[Samba] Samba (4.1.17) ldap backend create user failed
basti
mailinglist at unix-solution.de
Thu Apr 7 06:40:43 UTC 2016
"net sam provision" runs without error.
the error is sill present
On 06.04.2016 17:30, Rowland penny wrote:
> On 06/04/16 15:23, basti wrote:
>> Hello, I have upgrade my samba PDC from 3.xx (debian lenny) to 4.1
>> (debian jessie).
>> ldap and samba shares work all fine.
>>
>> When I try to add a user I get the following
>>
>> smbpasswd -a foobar
>> New SMB password:
>> Retype new SMB password:
>> ldapsam_create_user: Unable to allocate a new user id: bailing out!
>> Failed to add entry for user foobar.
>>
>> I found this workaround
>> https://lists.samba.org/archive/samba/2009-October/151528.html
>>
>> but testparam say that
>>
>> WARNING: The "idmap backend" option is deprecated
>> Unknown parameter encountered: "idmap alloc backend"
>> Ignoring unknown parameter "idmap alloc backend"
>>
>>
>> smbd -V
>> Version 4.1.17-Debian
>>
>> egrep -v "(^#|^$|^;)" /etc/samba/smb.conf
>> [global]
>> workgroup = foo
>> dns proxy = no
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>> os level = 255
>> preferred master = yes
>> domain master = yes
>> local master = yes
>>
>> vfs object = recycle
>> recycle:repository = /home/samba/Papierkorb/%U
>> recycle:keeptree = yes
>> recycle:exclude = *.tmp *.temp *.swp
>> recycle:exclude_dir = /tmp /temp
>> recycle:touch = yes
>>
>> server role = classic primary domain controller
>> encrypt passwords = true
>> passdb backend = ldapsam:ldapi:///
>> ldapsam:trusted=yes
>> ldapsam:editposix=yes
>> ldap admin dn = cn=admin,dc=foo
>> ldap group suffix = ou=Groups
>> ldap machine suffix = ou=Machines
>> ldap user suffix = ou=Users
>> ldap suffix = dc=foo
>> ldap ssl = off
>> obey pam restrictions = yes
>> unix password sync = yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> pam password change = yes
>> map to guest = bad user
>> domain logons = yes
>> logon path =
>> logon script = login.bat
>> admin users = root, Administrator, @Domain Admins, admin
>> ;idmap uid = 10000-20000
>> ;idmap gid = 10000-20000
>> ;template shell = /bin/bash
>>
>> idmap alloc config:ldap_base_dn = ou=idmap,dc=foo
>> idmap alloc config:ldap_user_dn = cn=admin,dc=foo
>> idmap alloc config:ldap_url = ldapi:///
>> usershare allow guests = yes
>>
>> [homes]
>> comment = Home Directories
>> browseable = no
>> read only = yes
>> create mask = 0700
>> directory mask = 0700
>> valid users = %S
>>
>> [netlogon]
>> comment = Network Logon Service
>> path = /home/samba/netlogon
>> guest ok = yes
>> read only = yes
>>
>> [printers]
>> comment = All Printers
>> browseable = no
>> path = /var/spool/samba
>> printable = yes
>> guest ok = no
>> read only = yes
>> create mask = 0700
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>> browseable = yes
>> read only = yes
>> guest ok = no
>>
>> I want to use a samba NT4 domain and no AD.
>> Thanks for any help.
>>
>> Best Regards, Basti
>>
>>
>> p.s. smbldap-tools works also fine
>>
>>
>
> Hi, I did some testing recently and I got it work for me, but this was
> a new domain, the core part of smb.conf was this:
>
> passdb backend = ldapsam
> ldapsam:editposix = yes
> ldapsam:trusted = yes
> ldap admin dn = cn=admin,dc=samba,dc=tld
> ldap suffix = dc=samba,dc=tld
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap user suffix = ou=users
> idmap config *: backend = ldap
> idmap config *: range = 10000-19999
> idmap config *: ldap_url = ldap://localhost/
> idmap config *: ldap_base_dn = ou=idmap,dc=samba,dc=tld
> idmap config *: ldap_user_dn = cn=admin,dc=samba,dc=tld
> ldap delete dn = yes
> ldap password sync = yes
>
> idmap alloc was removed some time ago
>
> I also populated ldap by running 'net sam provision'
>
> Rowland
>
More information about the samba
mailing list