Never the less, I would expect to see _nua again someday when it is stabilized.
I've not be able to find in the docs where it describes the differences ...
the old LDAP schema thus I assume that the others are not.
_nua no longer exists. ldapsam uses a new schema, designed to avoid conflicts with other schemas, and for intergartion with things like idmap.
OK, I managed to get connected with ldapsam_compat however I got some errors on the server side at log level 4.
Just for gigles, I switched to the old samba and got none at the same log level. Now objectClass=sambaGroupMapping doesn't exist in the old schema, as far as I know, so that is not a surprise but I am not sure I understand why samba is looking for it. I've triple checked that the password set by smbpasswd3 -w is correct but I still get errors/warnings to that effect. I'm particularly interested in what, if anything, the idmap suffix should be set to. Note that I have no known use for winbind as my linux boxes all connect directly through LDAP. Listings below are annotated.
Jul 19 12:24:01 enigma smbd3[12589]: [2003/07/19 12:24:01, 0] lib/util_sock.c:get_socket_addr(900)
Jul 19 12:24:01 enigma smbd3[12589]: getpeername failed. Error was Transport endpoint is not connected
Jul 19 12:24:01 enigma smbd3[12589]: [2003/07/19 12:24:01, 0] lib/util_sock.c:read_socket_data(342)
Jul 19 12:24:01 enigma smbd3[12589]: read_socket_data: recv failure for 4. Error = Connection reset by peer
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1363)
Jul 19 12:24:01 enigma smbd3[12588]: failed to decode PDU
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Jul 19 12:24:01 enigma smbd3[12588]: process_request_pdu: failed to do schannel processing.
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0] lib/smbldap.c:smbldap_open(799)
Jul 19 12:24:01 enigma smbd3[12588]: smbldap_open: cannot access LDAP when not root..
Jul 19 12:24:01 enigma smbd3[12588]: [2003/07/19 12:24:01, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1634)
Jul 19 12:24:01 enigma smbd3[12588]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)ldapsam_search_one_group: Query was: ou=Group,dc=microverse,dc=net, (&(objectClass=sambaGroupMapping)(gidNumber=1002))
gidNumber 1002 belongs to my domain users group, dusers but it does not have an objectClass=sambaGroupMapping nore is one accessible according to GQ
Do I need to add the new schema? It does not seem logical that this would be required with ldapsam_compat.
Followed by shorewall gripeing about some all2all pings which may or may not be pertinent. Note that 192.168.1.252 is the test cleint:
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28 TOS=0x00 PREC=0x00 TTL=128 ID=7816 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=2816
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28 TOS=0x00 PREC=0x00 TTL=128 ID=7817 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3072
Jul 19 12:24:01 enigma kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=[ deleted for security ] SRC=192.168.1.252 DST=192.168.1.253 LEN=28 TOS=0x00 PREC=0x00 TTL=128 ID=7818 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3328
testparm3 output is :
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdf-generator]"
Processing section "[public]"
Load smb config files from /etc/samba3/smb.conf
Loaded services file OK.
WARNING: You have some share names that are longer than 8 chars
These may give errors while browsing or may not be accessible
to some older clients
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MICROVERSE
server string = Samba Server %v
interfaces = 192.168.1.253/24
map to guest = Bad User
passdb backend = ldapsam_compat:ldap://127.0.0.1, smbpasswd, guest
pam password change = Yes
unix password sync = Yes
log level = 4
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add machine script = /usr/share/samba3/scripts/smbldap-useradd.pl -w -d /dev/null -g Machines -c 'Machine Account' -s /bin/false %u
#The above is in correct but is OK for now.
domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No ldap suffix = dc=microverse,dc=net ldap machine suffix = ou=Computers,dc=microverse,dc=net ldap user suffix = ou=People,dc=microverse,dc=net ldap group suffix = ou=Group,dc=microverse,dc=net ldap idmap suffix = dc=microverse,dc=net
Could the above be the problem? What is an idmap? Seems to me that it is winbind suff and I've not yet had a reason to use winbind.
ldap admin dn = cn=root,dc=microverse,dc=net ldap ssl = no printer admin = @adm hosts allow = 192.168.1., 192.168.2., 127. printing = cups
[homes] comment = Home Directories read only = No browseable = No
[netlogon] comment = Network Logon Service path = /var/lib/samba3/netlogon guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba3
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
browseable = No
[print$] path = /var/lib/samba3/printers write list = @adm, root guest ok = Yes
[pdf-generator]
comment = PDF Generator (only valid users)
path = /var/tmp
printable = Yes
print command = /usr/share/samba3/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &
[public] path = /home/storeage read only = No guest only = Yes guest ok = Yes
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
