On Sun, Oct 18, 2009 at 07:52, Bruno MACADRE <bruno.maca...@univ-rouen.fr> wrote: > I don't see any of the add ... script in your smb.conf (especially the add > machine script in your case). I don't know if it's the problem but i think > it would be usefull to tell smbd how to add machine if its name don't exist > in the LDAP...
The point is that when you have "ldapsam:editposix = yes" enabled, you should NOT need those... you're actually telling samba to handle LDAP modifications directly... in fact, when I run "net rpc join" from a samba server, it DID add the machine to LDAP by itself... > > Mariano Absatz a écrit : >> >> Can anyone help me on this? I'm really stuck... >> >> On Thu, Oct 15, 2009 at 16:58, Mariano Absatz <el.b...@gmail.com> wrote: >> >>> >>> Hi, >>> >>> I'm trying to make a "pure ldap" setup, whereas users, groups, id >>> mappings >>> and everything that is supported with LDAP be in the LDAP tree and >>> managed >>> directly by samba. >>> >>> That is, I'm using: >>> >>> ldapsam:trusted = yes >>> ldapsam:editposix = yes >>> >>> And NOT using smbldap-*. >>> >>> My smb.conf is here: http://wiki.clueless.com.ar/SambaLdap/smb.conf-PDC >>> >>> I created the LDAP tree root (o=midominio) and all its branches >>> (ou=people; >>> ou=groups; ou= hosts and ou=idmap). >>> >>> I ran "net sam provision" to fill in the basic values. >>> >>> I stored the secrets in secrets.tdb: >>> # smbpasswd -w ldap_admin_password >>> # net idmap secret midominio ldap_admin_password >>> # net idmap secret alloc ldap_admin_password >>> >>> I was able to join a samba server to the domain (net rpc join -S miserver >>> -UAdministrator). >>> >>> However, when I try to join an XP host to the domain, I get an error >>> (IIRC >>> it's "An attached device is not functionning") in the workstation and the >>> samba logs show the following: >>> >>> [2009/10/15 11:17:47, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119) >>> ldapsam_create_user: Unable to allocate a new user id: bailing out! >>> >>> The user I'm using to bind to the LDAP server is the LDAP administrator >>> and >>> it does have permissions on all the tree (in particular, within >>> "ou=idmap,o=midominio")... >>> >>> I manually added an entry for the workstation's account posix data, then >>> issued "smbpasswd -a workstation$" >>> >>> THEN I could join the domain... >>> >>> Clearly, I have something misconfigured regarding ldap/idmap/alloc, but I >>> can't find enough information to do it right. >>> >>> Any help REALLY appreciated... >>> >> >> >> >> > > -- Mariano Absatz - El Baby www.clueless.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba