[Samba] Samba (4.1.17) ldap backend create user failed
Rowland penny
rpenny at samba.org
Wed Apr 6 15:30:06 UTC 2016
On 06/04/16 15:23, basti wrote:
> Hello, I have upgrade my samba PDC from 3.xx (debian lenny) to 4.1 (debian jessie).
> ldap and samba shares work all fine.
>
> When I try to add a user I get the following
>
> smbpasswd -a foobar
> New SMB password:
> Retype new SMB password:
> ldapsam_create_user: Unable to allocate a new user id: bailing out!
> Failed to add entry for user foobar.
>
> I found this workaround
> https://lists.samba.org/archive/samba/2009-October/151528.html
>
> but testparam say that
>
> WARNING: The "idmap backend" option is deprecated
> Unknown parameter encountered: "idmap alloc backend"
> Ignoring unknown parameter "idmap alloc backend"
>
>
> smbd -V
> Version 4.1.17-Debian
>
> egrep -v "(^#|^$|^;)" /etc/samba/smb.conf
> [global]
> workgroup = foo
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> os level = 255
> preferred master = yes
> domain master = yes
> local master = yes
>
> vfs object = recycle
> recycle:repository = /home/samba/Papierkorb/%U
> recycle:keeptree = yes
> recycle:exclude = *.tmp *.temp *.swp
> recycle:exclude_dir = /tmp /temp
> recycle:touch = yes
>
> server role = classic primary domain controller
> encrypt passwords = true
> passdb backend = ldapsam:ldapi:///
> ldapsam:trusted=yes
> ldapsam:editposix=yes
> ldap admin dn = cn=admin,dc=foo
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Machines
> ldap user suffix = ou=Users
> ldap suffix = dc=foo
> ldap ssl = off
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> map to guest = bad user
> domain logons = yes
> logon path =
> logon script = login.bat
> admin users = root, Administrator, @Domain Admins, admin
> ;idmap uid = 10000-20000
> ;idmap gid = 10000-20000
> ;template shell = /bin/bash
>
> idmap alloc config:ldap_base_dn = ou=idmap,dc=foo
> idmap alloc config:ldap_user_dn = cn=admin,dc=foo
> idmap alloc config:ldap_url = ldapi:///
> usershare allow guests = yes
>
> [homes]
> comment = Home Directories
> browseable = no
> read only = yes
> create mask = 0700
> directory mask = 0700
> valid users = %S
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> guest ok = yes
> read only = yes
>
> [printers]
> comment = All Printers
> browseable = no
> path = /var/spool/samba
> printable = yes
> guest ok = no
> read only = yes
> create mask = 0700
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> browseable = yes
> read only = yes
> guest ok = no
>
> I want to use a samba NT4 domain and no AD.
> Thanks for any help.
>
> Best Regards, Basti
>
>
> p.s. smbldap-tools works also fine
>
>
Hi, I did some testing recently and I got it work for me, but this was a
new domain, the core part of smb.conf was this:
passdb backend = ldapsam
ldapsam:editposix = yes
ldapsam:trusted = yes
ldap admin dn = cn=admin,dc=samba,dc=tld
ldap suffix = dc=samba,dc=tld
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
idmap config *: backend = ldap
idmap config *: range = 10000-19999
idmap config *: ldap_url = ldap://localhost/
idmap config *: ldap_base_dn = ou=idmap,dc=samba,dc=tld
idmap config *: ldap_user_dn = cn=admin,dc=samba,dc=tld
ldap delete dn = yes
ldap password sync = yes
idmap alloc was removed some time ago
I also populated ldap by running 'net sam provision'
Rowland
More information about the samba
mailing list