Ok, after three more days of pulling my hair out, I'm still stuck. I've got what I think is the problem, but I'm sure how to fix it.
I'm building a Samba PDC using the IDEALX.org HOWTO. I'm using samba 2.2.7 and openldap 2.0.27 that I compiled from the Red Hat Network. This is being built on Red Hat Enterprise Linux ES 2.1. Ok, So I get to the part of the HOWTO that instructs me to add the administrator account. So I use 'smbldap-useradd.pl -a -m -g 200 administrator', but I get an error stating '/usr/local/sbin/smbldap-useradd.pl: unknown group 200'. This is odd because I can do a 'smbldap-groupshow.pl "domain admins"' and *see* the 'Domain Admins' group. And that group has a gidNumber of 200! How can I see the group, have it set with the proper information and yet get an error that says it's not there? Below are some files that I think are pertinent. The /etc/openldap/ldap.conf, /etc/openldap/slapd.conf /etc/samba/smb.conf, the base.ldif that is from the IDEALX.org HOWTO. I'm hoping that someone with much more experience than me will be able to help me. Thanks in advance.... ***************begin ldap.conf************************ # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST 127.0.0.1 BASE dc=nesbitt,dc=local ***************end ldap.conf************************ ***************begin sldap.conf********************* # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema include /etc/openldap/schema/samba.schema ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=nesbitt,dc=local" rootdn "cn=manager,dc=nesbitt,dc=local" rootpw <a secret> # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial ***************end sldap.conf*********************** ***************begin smb.conf*********************** # **************************************************************************** * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # **************************************************************************** * # This is the main Samba configuration file for Stargazer - NEI's Promary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as "BDCs". # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # ---------------------------------------------------------------------------- - # "Fear the Penguin!" # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # **************************************************************************** * # Changelog: # Date - Version - Change # * Info about change # ---------------------------------------------------------------------------- - # 06/04/03 - 1.0 - Original Creation # **************************************************************************** * #============================= Global Settings ================================ [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n *All*authentication*tokens*updated*successfully* # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = yes os level = 80 domain master = yes preferred master = no domain logons = yes # Activate these Network Services wins support = yes time server = yes # User Information logon path = \\%L\profiles\%u\%m logon script = timeset.bat logon drive = H: logon home = \\%L\%u # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=manager,dc=nesbitt,dc=local ldap port = 389 ldap server = 127.0.0.1 ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd.pl -w %u domain admin group = " @"Domain Admins" " #============================= Share Definitions =============================== [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no [profiles] comment = Roaming User Profiles path = /usr/local/samba/profiles browsable = no guest ok = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 ***************end smb.conf************************* **************begin base.ldif*********************** dn: dc=nesbitt,dc=local objectClass: domain dc: nesbitt dn: ou=Groups,dc=nesbitt,dc=local objectClass: top objectClass: OrganizationalUnit ou: Groups description: System Groups dn: ou=Users,dc=nesbitt,dc=local objectClass: top objectClass: OrganizationalUnit ou: Users description: Users of the Organization dn: ou=Computers,dc=nesbitt,dc=local objectClass: top objectClass: OrganizationalUnit ou: Computers description: Windows Domain Computers dn: cn=Domain Admins,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 200 cn: Domain Admins memberUid: administrator description: Windows Domain Users dn: cn=Domain Users,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 201 cn: Domain Users description: Windows Domain Users dn: cn=Domain Guests,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 202 cn: Domain Guests description: Windows Domain Guests Users dn: cn=Administrators,ou=Groups,dc=nesbitt,dc=local description: Members can fully administer the computer/domain objectClass: posixGroup gidNumber: 220 cn: Administrators description: Windows Domain Members can fully administer the computer/domain dn: cn=Users,ou=Groups,dc=nesbitt,dc=local description: Ordinary users objectClass: posixGroup gidNumber: 221 cn: Users description: Windows Domain Ordinary users dn: cn=Guests,ou=Groups,dc=nesbitt,dc=local description: Users granted guest access to the computer/domain objectClass: posixGroup gidNumber: 222 cn: Guests memberUid: nobody description: Windows Domain Users granted guest access to the computer/domain dn: cn=Power Users,ou=Groups,dc=nesbitt,dc=local description: Members can share directories and printers objectClass: posixGroup gidNumber: 223 cn: Power Users description: Windows Domain Members can share directories and printers dn: cn=Account Operators,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 224 cn: Account Operators description: Windows Domain Users to manipulate users accounts dn: cn=Server Operators,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 225 cn: Server Operators description: Windows Domain Server Operators dn: cn=Print Operators,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 226 cn: Print Operators description: Windows Domain Print Operators dn: cn=Backup Operators,ou=Groups,dc=nesbitt,dc=local objectClass: posixGroup gidNumber: 227 cn: Backup Operators description: Windows Domain Members can bypass file security to back up files dn: cn=Replicator,ou=Groups,dc=nesbitt,dc=local description: Supports file replication in a domain objectClass: posixGroup gidNumber: 228 cn: Replicator description: Windows Domain Supports file replication in a domain **************end base.ldif************************* -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba