I've ereditated this quite messy openldap server from the previous
administrator, samba (3) relies on it for acting as a PDC.
The main problem (while I build a new directory from scratch) is you
can't add a machine account to the domain :
On the client it says the credentials are invalid, anyway the real
problem (from samba logs) seems to be :
Got too many (2) domain info entries for domain DOMAIN
(I've replaced my domain name to 'DOMAIN' and sambahost name to 'host'
for no particular reason ...)
host:/etc/samba # strings secrets.tdb | grep SID
SECRETS/SID/HOST
SECRETS/SID/DOMAIN -- I think this is the problem, since a clean
installation on a test machine gives only the first line from the same
command, but I can't figure how to remove the entry.
other useful infos can be :
1)
host:/ # smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE]
ServerComment
- ---
HOSTSamba Server Version 3.0.4-SUSE
Workgroup Master
- ---
DOMAIN HOST
2)
host:/ # net getlocalsid
[2004/09/22 11:39:38, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
Got too many (2) domain info entries for domain DOMAIN
SID for domain HOST is: S-1-5-21-3942806058-2931819711-1847247862
3)
host:/ # pdbedit -Lv user
Got too many (2) domain info entries for domain DOMAIN
Got too many (2) domain info entries for domain DOMAIN
Unix username:user
NT username: user
Account Flags:[U ]
User SID: S-1-5-21-3942806058-2931819711-1847247862-2010
Primary Group SID:S-1-5-21-3942806058-2931819711-1847247862-513
Full Name:Some User
Home Directory: \\host\user
HomeDir Drive:H:
Logon Script: logon.bat
Profile Path: \\host\profiles\user
Domain: DOMAIN
[etc...]
4)
host:/ # net groupmap list
[2004/09/22 11:50:47, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
Got too many (2) domain info entries for domain DOMAIN
Domain (S-1-5-21-3942806058-2931819711-1847247862-1203) - domain
Domain Guests (S-1-5-21-3942806058-2931819711-1847247862-514) - nobody
Domain Users (S-1-5-21-3942806058-2931819711-1847247862-513) - users
Domain Admins (S-1-5-21-3942806058-2931819711-1847247862-512) - Domain
Admins
Guests (S-1-5-21-3942806058-2931819711-1847247862-546) - Guests
Power Users (S-1-5-21-3942806058-2931819711-1847247862-547) - Power Users
Account Operators (S-1-5-21-3942806058-2931819711-1847247862-548) -
Account Operators
Server Operators (S-1-5-21-3942806058-2931819711-1847247862-549) -
Server Operators
Print Operators (S-1-5-21-3942806058-2931819711-1847247862-550) - Print
Operators
Backup Operators (S-1-5-21-3942806058-2931819711-1847247862-551) -
Backup Operators
Replicator (S-1-5-21-3942806058-2931819711-1847247862-552) - Replicator
Domain Computers (S-1-5-21-3942806058-2931819711-1847247862-553) -
Domain Computers
5)
[the exported LDIF of ldap domain entry]
dn: sambaDomainName=DOMAIN, dc=domain, dc=com
sambaNextUserRid: 4000
sambaSID: S-1-5-21-3942806058-2931819711-1847247862
sambaNextGroupRid: 4001
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: DOMAIN
6 )
[relevant lines from smb.conf]
netbios name = HOST
workgroup = DOMAIN
passdb backend = ldapsam:ldap://localhost/
ldap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap ssl = on
ldap user suffix = ou=people
ldap group suffix = ou=Group
ldap machine suffix = ou=people
#ldap filter = ($(uid=%u)(objectclass=sambaSAMAccount))
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldaps://host.domain.com
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
thanks
--
Simone Cittadini
==
COMVERT S.R.L.
via F.lli Bressan, 21
20126 Milano - ITALY
Tel +39.02.27006796(aspetta un beep)103
[EMAIL PROTECTED]
http://www.comvert.com
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba