[Samba] LDAP/Samba on RHEL6

Rumbidzayi Gadhula rumbiles at gmail.com
Mon Oct 17 10:37:53 MDT 2011 

Hello

have configured samba to authenticate with an LDAP backend everything works
fine including testing the configuration files until I start the net sam
provision.
Below is the error<http://www.tomshardware.com/forum/237835-50-samba-ldap-failing-create-domain-users-admins#>message
I get

lib/smbldap_util.c:310(smbldap_search_domain_info)
smbldap_search_domain_info: Adding domain info for XXXXX failed with
NT_STATUS_UNSUCCESSFUL
Adding the Domain Users group.
Unable to allocate a new gid to create Domain Users group!
Checking for Domain Admins group.
Adding the Domain Admins group.
Unable to allocate a new gid to create Domain Admins group!
Check for Administrator account.
Adding the Administrator user.
Can't create Administrator user, Domain Admins group not available!

I have checked the logs and I can't make sense of them (I am quie green when
it comes to LDAP and Samba). I am following the instructions from the redhat
documentation for rhel6

Below is the /var/log/messages

winbindd/idmap.c:589(idmap_alloc_init)
Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
alloc backend, deferred!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768122, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module ldap already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768198, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module tdb already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768264, 0]
winbindd/idmap.c:149(smb_register_idmap)
Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module passdb already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768328, 0]
winbindd/idmap.c:149(smb_register_idmap)
Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module nss already registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.769683, 0]
winbindd/idmap.c:589(idmap_alloc_init)
Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
alloc

See my slapd.conf and smb.conf file, which on testing both return success.

smb.conf

workgroup = UZCHS
server string = Samba Server Version %v

netbios name = uzchspdc


# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 10000

# - - - - - - - - - - - - Standalone Server Options - - - - - - - - - - - -
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = user
passdb backend = tdbsam


# - - - - - - - - - - - - Domain Members Options - - - - - - - - - - - -
#
# Security must be set to domain or ads
domain master = yes
domain logons = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldapsam:trusted = yes
ldapsam:editposix = yes
encrypt passwords = true

ldap admin dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
ldap delete dn = yes
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap suffix = dc=uzchs,dc=ac,dc=zw
ldap ssl = off

idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 5000-50000
idmap gid = 5000-50000
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://127.0.0.1/
idmap alloc config : ldap_user_dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
idmap alloc config : ldap_base_dn = ou=idmap,dc=uzchs,dc=ac,dc=zw

logon home = \\127.0.0.1\homes\%U
logon path = \\%L\%U\.win32_profile
logon drive = H:
os level = 34
preferred master = yes
preferred master = yes
wins support = yes

load printers = yes
cups options = raw

#- - - - - - - - - - - - Share Definitions - - - - - - - - - - - -

[homes]
comment = Home Directories
read only = No
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writable = no
printable = yes

# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
; comment = Network Logon Service

Below is the slapd.conf:

include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
access to *
by self write
# by users read
by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
by * read

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
,sambaPwdLastSet,sambaPwdMustChange
by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
by self write
by anonymous auth
by * none
database bdb
suffix "dc=uzchs,dc=ac,dc=zw"
checkpoint 1024 15
rootdn "cn=Manager,dc=uzchs,dc=ac,dc=zw"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw redhat
directory /var/lib/ldap

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

# enable monitoring
database monitor
allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=uzchs,dc=ac,dc=zw&quo t; read
by * none
##############################

pdbedit -L -v  gives me

add_new_domain_info: failed to add domain dn=
sambaDomainName=UZCHS,dc=uzchs,dc=ac,dc=zw with: Invalid DN syntax
invalid DN
smbldap_search_domain_info: Adding domain info for UZCHS failed with
NT_STATUS_UNSUCCESSFUL.


TIA

Rumbi

More information about the samba mailing list