Greating Zach,
Samba 3 with LDAP backend work perfectly without problem (For Windows and Linux
client). But be sure that your configuration are OK. With the log, I can
suppose that you can’t reach your LDAP directory entry and the Aries computer
don’t exist in the LDAP directory.
Here some input. First, make some modifications to your smb.conf.
[global]
# Change the next line, you can’t possess .com.
workgroup = mktec
netbios name = MKTEC
server string = %h server (Samba %v)
wins support = yes
# Did your Samba is a DNS proxy?? Remove it.
; dns proxy = yes
# Not usefull. The default value is ok.
; name resolve order = wins lmhosts host bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
security = user
encrypt passwords = true
# Change the next line like this, you don’t want to use Samba2.
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=admin,dc=mktec,dc=com
ldap suffix = dc=mktec,dc=com
# The following lines are not necessary. You will specify these entries in the
# /etc/openldap/ldap.conf.
; ldap group suffix= ou=Groups
; ldap user suffix = ou=Users
; ldap machine suffix = ou=Users
; ldap idmap suffix = ou=Users
# Don’t need to specify, it’s by default.
; ldap ssl = no
# Here you using idealix scripts I can’t help you. I think using phpLDAPAdmin
is better…but it’s only a opinion.
# #################################################################
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = ****New*password** %n\n ****Retype*new*password** %n\n
****all*authentication*tokens*updated**
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
enable privileges = yes
# ################################################################
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
# Add this line to be sure that your server was DMB and LMB.
os level = 65
# Very necessary to be specified?
; load printers = no
socket options = TCP_NODELAY
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
# Just use.
browseable = no
read only = yes
; guest ok = yes
; read only = yes
# The next line have incomplete syntax.
; write list
; writable = no
; share modes = no
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
read only = no
# Not realy necessairy if you don’t use roaming profile.
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
After that, be sure that you have done this command. Samba need it to access
LDAP. It’s the cn=admin,dc=mktec,dc=com password.
smbpasswd -w password
Also check that the ldap.conf in /etc/openldap/ldap.conf is OK. He must be like
that.
BASE dc= mktec,dc=com
URI ldap://127.0.0.1
rootbinddn cn=admin,dc=mktec,dc=com
scope one
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_password exop
#Base parameters.
nss_base_passwd dc=mktec,dc=com
nss_base_shadow dc=mktec,dc=com
# Advanced parameters.
nss_base_passwd ou=Users,dc=mktec,dc=com?sub
nss_base_shadow ou=Users,dc=mktec,dc=com?sub
nss_base_group ou=Groups,dc=mktec,dc=com?sub
# Why don’t use Computers in your DIT?
# nss_base_hosts ou=Computers,dc=mktec,dc=com
nss_base_hosts ou=Users,dc=mktec,dc=com
Did your Samba server can ping yourservername.mkteck.com? If not, ajust your resolv.conf (if you use BIND) or/and add the map in the hosts file.
And at last, be sure the mktec.com, the computer Aries$ and cn=admin,dc=mktec,dc=com exist in LDAP directory.
Hope that can help!
Robert
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have seen this problem posted several times and the common answer doesn't
seem to be doing it for me.
Here's the error:
Trying to load: ldapsam_compat:ldap://127.0.0.1/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/
(ldapsam_compat)
Found pdb backend ldapsam_compat
pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_ext: base => [dc=mktec,dc=com], filter =>
[(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://127.0.0.1/
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as
"cn=admin,dc=mktec,dc=com"
ldap_connect_system: succesful connection to the LDAP server
Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the
UNIX password database ?
Failed to modify password entry for user Aries$
ldap_connect_system: LDAP server does support paged results
The LDAP server is succesfully connected
ldapsam_getsampwnam: Unable to locate user [Aries$] count=0
Finding user Aries$
Trying _Get_Pwnam(), username as lowercase is aries$
Trying _Get_Pwnam(), username as given is Aries$
Trying _Get_Pwnam(), username as uppercase is ARIES$
Checking combinations of 0 uppercase letters in aries$
Get_Pwnam_internals didn't find user [Aries$]!
Here is the configuration:
- -----------START CONFIGURATION-------------------
[global]
workgroup = mktec.com
netbios name = MKTEC
server string = %h server (Samba %v)
wins support = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam_compat:ldap://127.0.0.1/
obey pam restrictions = no
invalid users = root
ldap admin dn = cn=admin,dc=mktec,dc=com
ldap suffix = dc=mktec,dc=com
ldap group suffix= ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Users
ldap idmap suffix = ou=Users
ldap ssl = no
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
enable privileges = yes
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
load printers = no
socket options = TCP_NODELAY
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
read only = yes
write list
writable = no
share modes = no
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
read only = no
guest ok = no
browseable = no
create mask = 0600
directory mask = 0700
- -----------END CONFIGURATION-------------------
I mapped the ldap machine suffix to ou=Users rather then ou=Computers because
of previous message on the mailing list which
suggested there was a bug in Samba3. It doesn't seem to work either way, as it
results in the exact same error message. My LDAP
directory layed out with the basic Users, Computers, Groups organizational
units in existance.
I am running on a Ubuntu Dapper server:
samba 3.0.22-1
openldap (slapd) 2.2.26-5
Any input or help is greatly appreciated. Thanks,
Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEs+FgMyx0fW1d8G0RAmfwAJ0YSw/9CW+hJ0fvwbO/GozZsRN5ZQCfVCM/
MkuJjeCo+bjRZFXZM7TSUY0=
=Eyju
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
