Hello,
I have some problems trying to configure a PDC with OpenLDAP backend using Samba 3.0.1.
My LDAP server is working fine and has the samba templates.
I am able to configure users. The procedure I am using is I first create the user in
the LDAP server using posixAccount, shadowAccount, etc. Then, as root, I write
smbpasswd -a user
and it works fine.
I get the same effect if I use
pdbedit -a -u borra
The user is able to mount a share in the server. At this point things are working
great.
My first problem is that I have been unable to add machines.
I tried a similar procedure. First create the machine in the LDAP server (without
sambaSamAccount) and then
smbpasswd -m -a theMachine
I have tried everything including pdbedit and smbldap-tools 0.8.2.
I get the following errors when trying to add a machine called tuqueque using
smbpasswd -m -a tuqueque -D256
Netbios name list:-
my_netbios_names[0]="BOA"
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=Manager,dc=ica,dc=luz,dc=ve"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching for:[(&(uid=tuqueque$)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [tuqueque$] count=0
Finding user tuqueque$
Trying _Get_Pwnam(), username as lowercase is tuqueque$
Trying _Get_Pwnam(), username as uppercase is TUQUEQUE$
Checking combinations of 0 uppercase letters in tuqueque$
Get_Pwnam_internals didn't find user [tuqueque$]!
The smbldap-tools 0.8.2 do not work at all. They do not even work for adding users
(which I already solved using smbpasswd).
I have other questions:
I have read that I have to create some groups (Domain Admins, Domain Users, Domain
Guests), but the procedure for doing that when using LDAP is not clear. I tried adding
the groups to the LDAP server and then using something like
net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin
I get the following message:
NT Group Domain Admins doesn't exist in mapping DB
Can somebody help me?
Here is my smb.conf:
[global]
hosts allow = 172.17.6.0/255.255.255.0
netbios name = BOA
workgroup = ICALUZ
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
os level = 33
ldap suffix = dc=ica,dc=luz,dc=ve
ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"
idmap backend = ldap:ldap://localhost
idmap gid = 10000-20000
idmap uid = 10000-20000
ldap idmap suffix = ou=Idmap
passdb backend = ldapsam:ldap://localhost
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Personas
ldap group suffix = ou=Grupos
ldap machine suffix = ou=Computadoras
#ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap filter = (uid=%u)
logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u\winprofile
logon script = logon.cmd
#logging
log level = 2
log file = /var/lib/samba/%m.log
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = ntadmin
[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0644
directory mask = 0755
[test]
path=/tmp
writeable=yes
public=yes
I have tried to follow the documentation, but it is somewhat confising when it refers
to LDAP. It is never clear whether they are talking about the new style or the old
Samba 2.x style. Maybe it is not completely updated.
Any help is appreciated.
Regards,
VS
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
