[Samba] Fwd: Failed to find sambaDomain object to get sambaAlgorithmicRidBase

Bernard Fay bernard.fay at gmail.com
Fri Sep 30 12:18:05 UTC 2016 

As suggested I added the two lines below and restarted smb.
server role = classic primary domain controller
domain master = yes


[root at CTSFILE01 samba]# testparm -sn| head -32
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[software]"
Processing section "[tftp]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC

# Global parameters
[global]
    workgroup = CTS
    server string = CTS File Server 01 - Samba version %v
    interfaces = lo eth0
    server role = classic primary domain controller
    security = USER
    passdb backend = ldapsam:ldap://ctsldap01/
    log file = /var/log/samba/log.%m
    max log size = 50
    load printers = No
    printcap name = /dev/null
    disable spoolss = Yes
    add user script = /sbin/smbldap-useradd -m "%u"
    add group script = /sbin/smbldap-groupadd -p "%g"
    add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
    delete user from group script = /sbin/smbldap-groupmod -x "%u" "%g"
    set primary group script = /sbin/smbldap-usermod -g "%g" "%u"
    add machine script = /sbin/smbldap-useradd -w "%u"
    domain master = Yes
    ldap admin dn = cn=Manager,dc=cts,dc=com
    ldap delete dn = Yes
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap passwd sync = yes
    ldap suffix = "dc=cts,dc=com"
    ldap ssl = no
    ldap user suffix = ou=Users
    idmap config * : backend = tdb
    printing = bsd


No more perl error, which is a good thing, I think but...

smbldap-usermod -a bernard.fay
Warning: sambaPrimaryGroupSID could not be set beacuse group of user
bernard.fay is not a mapped Domain group!
To get a list of groups mapped to Domain groups, use "net groupmap list" on
a Domain member machine.


net groupmap list
It returns nothing then I modified the group Administrators to add a SID as
I think is the problem:

smbldap-groupmod -a Administrators


Then one more time I try to add the object class sambaSAMAccount:
[root at CTSFILE01 samba]# smbldap-usermod -a bernard.fay
Error: Account for user bernard.fay already _is_ a Samba account!
Omit option -a!


What??? Now have the objectClass sambaSAMAccount even before modifying it
wit smbldap-usermod???  Mystery or there is something I don't understand???

ldapsearch -x -b "uid=bernard.fay,ou=people,dc=cts,dc=com" objectClass
...
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount


I retried "net groupmap list":

[root at CTSFILE01 samba]# net groupmap list
Administrators (S-1-5-21-3886818290-2676185228-3116881835-513-21001) ->
Administrators

ok, let's define a password with smbldap-passwd... everything ok with that.

Sounds good so far.... let's try to map the home share from a Windows 7
machine.

BANG!!! In Windows Explorer when I try to map a samba share drive:
"the mapped network drive could not be created because the following error
has occured:
The security ID structure is invalid."


pdbedit -L
No builtin backend found, trying to load plugin
Module 'ldapsam' loaded
smbldap_search_domain_info: Searching for:[(&(objectClass=
sambaDomain)(sambaDomainName=CTS))]
smbldap_open_connection: connection opened
sid S-1-5-21-3886818290-2676185228-3116881835-513-21000 does not belong to
our domain



What is going on again.....




On Thu, Sep 29, 2016 at 4:02 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 29 Sep 2016 15:30:30 -0400
> Bernard Fay <bernard.fay at gmail.com> wrote:
>
> > CentOS 7
> >
> > smbd -V
> > Version 4.2.10
> >
> >
> > [root at CTSFILE01 ~]# testparm -sn
> > Load smb config files from /etc/samba/smb.conf
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> > (16384) Processing section "[homes]"
> > Processing section "[software]"
> > Processing section "[tftp]"
> > Loaded services file OK.
> > Server role: ROLE_STANDALONE
> >
> > # Global parameters
> > [global]
> >     workgroup = CTS
> >     server string = CTS File Server 01 - Samba version %v
> >     interfaces = lo eth0
> >     security = USER
> >     passdb backend = ldapsam:ldap://ctsldap01/
> >     log file = /var/log/samba/log.%m
> >     max log size = 50
> >     load printers = No
> >     printcap name = /dev/null
> >     disable spoolss = Yes
> >     add user script = /sbin/smbldap-useradd -m "%u"
> >     add group script = /sbin/smbldap-groupadd -p "%g"
> >     add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
> >     delete user from group script = /sbin/smbldap-groupmod -x "%u"
> > "%g" set primary group script = /sbin/smbldap-usermod -g "%g" "%u"
> >     add machine script = /sbin/smbldap-useradd -w "%u"
> >     ldap admin dn = cn=Manager,dc=cts,dc=com
> >     ldap delete dn = Yes
> >     ldap group suffix = ou=Groups
> >     ldap machine suffix = ou=Computers
> >     ldap passwd sync = yes
> >     ldap suffix = "dc=cts,dc=com"
> >     ldap ssl = no
> >     ldap user suffix = ou=Users
> >     idmap config * : backend = tdb
> >     printing = bsd
> >
> > ... snipped the shares definition
> >
> >
> > I do not know what else can be relevant as I am far to be a pro in
> > Samba. :-(
> >
> > If something else could be useful let me know.
> >
> > Thanks,
> > Bernard
> >
>
> Didn't this:
>
> Server role: ROLE_STANDALONE
>
> Give you a hint ??
>
> Try adding these lines:
>
> server role = classic primary domain controller
> domain master = yes
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list