passdb backend = tdbsam? Should be ldapsam?! ----------------------------------------------- EDV Daniel Müller
Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: [email protected] Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Rumbidzayi Gadhula Gesendet: Montag, 17. Oktober 2011 18:38 An: [email protected] Betreff: [Samba] LDAP/Samba on RHEL6 Hello have configured samba to authenticate with an LDAP backend everything works fine including testing the configuration files until I start the net sam provision. Below is the error<http://www.tomshardware.com/forum/237835-50-samba-ldap-failing-create- domain-users-admins#>message I get lib/smbldap_util.c:310(smbldap_search_domain_info) smbldap_search_domain_info: Adding domain info for XXXXX failed with NT_STATUS_UNSUCCESSFUL Adding the Domain Users group. Unable to allocate a new gid to create Domain Users group! Checking for Domain Admins group. Adding the Domain Admins group. Unable to allocate a new gid to create Domain Admins group! Check for Administrator account. Adding the Administrator user. Can't create Administrator user, Domain Admins group not available! I have checked the logs and I can't make sense of them (I am quie green when it comes to LDAP and Samba). I am following the instructions from the redhat documentation for rhel6 Below is the /var/log/messages winbindd/idmap.c:589(idmap_alloc_init) Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for alloc backend, deferred! Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768122, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module ldap already registered! Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768198, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) Oct 10 08:53:04 xxxxx winbindd[18314]: idmap_alloc module tdb already registered! Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768264, 0] winbindd/idmap.c:149(smb_register_idmap) Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module passdb already registered! Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.768328, 0] winbindd/idmap.c:149(smb_register_idmap) Oct 10 08:53:04 xxxxx winbindd[18314]: Idmap module nss already registered! Oct 10 08:53:04 xxxxx winbindd[18314]: [2011/10/10 08:53:04.769683, 0] winbindd/idmap.c:589(idmap_alloc_init) Oct 10 08:53:04 xxxxx winbindd[18314]: ERROR: Initialization failed for alloc See my slapd.conf and smb.conf file, which on testing both return success. smb.conf workgroup = UZCHS server string = Samba Server Version %v netbios name = uzchspdc # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 10000 # - - - - - - - - - - - - Standalone Server Options - - - - - - - - - - - - # # Security can be set to user, share(deprecated) or server(deprecated) # # Backend to store user information in. New installations should # use either tdbsam or ldapsam. smbpasswd is available for backwards # compatibility. tdbsam requires no further configuration. security = user passdb backend = tdbsam # - - - - - - - - - - - - Domain Members Options - - - - - - - - - - - - # # Security must be set to domain or ads domain master = yes domain logons = yes passdb backend = ldapsam:ldap://127.0.0.1/ ldapsam:trusted = yes ldapsam:editposix = yes encrypt passwords = true ldap admin dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw ldap delete dn = yes ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap suffix = dc=uzchs,dc=ac,dc=zw ldap ssl = off idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 5000-50000 idmap gid = 5000-50000 idmap alloc backend = ldap idmap alloc config : ldap_url = ldap://127.0.0.1/ idmap alloc config : ldap_user_dn = cn=smbadmin,dc=uzchs,dc=ac,dc=zw idmap alloc config : ldap_base_dn = ou=idmap,dc=uzchs,dc=ac,dc=zw logon home = \\127.0.0.1\homes\%U logon path = \\%L\%U\.win32_profile logon drive = H: os level = 34 preferred master = yes preferred master = yes wins support = yes load printers = yes cups options = raw #- - - - - - - - - - - - Share Definitions - - - - - - - - - - - - [homes] comment = Home Directories read only = No browseable = no writable = yes ; valid users = %S ; valid users = MYDOMAIN\%S [printers] comment = All Printers path = /var/spool/samba browseable = no ; guest ok = no ; writable = no printable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] ; comment = Network Logon Service Below is the slapd.conf: include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 access to * by self write # by users read by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write by * read access to attrs=userPassword,sambaLMPassword,sambaNTPassword ,sambaPwdLastSet,sambaPwdMustChange by dn.base="cn=smbadmin,dc=uzchs,dc=ac,dc=zw&quo t; write by self write by anonymous auth by * none database bdb suffix "dc=uzchs,dc=ac,dc=zw" checkpoint 1024 15 rootdn "cn=Manager,dc=uzchs,dc=ac,dc=zw" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw redhat directory /var/lib/ldap # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub # enable monitoring database monitor allow onlu rootdn to read the monitor access to * by dn.exact="cn=Manager,dc=uzchs,dc=ac,dc=zw&quo t; read by * none ############################## pdbedit -L -v gives me add_new_domain_info: failed to add domain dn= sambaDomainName=UZCHS,dc=uzchs,dc=ac,dc=zw with: Invalid DN syntax invalid DN smbldap_search_domain_info: Adding domain info for UZCHS failed with NT_STATUS_UNSUCCESSFUL. TIA Rumbi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
