I have been using samba with LDAP for a couple of years now (upgraded
from 2 to 3) and have never needed to make the server behave like a PDC.
Now we have a new project, and I need to get that fired up.
I have attempted to follow the directions in a couple of walkthroughs to
no avail. My problem seems to be coming from mapping the windows group
names to a linux group name and/or adding the domain member to the ldap
database.
Here is the error I am getting:
[EMAIL PROTECTED] samba]# net -d2 groupmap add rid=512 ntgroup="Domain
Admins" unixgroup=cnrg
[2006/12/01 14:00:22, 2] lib/interface.c:add_interface(79)
added interface ip=128.174.124.12 bcast=128.174.127.255
nmask=255.255.252.0
[2006/12/01 14:00:22, 2] lib/smbldap.c:smbldap_search_domain_info(1373)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IGB))]
[2006/12/01 14:00:22, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2006/12/01 14:00:23, 0]
passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(2330)
ldapsam_add_group_mapping_entry: failed to add group 102 error: �_
(Internal (implementation specific) error)
adding entry for group Domain Admins failed!
[2006/12/01 14:00:23, 2] utils/net.c:main(859)
return code = -1
And the smb.conf global section:
[global]
workgroup = igb
netbios name = IGB-FILE-SERVER
server string = Samba Server
passdb backend = ldapsam:ldap://auth.igb.uiuc.edu
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
ldap group suffix = ou=group
ldap suffix = dc=igb,dc=uiuc,dc=edu
ldap ssl = on
ldap user suffix = ou=People
ldap machine suffix = ou=computer
cups options = raw
add machine script
= /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools/smbldap-useradd -w
preferred master = Yes
domain master = Yes
password server = None
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
username map = /etc/samba/smbusers
winbind use default domain = no
and what I think are the appropriate ldap entries:
# igb.uiuc.edu
dn: dc=igb,dc=uiuc,dc=edu
dc: igb
objectClass: dcObject
objectClass: organizationalUnit
ou: igb dot uiuc dot edu
# People, igb.uiuc.edu
dn: ou=People,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: People
# group, igb.uiuc.edu
dn: ou=group,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: group
# computer, igb.uiuc.edu
dn: ou=computer,dc=igb,dc=uiuc,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: computer
# cnrg, group, igb.uiuc.edu
dn: cn=cnrg,ou=group,dc=igb,dc=uiuc,dc=edu
cn: cnrg
objectClass: posixGroup
gidNumber: 102
description: Computer and Network Resource Group
memberUid: danield
# danield, People, igb.uiuc.edu
dn: uid=danield,ou=People,dc=igb,dc=uiuc,dc=edu
uid: danield
cn: Daniel Davidson
mail: [EMAIL PROTECTED]
uidNumber: 600
gidNumber: 600
homeDirectory: /home/a-m/danield
gecos: Daniel Davidson
sambaSID: S-1-5-21-3679620730-2824407525-958489067-600
sambaLMPassword: barf
sambaNTPassword: barf
loginShell: /bin/bash
sn: Davidson
givenName: Daniel
objectClass: inetOrgPerson
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
I thank anyone in advance who can give me a hand,
Dan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
