon Detert wrote:
>>>
>>>>
>>>> On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal
>>>> <gaiseric.vandal at gmail.com> wrote:
>>>>
>>
>> -- snip --
>>
>>
>>>>>
>>>>> net idmap secret MYDOMAIN xxxx
>>>>> net idmap secret alloc xxxx
>>>>>
>>>
>>> You do *not* need this is the you are not using explicit idmap alloc,
>>> just
>>> the default idmap range. idmap alloc is apparently not working.
>>>
>>
>> I _am_ specifying ranges via 'idmap uid' and 'idmap gid'. I assume
>> that's different than what you meant by 'default idmap range'.
>>
>>
>>
>>>>
>>>> In any case, I tried the above, and got the same error for both command
>>>> :
>>>>
>>>> "The only currently supported backend is LDAP"
>>>>
>>>> My smb.conf has a line expressly saying "idmap backend =
>>>> ldap:ldap://localhost". Does smbd have to be running before running
>>>> the 'net idmap' commands? If so, I'm screwed, cuz now that I fixed
>>>> the 'out=IDmap' typo, smbd dies immediately after trying to start it.
>>>>
>>>
>>> You should leave the config as is.
>>>
>>> smbd really should not die. Are you sure smbd is not still running? Did
>>> you
>>> join your own domain on the PDC (eg net rpc join -S localhost)?
>>>
>>
>> yes, I'm sure. 'ps -ef | grep mbd' shows just the nmbd process, not
>> any smbd process. Also, the log.smbd ends with 'ERROR: failed to
>> setup guest info.'.
>>
>> No, I did not join my own domain. Should I have?
>>
>>
>>
>>>
>>> I think you need to use the smbldap-tools. Once configured correctly they
>>> will prepopulate your LDAP tree for for you. There should be packages in
>>> the
>>> repos for most distros.
>>>
>>
>> I'll look into that. Centos doesn't have smbldap-tools in it's
>> official repos. I imagine that someone has made rpms, though, for
>> centos.
>>
>> Thanks,
>>
>> Jon
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list