[Samba] Samba4 binding LDAP Server
walk2sun at arcor.de
Tue Jun 3 04:57:59 MDT 2014
> On Mon, 2014-06-02 at 21:14 +0200, Harry Jede wrote:
> > On 20:57:58 wrote steve:
> > > On Mon, 2014-06-02 at 20:05 +0200, Harry Jede wrote:
> > > > On 19:41:51 wrote steve:
> > > > > On Mon, 2014-06-02 at 18:55 +0200, Harry Jede wrote:
> > > > > > Am Montag, 2. Juni 2014 schrieb Danilo Mussolini:
> > > > > >
> > > > > > Two errors:
> > > > > > 1. The sid from cn=mussolini,ou=groups,dc=o2pos,dc=com does
> > > > > > not match your sambadomainsid. So this group is never used
> > > > > > by your samba server.
> > > > > >
> > > > > > 2. No groupmapping for group o2pos. This group is ignored
> > > > > > by samba.
> > > > > >
> > > > > > > > > > > Just to remember, this only happens in Samba4.
> > > > >
> > > > > Are you sure that this is the same db as you used for samba3?
> > > > > e.g. before any upgrade?
> > > >
> > > > What upgrade? He is using samba in classic mode. No need to
> > > > upgrade schema.
> > >
> > > Eh? Who said anything about schema?
> > You are asking about the db. What db?
> > > > In classic mode one *must* use samba3 schema. AD schema is
> > > >
> > > > unknown, no support for rfc2307bis, member/uniqemember just
> > > > memberuid, and so on...
> > >
> > > How about the supposition that the OP upgraded to Samba4? We use
> > > the term upgrade to mean moving from one version to another. As
> > > Samba 3 is no longer developed, we consider it an upgrade to
> > > move to Samba 4. Maybe you do not?
> > I believe we are meaning the same. Just to clarify:
> > An upgrade from samba 3.5.x to 3.6.y to 4.1.z is just an update of
> > the software. In theory nothing has changed, in practice there are
> > a lot of changes in code and some changes in default settings.
> > But an upgrade is not a change from "classical samba" to "AD based
> > samba".
> OK, fine. We'll adopt that meaning then. But we're digressing.
Ok, let us focus on his problem.
> The OP
> has done an update of a working samba3 system.
Yes and no. No, because I assume he has not updated a system. He
installed samba on an other PC, with debian in this case.
> We do not know what he
> has upgraded nor how, but he describes it as Samba4.
I assume he is using Debians samba 4.1.x from backports.
> It is clear from
> his smb.conf that he has no intention of upgrading.
I assume he has copied thes smb.conf from the old system to the new one.
> His issue
> remains: why did it work with Samba3 but not with Samba4.
It is not a case of the samba version. This will always happen.
He installed the new box with wheezy and samba4. At this point the
postinst script from the package configures a default smb.conf and
When samba starts the first time, the tdb files are filled up with some
default settings. This is required. Important is, that a new SID was
After this is done, he shut down samba, copied the smb.conf from the old
system, restarted samba.
And now the samba setup is broken. The SIDs are different. Old SID in
the LDAP DB, new SID in local TBD.
He may try this on the new debian system:
net setdomainsid S-1-5-21-1016009054-1483029785-3768009975
net setlocalsid S-1-5-21-1016009054-1483029785-3768009975
even if this setup declares no domain. After a samba restart it may
work. I dont know if the ldap entry will be written, but i am sure the
secrets.tdb gets updated. He may verify the ldap with a search filter I
have already posted.
And now a way to circumvent this mistake:
One should copy the smb.conf from the old system to the new system,
before installing the samba package :-) .
> I don't
> know because I do not have enough information.
He has posted all relevant information, some only to my privat address.
But I have posted all answers back to the list.
Ok, some infos I have requested were not posted right away, because of a
copy and paste error. But he did it one mail later.
More information about the samba