[Samba] openldap PDC : can't add machine account ; too many domain info entries

2004-09-23 Thread Simone Cittadini 
I've ereditated this quite messy openldap server from the previous 
administrator, samba (3) relies on it for acting as a PDC.
The main problem (while I build a new directory from scratch) is you 
can't add a machine account to the domain :
On the client it says the credentials are invalid, anyway the real 
problem (from samba logs) seems to be :

Got too many (2) domain info entries for domain DOMAIN
(I've replaced my domain name to 'DOMAIN' and sambahost name to 'host' 
for no particular reason ...)

host:/etc/samba # strings secrets.tdb | grep SID
SECRETS/SID/HOST
SECRETS/SID/DOMAIN   -- I think this is the problem, since a clean 
installation on a test machine gives only the first line from the same 
command, but I can't figure how to remove the entry.

other useful infos can be :
1)
host:/ # smbclient -L localhost -U%
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.4-SUSE]
ServerComment
-   ---
HOSTSamba Server Version 3.0.4-SUSE
Workgroup   Master
-  ---
DOMAIN HOST
2)
host:/ # net getlocalsid
[2004/09/22 11:39:38, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
 Got too many (2) domain info entries for domain DOMAIN
SID for domain HOST is: S-1-5-21-3942806058-2931819711-1847247862
3)
host:/ # pdbedit -Lv user
Got too many (2) domain info entries for domain DOMAIN
Got too many (2) domain info entries for domain DOMAIN
Unix username:user
NT username:  user
Account Flags:[U  ]
User SID: S-1-5-21-3942806058-2931819711-1847247862-2010
Primary Group SID:S-1-5-21-3942806058-2931819711-1847247862-513
Full Name:Some User
Home Directory:   \\host\user
HomeDir Drive:H:
Logon Script: logon.bat
Profile Path: \\host\profiles\user
Domain:   DOMAIN
[etc...]
4)
host:/ # net groupmap list
[2004/09/22 11:50:47, 0] lib/smbldap.c:smbldap_search_domain_info(1368)
 Got too many (2) domain info entries for domain DOMAIN
Domain (S-1-5-21-3942806058-2931819711-1847247862-1203) - domain
Domain Guests (S-1-5-21-3942806058-2931819711-1847247862-514) - nobody
Domain Users (S-1-5-21-3942806058-2931819711-1847247862-513) - users
Domain Admins (S-1-5-21-3942806058-2931819711-1847247862-512) - Domain 
Admins
Guests (S-1-5-21-3942806058-2931819711-1847247862-546) - Guests
Power Users (S-1-5-21-3942806058-2931819711-1847247862-547) - Power Users
Account Operators (S-1-5-21-3942806058-2931819711-1847247862-548) - 
Account Operators
Server Operators (S-1-5-21-3942806058-2931819711-1847247862-549) - 
Server Operators
Print Operators (S-1-5-21-3942806058-2931819711-1847247862-550) - Print 
Operators
Backup Operators (S-1-5-21-3942806058-2931819711-1847247862-551) - 
Backup Operators
Replicator (S-1-5-21-3942806058-2931819711-1847247862-552) - Replicator
Domain Computers (S-1-5-21-3942806058-2931819711-1847247862-553) - 
Domain Computers

5)
[the exported LDIF of ldap domain entry]
dn: sambaDomainName=DOMAIN, dc=domain, dc=com
sambaNextUserRid: 4000
sambaSID: S-1-5-21-3942806058-2931819711-1847247862
sambaNextGroupRid: 4001
objectClass: sambaDomain
sambaAlgorithmicRidBase: 1000
sambaDomainName: DOMAIN
6 )
[relevant lines from smb.conf]
netbios name = HOST
workgroup = DOMAIN
passdb backend = ldapsam:ldap://localhost/   

ldap suffix = dc=domain,dc=com
ldap admin dn = cn=Manager,dc=domain,dc=com
ldap ssl = on
ldap user suffix = ou=people
ldap group suffix = ou=Group
ldap machine suffix = ou=people
#ldap filter = ($(uid=%u)(objectclass=sambaSAMAccount))
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldaps://host.domain.com
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
thanks
--
Simone Cittadini
==
COMVERT S.R.L.
via F.lli Bressan, 21
20126 Milano - ITALY
Tel +39.02.27006796(aspetta un beep)103
[EMAIL PROTECTED]
http://www.comvert.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] openldap PDC : can't add machine account ; too many domain info entries

2004-09-23 Thread Andrew Bartlett 
On Thu, 2004-09-23 at 19:01, Simone Cittadini wrote:
 I've ereditated this quite messy openldap server from the previous 
 administrator, samba (3) relies on it for acting as a PDC.
 The main problem (while I build a new directory from scratch) is you 
 can't add a machine account to the domain :
 On the client it says the credentials are invalid, anyway the real 
 problem (from samba logs) seems to be :
 
 Got too many (2) domain info entries for domain DOMAIN
 
 (I've replaced my domain name to 'DOMAIN' and sambahost name to 'host' 
 for no particular reason ...)
 
 host:/etc/samba # strings secrets.tdb | grep SID
 SECRETS/SID/HOST
 SECRETS/SID/DOMAIN   -- I think this is the problem, since a clean 
 installation on a test machine gives only the first line from the same 
 command, but I can't figure how to remove the entry.


Open up your ldap server in a tool like 'gq', and remove the incorrect
(or both) 'sambaDomain=DOMAIN' entry in your ldap database.  Somehow,
you got two of them, and Samba doesn't like that.

Samba uses this to store the domain SID, and other information, in the
LDAP directory.

Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba