The smb.conf looks correct On the BDC, does "pdbedit -L" show you all your domain users? On the BDC, does "getent passwd" show you all your users?
I use ldap for both samba and unix backends, so "pbedit -Lv" and "getent passwd" show me the same output for my domain users and local unix users. I don't need to use winbind/idmap to keep unix uid's and gid's consistent.
On the BDC, did you ever join the domain? ("net join....") On 06/15/2011 01:09 PM, Dermot wrote:
Hi, I could use some confirmation on my approach to configuring my BDC. I want the user to be able to access shares on the BDC and have their domain credentials stamped on any files they create. I do not want to add domain users to the /etc/passwd file. At the moment users can authenticate onto the domain but once they try and access a share on the BDC, these XP users get a dialogue box asking for a login. The log for the machine reads: [2011/06/15 17:07:11.827697, 1] auth/auth_util.c:580(make_server_info_sam) User djohn in passdb, but getpwnam() fails! [2011/06/15 17:07:11.827841, 0] auth/auth_sam.c:493(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2011/06/15 17:07:11.834014, 1] auth/auth_util.c:580(make_server_info_sam) User djohn in passdb, but getpwnam() fails! [2011/06/15 17:07:11.834088, 0] auth/auth_sam.c:493(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' At the same time on the ldap master (PDC) I see a search request arrive for the same user and a successful response: Jun 15 17:04:03 rigel slapd[648]: conn=2838 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 15 17:04:03 rigel slapd[648]: conn=2838 op=4 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uid=djohn)(objectClass=sambaSamAccount))" Jun 15 17:04:03 rigel slapd[648]: conn=2838 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos Jun 15 17:04:03 rigel slapd[648]: conn=2838 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 15 17:04:03 rigel slapd[648]: conn=2838 fd=18 closed (connection lost) The odd thing is this BDC is also in a replication system with the PDC so if shouldn't need to forward the query. I thought that if I had added ldap to the nsswitch.conf for the passwd and group items, then ldap would be used when the domain users failed to be retrieved from the passwd file. The bigger confusion is around the configuration. Should I be able to use an ldap backend and get the domain user's credentials when the access a share? I have tried to follow the instructions from http://wiki.samba.org/index.php/Samba_%26_LDAP#Let_Samba_use_LDAP The PAM section doesn't match my distro and I ain't see any mention of ldap in /etc/security/* Can anyone help iron out some of the creases in my set-up? Thanks, Dermot. ==== BDC conf ===== [global] unix charset = LOCALE workgroup = MINE server string = SMB Server netbios name = antares security = user # tried this as domain but it still fails # hosts allow = load printers = no ; printcap name = /etc/printcap ; printcap name = lpstat ; printing = cups cups options = raw ; guest account = pcguest log file = /var/log/samba/%m.log log level = 1 syslog = 0 max log size = 50 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = no domain master = no # passdb backend = ldapsam:ldap://127.0.0.1 passdb backend = ldapsam:"ldap://127.0.0.1:389 ldap://rigel.example.com:389" ldap passwd sync = yes ldapsam:trusted = yes ldapsam:editposix = yes domain logons = yes os level = 63 logon script = login.bat logon path = wins server = rigel.example.com ldap ssl = off client ldap sasl wrapping = plain ldap suffix = dc=example,dc=com ldap machine suffix = ou=Computers, ou=Users ldap user suffix = ou=Users ldap group suffix = ou=Group ldap idmap suffix = ou=idmap ldap admin dn = cn=admin,dc=example,dc=com utmp = Yes idmap backend = ldap://rigel.example.com idmap uid = 15000-20000 idmap gid = 15000-20000
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba