[Samba] LDAP/Samba on RHEL6
Daniel Müller
mueller at tropenklinik.de
Thu Oct 20 00:04:30 MDT 2011
passdb backend = tdbsam?
Should be ldapsam?!
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rumbidzayi Gadhula
Gesendet: Montag, 17. Oktober 2011 18:38
An: samba at samba.org
Betreff: [Samba] LDAP/Samba on RHEL6
Hello
have configured samba to authenticate with an LDAP backend everything works
fine including testing the configuration files until I start the net sam
provision.
Below is the
error<http://www.tomshardware.com/forum/237835-50-samba-ldap-failing-create-
domain-users-admins#>message
I get
lib/smbldap_util.c:310(smbldap_search_domain_info)
smbldap_search_domain_info: Adding domain info for XXXXX failed with
NT_STATUS_UNSUCCESSFUL
Adding the Domain Users group.
Unable to allocate a new gid to create Domain Users group!
Checking for Domain Admins group.
Adding the Domain Admins group.
Unable to allocate a new gid to create Domain Admins group!
Check for Administrator account.
Adding the Administrator user.
Can't create Administrator user, Domain Admins group not available!
I have checked the logs and I can't make sense of them (I am quie green when
it comes to LDAP and Samba). I am following the instructions from the redhat
documentation for rhel6
Below is the /var/log/messages
winbindd/idmap.c:589(idmap_alloc_init)
Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
alloc backend, deferred!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768122, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module ldap already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768198, 0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module tdb already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768264, 0]
winbindd/idmap.c:149(smb_register_idmap)
Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module passdb already
registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768328, 0]
winbindd/idmap.c:149(smb_register_idmap)
Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module nss already registered!
Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.769683, 0]
winbindd/idmap.c:589(idmap_alloc_init)
Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
alloc
See my slapd.conf and smb.conf file, which on testing both return success.
smb.conf
workgroup = UZCHS
server string = Samba Server Version %v
netbios name = uzchspdc
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 10000
# - - - - - - - - - - - - Standalone Server Options - - - - - - - - - - - -
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = user
passdb backend = tdbsam
# - - - - - - - - - - - - Domain Members Options - - - - - - - - - - - -
#
# Security must be set to domain or ads
domain master = yes
domain logons = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldapsam:trusted = yes
ldapsam:editposix = yes
encrypt passwords = true
ldap admin dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
ldap delete dn = yes
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap suffix = dc=uzchs,dc=ac,dc=zw
ldap ssl = off
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 5000-50000
idmap gid = 5000-50000
idmap alloc backend = ldap
idmap alloc config : ldap_url = ldap://127.0.0.1/
idmap alloc config : ldap_user_dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
idmap alloc config : ldap_base_dn = ou=idmap,dc=uzchs,dc=ac,dc=zw
logon home = \\127.0.0.1\homes\%U
logon path = \\%L\%U\.win32_profile
logon drive = H:
os level = 34
preferred master = yes
preferred master = yes
wins support = yes
load printers = yes
cups options = raw
#- - - - - - - - - - - - Share Definitions - - - - - - - - - - - -
[homes]
comment = Home Directories
read only = No
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writable = no
printable = yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
; comment = Network Logon Service
Below is the slapd.conf:
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
access to *
by self write
# by users read
by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
by * read
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
,sambaPwdLastSet,sambaPwdMustChange
by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
by self write
by anonymous auth
by * none
database bdb
suffix "dc=uzchs,dc=ac,dc=zw"
checkpoint 1024 15
rootdn "cn=Manager,dc=uzchs,dc=ac,dc=zw"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw redhat
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# enable monitoring
database monitor
allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=uzchs,dc=ac,dc=zw&quo t; read
by * none
##############################
pdbedit -L -v gives me
add_new_domain_info: failed to add domain dn=
sambaDomainName=UZCHS,dc=uzchs,dc=ac,dc=zw with: Invalid DN syntax
invalid DN
smbldap_search_domain_info: Adding domain info for UZCHS failed with
NT_STATUS_UNSUCCESSFUL.
TIA
Rumbi
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list