RE: [Samba] samba idmap ldap backend
Well that did it, thank you very very much. Did I read the documentation wrong or is it the documentation that need to be adjusted. I read this http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm and then the section IDMAP Storage in LDAP using Winbind regards, Johan Hendriks No virus found in this outgoing message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.2/1741 - Release Date: 23-10-2008 7:54 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba idmap ldap backend
In nsswitch.conf, replace "ldap" by "winbind"
2008/10/21 Johan Hendriks <[EMAIL PROTECTED]>:
> Hello all
>
>
>
> First of all Sorry for the long e-mail
>
>
>
> I am trying to get samba working as a domain member and store the idmap in a
> ldap database.
>
>
>
> The join is successful and all commands are working like it should wbinfo –u,
> wbinfo –g kinit enz
>
> But the id administrator command gives me the following
>
>
>
> # id administrator
>
> id: administrator: no such user
>
>
>
> If I do not use the ldap backend it works well.
>
>
>
> This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
>
> I did do all the things mentioned in chapter 7 of the by example doc.
>
> Also the smbpasswd –w 12345
>
>
>
> I am working on this for over 3 days now but my ldap understanding is not
> that much I guess.
>
> What am I forgetting or doing wrong.
>
>
>
> Best regards,
>
> Johan Hendriks
>
>
>
>
>
> My slapd.conf file
>
>
>
> #
>
> # See slapd.conf(5) for details on configuration options.
>
> # This file should NOT be world readable.
>
> #
>
> include /usr/local/etc/openldap/schema/core.schema
>
> include /usr/local/etc/openldap/schema/cosine.schema
>
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> include /usr/local/etc/openldap/schema/misc.schema
>
> include /usr/local/etc/openldap/schema/nis.schema
>
> include /usr/local/etc/openldap/schema/openldap.schema
>
> include /usr/local/etc/openldap/schema/samba.schema
>
>
>
> loglevel 256
>
>
>
> pidfile /var/run/openldap/slapd.pid
>
> argsfile/var/run/openldap/slapd.args
>
>
>
> # Load dynamic backend modules:
>
> modulepath /usr/local/libexec/openldap
>
> moduleload back_bdb
>
>
>
> ###
>
> # BDB database definitions
>
> ###
>
>
>
> databasebdb
>
> suffix "dc=double-l,dc=local"
>
> rootdn "cn=Manager,dc=double-l,dc=local"
>
> rootpw = 12345
>
>
>
>
>
>
>
> directory /usr/local/var/db/openldap-data
>
>
>
> # Indices to maintain
>
> index objectClass eq
>
> index cn pres,sub,eq
>
> index sn pres,sub,eq
>
> index uid pres,sub,eq
>
> index displayName pres,sub,eq
>
> index uidNumber eq
>
> index gidNumber eq
>
> index memberUID eq
>
> index sambaSIDeq
>
> index sambaPrimaryGroupSIDeq
>
> index sambaDomainName eq
>
> index default sub
>
>
>
> my ldap.con and nss_ldap.conf file
>
>
>
>
>
> base dc=double-l,dc=local
>
> binddn cn=Manager,dc=double-l,dc=local
>
> bindpw 12345
>
>
>
>
>
> pam_password exop
>
>
>
> bind_policy soft
>
> bind_timelimit 10
>
>
>
> host 127.0.0.1
>
> idle_timelimit 3600
>
> ldap_version 3
>
>
>
> nss_base_group ou=Groups,dc=double-l,dc=local?one
>
> nss_base_passwd ou=People,dc=double-l,dc=local?one
>
> nss_base_shadow ou=People,dc=double-l,dc=local?one
>
>
>
> nss_connect_policy persist
>
> nss_paged_results yes
>
>
>
> pagesize 1000
>
> port 389
>
> timelimit 30
>
>
>
> my vi /etc/nsswitch.conf
>
> group: files ldap
>
> group_compat: nis
>
> hosts: files dns
>
> networks: files
>
> passwd: files ldap
>
> passwd_compat: nis
>
> shells: files
>
> services: compat
>
> services_compat: nis
>
> protocols: files
>
> rpc: files
>
>
>
> my idmap.ldiff file
>
>
>
> dn: dc=snowshow,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: snowshow
> o: The Greatest Snow Show in Singapore.
> description: Posix and Samba LDAP Identity Database
>
> dn: cn=Manager,dc=snowshow,dc=com
> objectClass: organizationalRole
> cn: Manager
> description: Directory Manager
>
> dn: ou=Idmap,dc=snowshow,dc=com
> objectClass: organizationalUnit
> ou: idmap
>
>
>
>
>
> and finally my smb.conf file
>
>
>
> [global]
>
> workgroup = DOUBLE-L
>
> netbios name = BEASTY
>
> realm = DOUBLE-L.LOCAL
>
> server string = Samba Server
>
> security = ADS
>
> log level = 1 ads:10 auth:10 sam:10 rpc:10
>
> ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL
>
> ldap idmap suffix = ou=Idmap
>
> ldap suffix = dc=DOUBLE-L,dc=LOCAL
>
> idmap backend = ldap:ldap://127.0.0.1
>
> idmap uid = 15-55
>
> idmap gid = 15-55
>
> template shell = /usr/local/bin/bash
>
> winbind use default domain = Yes
>
>
>
> [share1]
>
>comment = Data Directory
>
>path = /mnt
>
>#write list = @mr70
>
>read only = no
>
>create mask = 0777
>
>directory mask = 0777
>
>
>
> and my /etc/krb5.conf file
>
>
>
> [libdefaults]
>
>default_realm = DOUBLE-l.LOCAL
>
>clockskew = 300
>
>
>
> [realms]
>
>DOUBLE-l.LOCAL = {
>
>kdc = w2003s01.double-l.local
>
>}
>
>
>
> [domain_realm]
>
>.double-l.local = DOUBLE-l.LOCAL
>
>
>
>
>
> This is a part of my slapd.log file after a
[Samba] samba idmap ldap backend
Hello all
First of all Sorry for the long e-mail
I am trying to get samba working as a domain member and store the idmap in a
ldap database.
The join is successful and all commands are working like it should wbinfo –u,
wbinfo –g kinit enz
But the id administrator command gives me the following
# id administrator
id: administrator: no such user
If I do not use the ldap backend it works well.
This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
I did do all the things mentioned in chapter 7 of the by example doc.
Also the smbpasswd –w 12345
I am working on this for over 3 days now but my ldap understanding is not that
much I guess.
What am I forgetting or doing wrong.
Best regards,
Johan Hendriks
My slapd.conf file
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 256
pidfile /var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
###
# BDB database definitions
###
databasebdb
suffix "dc=double-l,dc=local"
rootdn "cn=Manager,dc=double-l,dc=local"
rootpw = 12345
directory /usr/local/var/db/openldap-data
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainName eq
index default sub
my ldap.con and nss_ldap.conf file
base dc=double-l,dc=local
binddn cn=Manager,dc=double-l,dc=local
bindpw 12345
pam_password exop
bind_policy soft
bind_timelimit 10
host 127.0.0.1
idle_timelimit 3600
ldap_version 3
nss_base_group ou=Groups,dc=double-l,dc=local?one
nss_base_passwd ou=People,dc=double-l,dc=local?one
nss_base_shadow ou=People,dc=double-l,dc=local?one
nss_connect_policy persist
nss_paged_results yes
pagesize 1000
port 389
timelimit 30
my vi /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
my idmap.ldiff file
dn: dc=snowshow,dc=com
objectClass: dcObject
objectClass: organization
dc: snowshow
o: The Greatest Snow Show in Singapore.
description: Posix and Samba LDAP Identity Database
dn: cn=Manager,dc=snowshow,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=Idmap,dc=snowshow,dc=com
objectClass: organizationalUnit
ou: idmap
and finally my smb.conf file
[global]
workgroup = DOUBLE-L
netbios name = BEASTY
realm = DOUBLE-L.LOCAL
server string = Samba Server
security = ADS
log level = 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL
ldap idmap suffix = ou=Idmap
ldap suffix = dc=DOUBLE-L,dc=LOCAL
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 15-55
idmap gid = 15-55
template shell = /usr/local/bin/bash
winbind use default domain = Yes
[share1]
comment = Data Directory
path = /mnt
#write list = @mr70
read only = no
create mask = 0777
directory mask = 0777
and my /etc/krb5.conf file
[libdefaults]
default_realm = DOUBLE-l.LOCAL
clockskew = 300
[realms]
DOUBLE-l.LOCAL = {
kdc = w2003s01.double-l.local
}
[domain_realm]
.double-l.local = DOUBLE-l.LOCAL
This is a part of my slapd.log file after a restart of samba and a id
administrator command
Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from
IP=127.0.0.1:58176 (IP=127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND
dn="cn=Manager,dc=double-l,dc=local" method=128
Oct 21 16:47:35 beast
