RE: [Samba] samba idmap ldap backend
Well that did it, thank you very very much. Did I read the documentation wrong or is it the documentation that need to be adjusted. I read this http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm and then the section IDMAP Storage in LDAP using Winbind regards, Johan Hendriks No virus found in this outgoing message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.2/1741 - Release Date: 23-10-2008 7:54 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba idmap ldap backend
In nsswitch.conf, replace "ldap" by "winbind" 2008/10/21 Johan Hendriks <[EMAIL PROTECTED]>: > Hello all > > > > First of all Sorry for the long e-mail > > > > I am trying to get samba working as a domain member and store the idmap in a > ldap database. > > > > The join is successful and all commands are working like it should wbinfo –u, > wbinfo –g kinit enz > > But the id administrator command gives me the following > > > > # id administrator > > id: administrator: no such user > > > > If I do not use the ldap backend it works well. > > > > This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43 > > I did do all the things mentioned in chapter 7 of the by example doc. > > Also the smbpasswd –w 12345 > > > > I am working on this for over 3 days now but my ldap understanding is not > that much I guess. > > What am I forgetting or doing wrong. > > > > Best regards, > > Johan Hendriks > > > > > > My slapd.conf file > > > > # > > # See slapd.conf(5) for details on configuration options. > > # This file should NOT be world readable. > > # > > include /usr/local/etc/openldap/schema/core.schema > > include /usr/local/etc/openldap/schema/cosine.schema > > include /usr/local/etc/openldap/schema/inetorgperson.schema > > include /usr/local/etc/openldap/schema/misc.schema > > include /usr/local/etc/openldap/schema/nis.schema > > include /usr/local/etc/openldap/schema/openldap.schema > > include /usr/local/etc/openldap/schema/samba.schema > > > > loglevel 256 > > > > pidfile /var/run/openldap/slapd.pid > > argsfile/var/run/openldap/slapd.args > > > > # Load dynamic backend modules: > > modulepath /usr/local/libexec/openldap > > moduleload back_bdb > > > > ### > > # BDB database definitions > > ### > > > > databasebdb > > suffix "dc=double-l,dc=local" > > rootdn "cn=Manager,dc=double-l,dc=local" > > rootpw = 12345 > > > > > > > > directory /usr/local/var/db/openldap-data > > > > # Indices to maintain > > index objectClass eq > > index cn pres,sub,eq > > index sn pres,sub,eq > > index uid pres,sub,eq > > index displayName pres,sub,eq > > index uidNumber eq > > index gidNumber eq > > index memberUID eq > > index sambaSIDeq > > index sambaPrimaryGroupSIDeq > > index sambaDomainName eq > > index default sub > > > > my ldap.con and nss_ldap.conf file > > > > > > base dc=double-l,dc=local > > binddn cn=Manager,dc=double-l,dc=local > > bindpw 12345 > > > > > > pam_password exop > > > > bind_policy soft > > bind_timelimit 10 > > > > host 127.0.0.1 > > idle_timelimit 3600 > > ldap_version 3 > > > > nss_base_group ou=Groups,dc=double-l,dc=local?one > > nss_base_passwd ou=People,dc=double-l,dc=local?one > > nss_base_shadow ou=People,dc=double-l,dc=local?one > > > > nss_connect_policy persist > > nss_paged_results yes > > > > pagesize 1000 > > port 389 > > timelimit 30 > > > > my vi /etc/nsswitch.conf > > group: files ldap > > group_compat: nis > > hosts: files dns > > networks: files > > passwd: files ldap > > passwd_compat: nis > > shells: files > > services: compat > > services_compat: nis > > protocols: files > > rpc: files > > > > my idmap.ldiff file > > > > dn: dc=snowshow,dc=com > objectClass: dcObject > objectClass: organization > dc: snowshow > o: The Greatest Snow Show in Singapore. > description: Posix and Samba LDAP Identity Database > > dn: cn=Manager,dc=snowshow,dc=com > objectClass: organizationalRole > cn: Manager > description: Directory Manager > > dn: ou=Idmap,dc=snowshow,dc=com > objectClass: organizationalUnit > ou: idmap > > > > > > and finally my smb.conf file > > > > [global] > > workgroup = DOUBLE-L > > netbios name = BEASTY > > realm = DOUBLE-L.LOCAL > > server string = Samba Server > > security = ADS > > log level = 1 ads:10 auth:10 sam:10 rpc:10 > > ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL > > ldap idmap suffix = ou=Idmap > > ldap suffix = dc=DOUBLE-L,dc=LOCAL > > idmap backend = ldap:ldap://127.0.0.1 > > idmap uid = 15-55 > > idmap gid = 15-55 > > template shell = /usr/local/bin/bash > > winbind use default domain = Yes > > > > [share1] > >comment = Data Directory > >path = /mnt > >#write list = @mr70 > >read only = no > >create mask = 0777 > >directory mask = 0777 > > > > and my /etc/krb5.conf file > > > > [libdefaults] > >default_realm = DOUBLE-l.LOCAL > >clockskew = 300 > > > > [realms] > >DOUBLE-l.LOCAL = { > >kdc = w2003s01.double-l.local > >} > > > > [domain_realm] > >.double-l.local = DOUBLE-l.LOCAL > > > > > > This is a part of my slapd.log file after a
[Samba] samba idmap ldap backend
Hello all First of all Sorry for the long e-mail I am trying to get samba working as a domain member and store the idmap in a ldap database. The join is successful and all commands are working like it should wbinfo –u, wbinfo –g kinit enz But the id administrator command gives me the following # id administrator id: administrator: no such user If I do not use the ldap backend it works well. This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43 I did do all the things mentioned in chapter 7 of the by example doc. Also the smbpasswd –w 12345 I am working on this for over 3 days now but my ldap understanding is not that much I guess. What am I forgetting or doing wrong. Best regards, Johan Hendriks My slapd.conf file # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/samba.schema loglevel 256 pidfile /var/run/openldap/slapd.pid argsfile/var/run/openldap/slapd.args # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb ### # BDB database definitions ### databasebdb suffix "dc=double-l,dc=local" rootdn "cn=Manager,dc=double-l,dc=local" rootpw = 12345 directory /usr/local/var/db/openldap-data # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSIDeq index sambaPrimaryGroupSIDeq index sambaDomainName eq index default sub my ldap.con and nss_ldap.conf file base dc=double-l,dc=local binddn cn=Manager,dc=double-l,dc=local bindpw 12345 pam_password exop bind_policy soft bind_timelimit 10 host 127.0.0.1 idle_timelimit 3600 ldap_version 3 nss_base_group ou=Groups,dc=double-l,dc=local?one nss_base_passwd ou=People,dc=double-l,dc=local?one nss_base_shadow ou=People,dc=double-l,dc=local?one nss_connect_policy persist nss_paged_results yes pagesize 1000 port 389 timelimit 30 my vi /etc/nsswitch.conf group: files ldap group_compat: nis hosts: files dns networks: files passwd: files ldap passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files my idmap.ldiff file dn: dc=snowshow,dc=com objectClass: dcObject objectClass: organization dc: snowshow o: The Greatest Snow Show in Singapore. description: Posix and Samba LDAP Identity Database dn: cn=Manager,dc=snowshow,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=Idmap,dc=snowshow,dc=com objectClass: organizationalUnit ou: idmap and finally my smb.conf file [global] workgroup = DOUBLE-L netbios name = BEASTY realm = DOUBLE-L.LOCAL server string = Samba Server security = ADS log level = 1 ads:10 auth:10 sam:10 rpc:10 ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL ldap idmap suffix = ou=Idmap ldap suffix = dc=DOUBLE-L,dc=LOCAL idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15-55 idmap gid = 15-55 template shell = /usr/local/bin/bash winbind use default domain = Yes [share1] comment = Data Directory path = /mnt #write list = @mr70 read only = no create mask = 0777 directory mask = 0777 and my /etc/krb5.conf file [libdefaults] default_realm = DOUBLE-l.LOCAL clockskew = 300 [realms] DOUBLE-l.LOCAL = { kdc = w2003s01.double-l.local } [domain_realm] .double-l.local = DOUBLE-l.LOCAL This is a part of my slapd.log file after a restart of samba and a id administrator command Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost) Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost) Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost) Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from IP=127.0.0.1:58176 (IP=127.0.0.1:389) Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" method=128 Oct 21 16:47:35 beast