I hate to be a pain, but I am under the gun.. Could you show an example "ldif" on that? I am completely ldap dumb. I'd greatly appreciate it.
Thanks, JMS -----Original Message----- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 11:03 AM To: Josh Skains Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] And the LDIF thing >Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: single sambaUnixIdPool >object not found >Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] >sam/idmap_ldap.c:ldap_allocate_id(413) >Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] >sam/idmap_ldap.c:ldap_get_id_from_sid(621) >Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: cannot acquire id lock! > >and the getent returns nothing from winbind. > > You need to add a sambaUnixIdPool object inside of your IdMap ou. This will give samba it's starting UID number and some other things. Just make sure you have all of the required attributes filled out in that object and then samba(winbind) will start adding subobjects of it automatically when new users connect the first time. >When I remove the "ldap" entries from smb.conf, the getnet command works fine. (so >winbind is working) > >As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the >like. > >Thanks, >JMS > >P.S. > >My SLDAP.CONF: > ># Define global ACLs to disable default read access. > ># Do not enable referrals until AFTER you have a working directory ># service AND an understanding of referrals. >#referral ldap://root.openldap.org > >#pidfile //var/run/slapd.pid >#argsfile //var/run/slapd.args > ># Create a replication log in /var/lib/ldap for use by slurpd. >#replogfile /var/lib/ldap/master-slapd.replog > ># Load dynamic backend modules: ># modulepath /usr/sbin/openldap ># moduleload back_ldap.la ># moduleload back_ldbm.la ># moduleload back_passwd.la ># moduleload back_shell.la > ># ># The next two lines allow use of TLS for connections using a dummy test ># certificate, but you should generate a proper certificate by changing to ># /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on ># slapd.pem so that the ldap user or group can read it. ># TLSCertificateFile /usr/share/ssl/certs/slapd.pem ># TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem ># ># Sample Access Control ># Allow read access of root DSE ># Allow self write access ># Allow authenticated users read access ># Allow anonymous users to authenticate ># >#access to dn="" by * read >#access to * ># by self write ># by users read ># by anonymous auth ># ># if no access controls are present, the default is: ># Allow read by all ># ># rootdn can always write! > >####################################################################### ># ldbm database definitions >####################################################################### > >database ldbm >suffix "dc=softeng,dc=com" >rootdn "cn=Manager,dc=softeng,dc=com" >rootpw {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69 >directory /var/lib/ldap > ># Indices to maintain >index objectClass,uid,uidNumber,gidNumber,memberUid eq >index cn,mail,surname,givenname eq,subinitial ># Replicas to which we should propagate changes >#replica host=ldap-1.example.com:389 tls=yes ># bindmethod=sasl saslmech=GSSAPI ># authcId=host/[EMAIL PROTECTED] > > -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba