----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, January 09, 2006 8:17 AM Subject: Re: [Samba] Account Unknown for users with Samba 3.0.11/14
> Quoting William Jojo <[EMAIL PROTECTED]> > > > And the obvious...do you have config and system information? How are uid > > values gathered by the system? Same LDAP database? That's important to find > > out... > > And, indeed, the cause of much grief. > > Since writing previous emails I have discovered: > > * The issue doesn't exist on another server. > * Though the other server has identical Samba configuration, much > else is very different. Most importantly, users exist locally on the > other server. > > To cut a long story short, it seems unlikely that in its current > configuration, this has ever worked properly. > > The sambaIdmapEntry and sambaGroupMapping objects don't exist in LDAP. > I've added objectClass sambaIdmapEntry to myself in the LDAP database, > so my LDAP entry now reads: > > # jamesc, People, u4eatech.com > dn: uid=jamesc,ou=People,dc=u4eatech,dc=com > uid: jamesc > sambaSID: S-1-5-21-4012146134-3166284455-2856603714-3038 > sambaPrimaryGroupSID: S-1-5-21-4012146134-3166284455-2856603714-3001 > displayName: James Cort,,, > sambaPwdMustChange: 2147483647 > sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000 > 00000000 > sambaAcctFlags: [U ] > uidNumber: 1019 > loginShell: /bin/bash > gidNumber: 1000 > homeDirectory: /home/jamesc > gecos: James Cort > cn: James Cort > mail: [EMAIL PROTECTED] > sambaPwdCanChange: 1136795375 > sambaLMPassword: 1E5F582F4574BA7802A22108CDA2230E > sambaNTPassword: 8224FF98E3965F5DF2C3CB3D32205650 > sambaPwdLastSet: 1136795375 > userPassword:: e01ENX1mNnpCM2xiOU1EdEx1QVUyeGQxUDNBPT0= > objectClass: account > objectClass: sambaSamAccount > objectClass: posixAccount > objectClass: top > objectClass: u4eaPerson > objectClass: sambaIdmapEntry > > > While this knocks one error on the head, I still have a number of > issues as none of the gidNumber-based entries exist. However, I would > expect that users in the "Security" tab would now resolve - this is not > the case. > > I'm at a loss how to continue. Presumably I need to populate the > various bits necessary for id mapping in LDAP, though I don't know the > various options or their pros and cons. > > All the documentation I can find online seems to be geared towards > getting the system up and running properly in the first place with > minimal requirement of understanding of how it all hangs together - if > someone did that in the past and made a mistake, it seems particularly > tough to figure out what they did wrong and, more importantly, how to > fix it without causing downtime. > > Can anyone point me in the right direction? > Well, since this system doesn't have local files can you use secldapclntd? This will solve your local user problem (which is what I was driving at :-) ) by pointing to LDAP and making the users appear local. There's also the possbility of WINBIND depending on how you want to approach the users. secldapclntd can be implemented in a few minutes. As long as your smb.conf points to the same containers, you should see that you're looking for. I'm working on a paper for AIX people on how to approach user/group since there are several options available. Cheers, Bill > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
