Hottest Free Downloads - DownloadPipe.com Over 197,000 downloads! Bookmark Now!
DownloadPipe.com - New Downloads Every Minute
 SEARCH:
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

[Samba] Samba PDC, LDAP, IDMAP backend not working

  
   Linux (Home) -> Samba RSS
Next:  [Samba] with antivirus  
Author Message
Regis Niggemann

External


Since: Dec 26, 2008
Posts: 2



(Msg. 1) Posted: Fri Dec 26, 2008 9:50 pm
Post subject: [Samba] Samba PDC, LDAP, IDMAP backend not working
Archived from groups: linux>samba (more info?)
Please help. I've been searching for days, trying nearly everything I can find that seems relevant, but I can't get this working.

I am able to create users, login to Windows systems joined to the SAMBA domain as those users, but filesystem ACLs on Windows Domain Member Servers do not work which I suspect is due to my IDMAP OU is empty.

wbinfo -u returns "Error looking up domain users"

wbinfo -g returns:
BUILTIN/administrators
BUILTIN/users

wbinfo -t returns "checking the trust secret via RPC calls succeeded"

getent passwd
-and-
getent group

list all my local and domain users and groups respectively.

When running wbinfo -u my log.winbindd shows:
[2008/12/26 12:24:52, 10] nsswitch/winbindd.c:process_request(314)
process_request: request fn SID_TO_GID
[2008/12/26 12:24:52, 3] nsswitch/winbindd_sid.c:winbindd_sid_to_gid(308)
[23999]: sid to gid S-1-5-32-546
[2008/12/26 12:24:52, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(673)
find_lookup_domain_from_sid(S-1-5-32-546)
[2008/12/26 12:24:52, 10] nsswitch/winbindd_util.c:find_lookup_domain_from_sid(676)
calling find_domain_from_sid
[2008/12/26 12:24:52, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300)
Retrieving response for pid 23794
[2008/12/26 12:24:52, 5] nsswitch/winbindd_async.c:lookupsid_recv(706)
lookupsid returned an error
[2008/12/26 12:24:52, 5] nsswitch/winbindd_sid.c:sid2gid_lookupsid_recv(274)
sid2gid_lookupsid_recv: Could not convert get sid type for S-1-5-32-546
[2008/12/26 12:24:52, 10] nsswitch/winbindd.c:process_request(314)
process_request: request fn PING
[2008/12/26 12:24:52, 3] nsswitch/winbindd_misc.c:winbindd_ping(470)
[23999]: ping

smbldap-tools seem to function correctly
net commands seem to function correctly.

Any idea where the problem might be?

Thank you!


Ubuntu 8.04 LTS
Samba 3.0.28a
OpenLDAP 2.4.9

smb.conf:
[global]
unix charset = LOCALE
workgroup = VOICECURVE
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
passdb backend = ldapsam
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
log level = 3 passdb:5 auth:10 winbind:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p -a "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path =
domain logons = Yes
os level = 35
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=voicecurve,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=voicecurve,dc=com
ldap user suffix = ou=Users
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap domains = VOICECURVE
idmap alloc backend = ldap
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
idmap alloc config:range = 10000 - 10000000
idmap alloc config:ldap_url = ldap://localhost/
idmap alloc config:ldap_user_dn = cn=admin,dc=voicecurve,dc=com
idmap alloc config:ldap_base_dn = ou=idmap,dc=voicecurve,dc=com
idmap config VOICECURVE:range = 10000 - 10000000
idmap config VOICECURVE:ldap_url = ldap://localhost/
idmap config VOICECURVE:ldap_user_dn = cn=admin,dc=voicecurve,dc=com
idmap config VOICECURVE:ldap_base_dn = ou=idmap,dc=voicecurve,dc=com
idmap config VOICECURVE:backend = ldap
idmap config VOICECURVE:default = yes
ldapsam:editposix = yes
ldapsam:trusted = yes

nsswitch.conf:
passwd: compat ldap
group: compat ldap
shadow: compat ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Back to top
Login to vote
Display posts from previous:   
Related Topics:
[Samba] Samba as a AD domain member server with idmap back.. - Hi Folks, Hopefully an easy question. I've scoured FAQs, books and documentation and managed to get the above configuration working, but only by straying from the documentation in Chapter 14, example 14.4 of the Samba HOWTO: ..

[Samba] idmap backend - Simple question, I think. passdb backend supports multiple entries for automatic failover of ldap services when using ldapsam. Does the code base for idmap backend support the same failover facility? Cheers, Bill -- To unsubscribe from this list g...

[Samba] idmap backend questions - Hello I have some questions regarding the idmap backend. Does this only work when you've have joined your samba server to the AD domain (security = ADS)? I would like to map SID to uids/gids on a samba server that has a trust with an AD server. In m...

[Samba] documentation for idmap backend = ad ? - I have been searching all day for documentation on the new idmap backend = ad feature. Where is it documented? I want shell and home dir templates from SFU as well as uid/gid. I have seen some examples in mailing lists for shell and home dir templates...

[Samba] winbind users not getting groups. idmap backend pr.. - yo. i have a vmware VI3 machine (which is effectively FC3 for our intents and purposes) i'm trying to get to authenticate with our active directory domain. it's -mostly- working- i can log in as my domain user successfully, getent passwd and group work...
       Linux (Home) -> Samba All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Categories:
 Windows Forums
 Game Forums
  Linux Forums
 Mac Forums
 PDA Forums
 Mobile Forums
  Top  |  Store  |  RSS Feeds RSS  |  Data Feeds  |  Advertise  |  Submit  |  Bookmark  |  Newsletter  |  Contact