John Zakhar: > First email was rejected due to size so the log files are inline in the > msg now.. > > I have NEVER had so much trouble with a > samba PDC before. I need to turn in my unix admin license, this is > pathetic...
Hey wait a minute, we all get fits like that now and again. Have to admit that mine mostly come with Windows, I can always get Unix/Linux to work ;) This could take some time, I live in Europe, it's near my bedtime, I'm licked for today and I need sleep. What's more, I'm a modem person at home and am only connected a couple of times a day. Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP 2.2.23. on RHAS3, so ... > Anyway, I am here. When trying to join a domain with the administrator > account I get "no mapping between account name and security ID's was done" > And the joining fails... > > > All the needed files are attached, from the ldap log. to the samba.conf > to the ldifs of the machine, root and admin account. Trying with the root > account nets me the same error There's too much shit there. You're getting hung up in the details. And I didn't see any LDAP log, even if I had, it probably would have been useless. You need to do a 'tail -f' on it (-d 256) while things are happening to get any sense from it. Your local SIDs are all messed up for a start. You have: S-1-5-21-1391849139-953726148-1374988380 and S-1-5-21-3107161993-1039155829-3332455197 all mixed up together. And the following SIDs can surely not be right: Administrators (S-1-5-32-544) -> Administrators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators Get all that sorted out before you go on. Your smb.conf looks more or less o.k. (didn't dwell on it) You're using the Idealx crap without understanding LDAP or what you're doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look at the alternative Appendix A method of using LDAP in Samba in the Samba HOWTO. Here are my mappings up to now at my production site (sorry about the wrapping, I decided to use SquirrelMail for this mail and it always breaks at 76 chars): Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) -> personeel Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) -> docenten Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) -> leerlingen Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) -> directie Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) -> administratie Never mind that you don't know what the Dutch words mean. See that I map from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the domain SIDs are all the same? The secrets are in Appendix A of the Samba HOWTO and in getting things working with GQ. Get those right, and I'll see if I can come back tomorrow ;) Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
