[EMAIL PROTECTED] wrote:
The Samba 3.0.5rc1 server is configured as a PDC.
<snip>
#WINBIND CONFIG!!!!Firstoff, is there someplace that people get confused about the use of winbind/idmap? It is strictly for use ONLY with a windows AD server as your primary directory... well I guess maybe it would be used if you wanted to do some kind of wierd authentication against a different samba server, but why?!?!
winbind separator = +
winbind use default domain = Yes
winbind uid =10000-20000
winbind gid =10000-20000
#If i comment it then
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
# winbindd: idmap uid range missing or invalid
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
# winbindd: cannot continue, exiting.
# Could not init idmap -- netlogon proxy only
# strange thing.... on 3.0.4 i don't need to write it
winbind enum users = yes
winbind enum groups = yes
Anyways, start by removing all your idmap entries and that will clear up some log entries.
password server= localhostThis one too. This is for authenticating against some other server, like if you were simply a member of a domain using domain security.
<snip>
#LDAP STARTS HERE
passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=Manager,dc=liin,dc=org"
ldap server = localhost
ldap port = 389
ldap suffix = dc=liin,dc=org
ldap machine suffix = ou=people
ldap user suffix = ou=people
ldap group suffix = ou=groups
# ldap filter = "(&(uid%=%U)(ObjectClass=sambaSamAccount))"
#LDAP continue
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap//localhost
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
The 4 lines above should go too. <snip the rest of smb.conf>
When i try to logon WinXP(pro) says:Looks like you're failing to connect to your local server. You've got some confusion because of the multiple specifications here. Notice that this failure is complaining about being able to connect to ldap//localhost (see the missing colon?) You need to roto-till your smb.conf then try again. Get the idmap stuff out and see if your errors are more specific.
"Windows cannot find the server profile and is logging you on with a temporart profile."
or somenthing like that. I have russian copy of winxp.
Next hi says:
"Windows cannot find the local profile and is logging you on with a temporart profile."
(it because i removed c:\Documents and Settings\Default User)
Problem n2: Problem With Winbind(or not?)
[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131)
idmap_init: using 'ldap' as remote backend
[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931)
smbldap_search: base => [ou=Idmap,dc=liin,dc=org], filter => [(objectclass=sambaUnixIdPool)], scope => [2]
[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543)
smbldap_open_connection: ldap//localhost
[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546)
ldap_initialize: Time limit exceeded
[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908)
Connection to LDAP Server failed for the 1 try!
Assuming you do all that and still have issues: Have you verified that your ldap setup is correct? That is: does your system authenticate fine against ldap or are you just trying to store samba in ldap? If you're just setting up one linux server then ldap is overkill for both system auth and samba, in that case stick to tdb.
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646) fcntl_lock 7 13 0 1 1 [2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681) fcntl_lock: Lock call successful
I use idealx smbldap-populate to fill ldap directory
-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
