In nsswitch.conf, replace "ldap" by "winbind"
2008/10/21 Johan Hendriks <[EMAIL PROTECTED]>: > Hello all > > > > First of all Sorry for the long e-mail > > > > I am trying to get samba working as a domain member and store the idmap in a > ldap database. > > > > The join is successful and all commands are working like it should wbinfo –u, > wbinfo –g kinit enz > > But the id administrator command gives me the following > > > > # id administrator > > id: administrator: no such user > > > > If I do not use the ldap backend it works well. > > > > This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43 > > I did do all the things mentioned in chapter 7 of the by example doc. > > Also the smbpasswd –w 12345 > > > > I am working on this for over 3 days now but my ldap understanding is not > that much I guess. > > What am I forgetting or doing wrong. > > > > Best regards, > > Johan Hendriks > > > > > > My slapd.conf file > > > > # > > # See slapd.conf(5) for details on configuration options. > > # This file should NOT be world readable. > > # > > include /usr/local/etc/openldap/schema/core.schema > > include /usr/local/etc/openldap/schema/cosine.schema > > include /usr/local/etc/openldap/schema/inetorgperson.schema > > include /usr/local/etc/openldap/schema/misc.schema > > include /usr/local/etc/openldap/schema/nis.schema > > include /usr/local/etc/openldap/schema/openldap.schema > > include /usr/local/etc/openldap/schema/samba.schema > > > > loglevel 256 > > > > pidfile /var/run/openldap/slapd.pid > > argsfile /var/run/openldap/slapd.args > > > > # Load dynamic backend modules: > > modulepath /usr/local/libexec/openldap > > moduleload back_bdb > > > > ####################################################################### > > # BDB database definitions > > ####################################################################### > > > > database bdb > > suffix "dc=double-l,dc=local" > > rootdn "cn=Manager,dc=double-l,dc=local" > > rootpw = 12345 > > > > > > > > directory /usr/local/var/db/openldap-data > > > > # Indices to maintain > > index objectClass eq > > index cn pres,sub,eq > > index sn pres,sub,eq > > index uid pres,sub,eq > > index displayName pres,sub,eq > > index uidNumber eq > > index gidNumber eq > > index memberUID eq > > index sambaSID eq > > index sambaPrimaryGroupSID eq > > index sambaDomainName eq > > index default sub > > > > my ldap.con and nss_ldap.conf file > > > > > > base dc=double-l,dc=local > > binddn cn=Manager,dc=double-l,dc=local > > bindpw 12345 > > > > > > pam_password exop > > > > bind_policy soft > > bind_timelimit 10 > > > > host 127.0.0.1 > > idle_timelimit 3600 > > ldap_version 3 > > > > nss_base_group ou=Groups,dc=double-l,dc=local?one > > nss_base_passwd ou=People,dc=double-l,dc=local?one > > nss_base_shadow ou=People,dc=double-l,dc=local?one > > > > nss_connect_policy persist > > nss_paged_results yes > > > > pagesize 1000 > > port 389 > > timelimit 30 > > > > my vi /etc/nsswitch.conf > > group: files ldap > > group_compat: nis > > hosts: files dns > > networks: files > > passwd: files ldap > > passwd_compat: nis > > shells: files > > services: compat > > services_compat: nis > > protocols: files > > rpc: files > > > > my idmap.ldiff file > > > > dn: dc=snowshow,dc=com > objectClass: dcObject > objectClass: organization > dc: snowshow > o: The Greatest Snow Show in Singapore. > description: Posix and Samba LDAP Identity Database > > dn: cn=Manager,dc=snowshow,dc=com > objectClass: organizationalRole > cn: Manager > description: Directory Manager > > dn: ou=Idmap,dc=snowshow,dc=com > objectClass: organizationalUnit > ou: idmap > > > > > > and finally my smb.conf file > > > > [global] > > workgroup = DOUBLE-L > > netbios name = BEASTY > > realm = DOUBLE-L.LOCAL > > server string = Samba Server > > security = ADS > > log level = 1 ads:10 auth:10 sam:10 rpc:10 > > ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL > > ldap idmap suffix = ou=Idmap > > ldap suffix = dc=DOUBLE-L,dc=LOCAL > > idmap backend = ldap:ldap://127.0.0.1 > > idmap uid = 150000-550000 > > idmap gid = 150000-550000 > > template shell = /usr/local/bin/bash > > winbind use default domain = Yes > > > > [share1] > > comment = Data Directory > > path = /mnt > > #write list = @mr70 > > read only = no > > create mask = 0777 > > directory mask = 0777 > > > > and my /etc/krb5.conf file > > > > [libdefaults] > > default_realm = DOUBLE-l.LOCAL > > clockskew = 300 > > > > [realms] > > DOUBLE-l.LOCAL = { > > kdc = w2003s01.double-l.local > > } > > > > [domain_realm] > > .double-l.local = DOUBLE-l.LOCAL > > > > > > This is a part of my slapd.log file after a restart of samba and a id > administrator command > > > > Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost) > > Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost) > > Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost) > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from > IP=127.0.0.1:58176 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 RESULT tag=97 err=0 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SRCH > base="ou=Groups,dc=double-l,dc=local" scope=1 deref=0 > filter="(&(objectClass=posixGroup))" > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SRCH attr=cn userPassword > memberUid uniqueMember gidNumber > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SEARCH RESULT tag=101 > err=32 nentries=0 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 fd=13 ACCEPT from > IP=127.0.0.1:60398 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 BIND > dn="cn=Manager,dc=DOUBLE-L,dc=LOCAL" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 RESULT tag=97 err=0 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SRCH base="" scope=0 > deref=0 filter="(objectClass=*)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SRCH attr=supportedControl > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SEARCH RESULT tag=101 err=0 > nentries=1 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SRCH > base="ou=Idmap,dc=DOUBLE-L,dc=LOCAL" scope=2 deref=0 > filter="(objectClass=sambaUnixIdPool)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SRCH attr=uidNumber > gidNumber objectClass > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SEARCH RESULT tag=101 err=0 > nentries=1 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 fd=15 ACCEPT from > IP=127.0.0.1:60156 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 BIND > dn="cn=Manager,dc=DOUBLE-L,dc=LOCAL" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 RESULT tag=97 err=0 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SRCH base="" scope=0 > deref=0 filter="(objectClass=*)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SRCH attr=supportedControl > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SEARCH RESULT tag=101 err=0 > nentries=1 text= > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SRCH > base="ou=Idmap,dc=DOUBLE-L,dc=LOCAL" scope=2 deref=0 > filter="(&(objectClass=sambaIdmapEntry)(gidNumber=65534))" > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SRCH attr=sambaSID > uidNumber gidNumber objectClass > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SEARCH RESULT tag=101 err=0 > nentries=0 text= > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 fd=17 ACCEPT from > IP=127.0.0.1:50821 (IP=127.0.0.1:389) > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" method=128 > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 BIND > dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 RESULT tag=97 err=0 text= > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SRCH > base="ou=People,dc=double-l,dc=local" scope=1 deref=0 > filter="(&(objectClass=posixAccount)(uid=administrator))" > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SRCH attr=uid userPassword > uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass > shadowLastChange shadowMax shadowExpire > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SEARCH RESULT tag=101 > err=32 nentries=0 text= > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 fd=17 closed (connection lost) > > > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
