[Samba] LDAP/Samba on RHEL6
Rumbidzayi Gadhula
rumbiles at gmail.com
Thu Oct 20 10:41:18 MDT 2011
Thank you Daniel
That statement was commented out in the actual file and I am using ldapsam.
however i still get the same error in /var/log/messages when I run winbind.
The winbind starts and runs but my /var/log/messages gives me
smbldap_search_domain_info: Adding domain info for UZCHS failed with
NT_STATUS_UNSUCCESSFUL
On 20 October 2011 08:04, Daniel Müller <mueller at tropenklinik.de> wrote:
> passdb backend = tdbsam?
> Should be ldapsam?!
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> Im
> Auftrag von Rumbidzayi Gadhula
> Gesendet: Montag, 17. Oktober 2011 18:38
> An: samba at samba.org
> Betreff: [Samba] LDAP/Samba on RHEL6
>
> Hello
>
> have configured samba to authenticate with an LDAP backend everything works
> fine including testing the configuration files until I start the net sam
> provision.
> Below is the
> error<
> http://www.tomshardware.com/forum/237835-50-samba-ldap-failing-create-
> domain-users-admins#>message
> I get
>
> lib/smbldap_util.c:310(smbldap_search_domain_info)
> smbldap_search_domain_info: Adding domain info for XXXXX failed with
> NT_STATUS_UNSUCCESSFUL
> Adding the Domain Users group.
> Unable to allocate a new gid to create Domain Users group!
> Checking for Domain Admins group.
> Adding the Domain Admins group.
> Unable to allocate a new gid to create Domain Admins group!
> Check for Administrator account.
> Adding the Administrator user.
> Can't create Administrator user, Domain Admins group not available!
>
> I have checked the logs and I can't make sense of them (I am quie green
> when
> it comes to LDAP and Samba). I am following the instructions from the
> redhat
> documentation for rhel6
>
> Below is the /var/log/messages
>
> winbindd/idmap.c:589(idmap_alloc_init)
> Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
> alloc backend, deferred!
> Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768122, 0]
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module ldap already
> registered!
> Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768198, 0]
> winbindd/idmap.c:201(smb_register_idmap_alloc)
> Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module tdb already
> registered!
> Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768264, 0]
> winbindd/idmap.c:149(smb_register_idmap)
> Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module passdb already
> registered!
> Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768328, 0]
> winbindd/idmap.c:149(smb_register_idmap)
> Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module nss already
> registered!
> Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.769683, 0]
> winbindd/idmap.c:589(idmap_alloc_init)
> Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for
> alloc
>
> See my slapd.conf and smb.conf file, which on testing both return success.
>
> smb.conf
>
> workgroup = UZCHS
> server string = Samba Server Version %v
>
> netbios name = uzchspdc
>
>
> # logs split per machine
> log file = /var/log/samba/log.%m
> # max 50KB per log file, then rotate
> max log size = 10000
>
> # - - - - - - - - - - - - Standalone Server Options - - - - - - - - - - - -
> #
> # Security can be set to user, share(deprecated) or server(deprecated)
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>
> security = user
> passdb backend = tdbsam
>
>
> # - - - - - - - - - - - - Domain Members Options - - - - - - - - - - - -
> #
> # Security must be set to domain or ads
> domain master = yes
> domain logons = yes
> passdb backend = ldapsam:ldap://127.0.0.1/
> ldapsam:trusted = yes
> ldapsam:editposix = yes
> encrypt passwords = true
>
> ldap admin dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
> ldap delete dn = yes
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=idmap
> ldap suffix = dc=uzchs,dc=ac,dc=zw
> ldap ssl = off
>
> idmap backend = ldap:ldap://127.0.0.1/
> idmap uid = 5000-50000
> idmap gid = 5000-50000
> idmap alloc backend = ldap
> idmap alloc config : ldap_url = ldap://127.0.0.1/
> idmap alloc config : ldap_user_dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw
> idmap alloc config : ldap_base_dn = ou=idmap,dc=uzchs,dc=ac,dc=zw
>
> logon home = \\127.0.0.1\homes\%U
> logon path = \\%L\%U\.win32_profile
> logon drive = H:
> os level = 34
> preferred master = yes
> preferred master = yes
> wins support = yes
>
> load printers = yes
> cups options = raw
>
> #- - - - - - - - - - - - Share Definitions - - - - - - - - - - - -
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = no
> writable = yes
> ; valid users = %S
> ; valid users = MYDOMAIN\%S
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> ; guest ok = no
> ; writable = no
> printable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
> ; comment = Network Logon Service
>
> Below is the slapd.conf:
>
> include /etc/openldap/schema/corba.schema
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/duaconf.schema
> include /etc/openldap/schema/dyngroup.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/java.schema
> include /etc/openldap/schema/misc.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/openldap.schema
> include /etc/openldap/schema/ppolicy.schema
> include /etc/openldap/schema/collective.schema
> include /etc/openldap/schema/samba.schema
>
> # Allow LDAPv2 client connections. This is NOT the default.
> allow bind_v2
> access to *
> by self write
> # by users read
> by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
> by * read
>
> access to attrs=userPassword,sambaLMPassword,sambaNTPassword
> ,sambaPwdLastSet,sambaPwdMustChange
> by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write
> by self write
> by anonymous auth
> by * none
> database bdb
> suffix "dc=uzchs,dc=ac,dc=zw"
> checkpoint 1024 15
> rootdn "cn=Manager,dc=uzchs,dc=ac,dc=zw"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw redhat
> directory /var/lib/ldap
>
> # Indices to maintain for this database
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
>
> # enable monitoring
> database monitor
> allow onlu rootdn to read the monitor
> access to *
> by dn.exact="cn=Manager,dc=uzchs,dc=ac,dc=zw&quo t; read
> by * none
> ##############################
>
> pdbedit -L -v gives me
>
> add_new_domain_info: failed to add domain dn=
> sambaDomainName=UZCHS,dc=uzchs,dc=ac,dc=zw with: Invalid DN syntax
> invalid DN
> smbldap_search_domain_info: Adding domain info for UZCHS failed with
> NT_STATUS_UNSUCCESSFUL.
>
>
> TIA
>
> Rumbi
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
*Senior Systems Administrator
UZCHS- NECTAR
Ward C10, Parirenyatwa Hospital
Mazoe St, Avondale
Harare
Tel: +263772 148 889/890 x 320
Cell:0772588210*
More information about the samba
mailing list