Hi,
I'm trying to make a "pure ldap" setup, whereas users, groups, id
mappings and everything that is supported with LDAP be in the LDAP tree
and managed directly by samba.
That is, I'm using:
ldapsam:trusted = yes
ldapsam:editposix = yes
And NOT using smbldap-*.
My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC
I created the LDAP tree root (o=midominio) and all its branches
(ou=people; ou=groups; ou= hosts and ou=idmap).
I ran "net sam provision" to fill in the basic values.
I stored the secrets in secrets.tdb:
# smbpasswd -w ldap_admin_password
# net idmap secret midominio ldap_admin_password
# net idmap secret alloc ldap_admin_password
I was able to join a samba server to the domain (net rpc join -S
miserver -UAdministrator).
However, when I try to join an XP host to the domain, I get an error
(IIRC it's "An attached device is not functionning") in the workstation
and the samba logs show the following:
[2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
ldapsam_create_user: Unable to allocate a new user id: bailing out!
The user I'm using to bind to the LDAP server is the LDAP administrator
and it does have permissions on all the tree (in particular, within
"ou=idmap,o=midominio")...
I manually added an entry for the workstation's account posix data, then
issued "smbpasswd -a workstation$"
THEN I could join the domain...
Clearly, I have something misconfigured regarding ldap/idmap/alloc, but
I can't find enough information to do it right.
Any help REALLY appreciated...
--
Mariano Absatz - "El Baby"
[email protected]
www.clueless.com.ar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
To define recursion, we must first define recursion.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* TagZilla 0.066 * http://tagzilla.mozdev.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
