Kissg,
the ldap connection works fine, I've posted some ldap log lines and
there is no problem there. I still believe the problem is in the idmap phase.
thanks, regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: [EMAIL PROTECTED]
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102
Fax: (+5982) 900-2952
kissg wrote:
Have you installed the libnss-ldap module on Server B? It's required if
you have your users in an LDAP-database.
What do you see if you type the command on Server B:
id <username>
For example, I have a user in my LDAP database, named "kissg_02a". In my
case, I see the followings:
[EMAIL PROTECTED] id kissg_02a
uid=10003(kissg_02a) gid=513(Domain Users) groups=513(Domain Users)
Try to set "loglevel 256" on your slapd.conf and look for entries in
your syslog file, which have an "err" value, other than zero. If you
don't have any, it means that communication with the LDAP-server works
as expected, but Samba cannot access the uid attribute. It can also be,
that the samba.schema file changed since Samba version 3.0, and the new
version stores UIDs in a different attribute or in a different place of
the LDAP directory structure. Check if there is a new version available
for Samba 3.2.
Best regards
Gergely Kiss
2008/7/2 Ernesto Silva <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>:
Hi,
I've running a samba 3.0.22-13.30 server in standalone mode
(security=user) for quite a while. It's authenticated against an
openLdap and works great, say Server A.
A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
it came with samba 3.2.0-18, so as I'm very lazy I copied the
smb.conf file from the working server to the new one with little
modifications like the netbios name and which shares it serves, say
Server B. I'm connecting to the same Ldap server.
The problem is that I can't reach any share, from the Server B logs...
[2008/07/01 04:54:01, 1]
passdb/pdb_ldap.c:init_sam_from_ldap(567)
init_sam_from_ldap: No uid attribute found for this user!
[2008/07/01 04:54:01, 1]
passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
ldapsam_getsampwnam: init_sam_from_ldap failed for user
'xxxxx'!
I've been "googleing" for the last 8 hours and I can't fix the
problem, with a more verbose debug level I can see that the Ldap
connection works fine. I've also checked the Ldap logs and
everything is fine.
May be it's a problem with idmap-ing.
Here is my smb.conf file from the Server B, I've placed comments on
lines which differ from the Server A and commented out lines I
believe are not relevant to Server B.
-----------------------------------------------------------------
[global]
passdb expand explicit = no
utmp = Yes
workgroup = CPD
netbios name = OPEN # I've changed the
server string = File Server
passdb backend = ldapsam:ldap://ldapon.my.company
time server = Yes
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
username map = /etc/samba/smbusers
map to guest = Bad User
wins support = no # it's 'Yes' in the old server
local master = no # it's 'Yes' in the old server
domain master = no # it's 'Yes' in the old server
domain logons = no # it's 'Yes' in the old server
security = user
preferred master = no
os level = 64
encrypt passwords = yes
# logon script = test.bat
# logon path = \\%L\profiles\%U
# logon home = \\%L\%U
# logon drive = z:
# add user script = ldapsmb -a -u "%u"
# delete user script = ldapsmb -d -u "%u"
# add machine script = ldapsmb -a -s -wks "%u" -v --logfile
/var/log/samba/ldapsmb.log
# add group script = ldapsmb -a -g "%g"
# delete group script = ldapsmb -d -g "%g"
# add user to group script = ldapsmb -j -u "%u" -g "%g"
# delete user from group script = ldapsmb -j -u "%u" -g "%g"
# set primary group script = ldapsmb -m -u "%u" -gid "%g"
ldap admin dn = cn=Manager,dc=my,dc=company
ldap suffix = dc=my,dc=company
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap user suffix = ou=People
ldap passwd sync = Yes
log file = /var/log/samba/%m.log
log level = 1
load printers = no
[www2]
comment = webpages
path = /path/to/webpages
public = no
writeable = yes
browseable = yes
valid users = +groupA +groupB
force user = www2
create mask = 0775
dont descend = /bin,/boot,/dev,/etc,/lib,.....
-----------------------------------------------------------------
Please, any ideas?
Best regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102 Fax: (+5982) 900-2952
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
