Can anyone help me on this? I'm really stuck... On Thu, Oct 15, 2009 at 16:58, Mariano Absatz <[email protected]> wrote: > Hi, > > I'm trying to make a "pure ldap" setup, whereas users, groups, id mappings > and everything that is supported with LDAP be in the LDAP tree and managed > directly by samba. > > That is, I'm using: > > ldapsam:trusted = yes > ldapsam:editposix = yes > > And NOT using smbldap-*. > > My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC > > I created the LDAP tree root (o=midominio) and all its branches (ou=people; > ou=groups; ou= hosts and ou=idmap). > > I ran "net sam provision" to fill in the basic values. > > I stored the secrets in secrets.tdb: > # smbpasswd -w ldap_admin_password > # net idmap secret midominio ldap_admin_password > # net idmap secret alloc ldap_admin_password > > I was able to join a samba server to the domain (net rpc join -S miserver > -UAdministrator). > > However, when I try to join an XP host to the domain, I get an error (IIRC > it's "An attached device is not functionning") in the workstation and the > samba logs show the following: > > [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119) > ldapsam_create_user: Unable to allocate a new user id: bailing out! > > The user I'm using to bind to the LDAP server is the LDAP administrator and > it does have permissions on all the tree (in particular, within > "ou=idmap,o=midominio")... > > I manually added an entry for the workstation's account posix data, then > issued "smbpasswd -a workstation$" > > THEN I could join the domain... > > Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I > can't find enough information to do it right. > > Any help REALLY appreciated...
-- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
