Re: Samba 3.2 Ldap problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Quinn Fissler <qfissler@xxxxxxxxx>, samba@xxxxxxxxxxxxxxx
Subject: Re: Samba 3.2 Ldap problem
From: Ernesto Silva <silva@xxxxxxxxxx>
Date: Thu, 03 Jul 2008 20:47:47 -0300
In-reply-to: <f084d6f60807020045x54f5e95fg7da841a7a45d6ea@xxxxxxxxxxxxxx>
References: <486AC8F8.10700@xxxxxxxxxx> <f084d6f60807020045x54f5e95fg7da841a7a45d6ea@xxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.14 (X11/20080421)

Ok, that's a posibility, I know very little about the protocol internals. On the contrary I used to have an old samba server (appart from server A) authenticating against the Ldap simultaneously with Server A.

That old server is what I'm really trying to duplicate with a new installation on new hardware.

Thanks, regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Centro de Procesamiento de Datos
Universidad ORT Uruguay.
E-mail: silva@xxxxxxxxxx

Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102Fax: (+5982) 900-2952



Quinn Fissler wrote:

I think that you overlooked the SID

In standalone mode you're not worrying about a domain - the data in LDAPis for your old server.

The new samba installation has a new SID and it's doing its search inLDAP for that, finding no users.

I've only used samba and ldap in a domain so don't know much about youroptions in standalone mode.




2008/7/2 Ernesto Silva <silva@xxxxxxxxxx <mailto:silva@xxxxxxxxxx>>:

    Hi,
           I've running a samba 3.0.22-13.30 server in standalone mode
    (security=user) for quite a while. It's authenticated against an
    openLdap and works great, say Server A.

    A few days ago I've installed OpenSuSE 11 Beta 2 in another server,
    it came with samba 3.2.0-18, so as I'm very lazy I copied the
    smb.conf file from the working server to the new one  with little
    modifications like the netbios name and which shares it serves, say
    Server B. I'm connecting to the same Ldap server.

    The problem is that I can't reach any share, from the Server B logs...

           [2008/07/01 04:54:01,  1]
    passdb/pdb_ldap.c:init_sam_from_ldap(567)
             init_sam_from_ldap: No uid attribute found for this user!
           [2008/07/01 04:54:01,  1]
    passdb/pdb_ldap.c:ldapsam_getsampwnam(1531)
             ldapsam_getsampwnam: init_sam_from_ldap failed for user
    'xxxxx'!

    I've been "googleing" for the last 8 hours and I can't fix the
    problem, with a more verbose debug level I can see that the Ldap
    connection works fine. I've also checked the Ldap logs and
    everything is fine.

    May be it's a problem with idmap-ing.

    Here is my smb.conf file from the Server B, I've placed comments on
    lines which differ from the Server A and commented out lines I
    believe are not relevant to Server B.

    -----------------------------------------------------------------
    [global]

      passdb expand explicit = no
      utmp = Yes
      workgroup = CPD
      netbios name = OPEN                # I've changed the
      server string = File Server
      passdb backend = ldapsam:ldap://ldapon.my.company
      time server = Yes
      printing = cups
      printcap name = cups
      printcap cache time = 750
      cups options = raw
      username map = /etc/samba/smbusers
      map to guest = Bad User
      wins support = no                  # it's 'Yes' in the old server
      local master = no                  # it's 'Yes' in the old server
      domain master = no                 # it's 'Yes' in the old server
      domain logons = no                 # it's 'Yes' in the old server
      security = user
      preferred master = no
      os level = 64
      encrypt passwords = yes
    #    logon script = test.bat
    #    logon path = \\%L\profiles\%U
    #    logon home = \\%L\%U
    #    logon drive = z:
    #    add user script = ldapsmb -a -u "%u"
    #    delete user script = ldapsmb -d -u "%u"
    #    add machine script = ldapsmb -a -s -wks "%u" -v --logfile
    /var/log/samba/ldapsmb.log
    #    add group script = ldapsmb -a -g "%g"
    #    delete group script = ldapsmb -d -g "%g"
    #    add user to group script = ldapsmb -j -u "%u" -g "%g"
    #    delete user from group script = ldapsmb -j -u "%u" -g "%g"
    #    set primary group script = ldapsmb -m -u "%u" -gid "%g"
      ldap admin dn   = cn=Manager,dc=my,dc=company
      ldap suffix     = dc=my,dc=company
      ldap machine suffix     = ou=Computers
      ldap group suffix   = ou=Groups
      ldap idmap suffix   = ou=Idmap
      ldap user suffix    = ou=People
      ldap passwd sync    = Yes
      log file = /var/log/samba/%m.log
      log level = 1
      load printers = no


    [www2]
      comment = webpages
      path = /path/to/webpages
      public = no
      writeable = yes
      browseable = yes
      valid users = +groupA +groupB
      force user = www2
      create mask = 0775
      dont descend = /bin,/boot,/dev,/etc,/lib,.....

    -----------------------------------------------------------------


    Please, any ideas?

    Best regards,

--Ing. Ernesto Silva.

    Coordinador de Desarrollo Web y Sistemas Abiertos
    Centro de Procesamiento de Datos
    Universidad ORT Uruguay.
    E-mail: silva@xxxxxxxxxx <mailto:silva@xxxxxxxxxx>
    Tel: (+5982) 903-1995, (+5982) 902-9687  ext. 102 Fax: (+5982) 900-2952

--To unsubscribe from this list go to the following URL and read the

    instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

References:
- Samba 3.2 Ldap problem
  - From: Ernesto Silva
- Re: Samba 3.2 Ldap problem
  - From: Quinn Fissler

Prev by Date: Re: Samba 3.2 Ldap problem
Next by Date: Re: Linux update knobbles Samba
Previous by thread: Re: Samba 3.2 Ldap problem
Next by thread: Re: Samba 3.2 Ldap problem
Index(es):
- Date
- Thread

[Linux] [Info Cyrus] [LARTC] [Christmas Music] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]