[Samba] Re: Getting error Samba SID does not belong to our domain
Hi all To the above problem i would like to add. The domain is msdpl.com and the server netbios name is medhapdc when i type #net getlocalsid/ i get SID for domain MEDHAPDC is: S-1-5-21-3963901886-956592875-555457773 the above sid is the sid which is stored in /etc/smbldap-tools/smbldap.conf file where as if i type #net getlocalsid msdpl.com SID for domain msdpl.com is: S-1-5-21-826493912-338369434-3047185250 why are both different. i am unable to understand. we did not do any thing, but suddenly this happened. all my desktop's are losing the trust relation ship. please help me Regards ashok On 2/16/07, ashok cvs <[EMAIL PROTECTED]> wrote: Hi all we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's Suddenly on PDC we are getting these error messages in /var/log/messages I am unable to register any system to the domain. niether able to logon to the domain. ## Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0] lib/util_sock.c:send_smb(765) Feb 15 11:14:32 msdpl smbd[18212]: Error writing 5 bytes to client. -1. (Connection reset by peer) Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain # when typing net rpc info it gives the following error rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/02/15 21:12:52, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed out: server did not respond after 1 milliseconds this is net rpc error but when we type #net getlocalsid it gives the SID S-1-5-21-3963901886-956592875-555457773 Actually my server's SID is the same as above. what does the above error means . The below is my smb.conf ### [global] workgroup = msdpl.com netbios name = medhapdc passdb backend = ldapsam:ldap://msdpl.com server string = Domain Controller hosts allow = 192.168.128. 192.168.129. 192.168.130. 127. security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0,lo printing = cups disable spoolss = Yes printcap name = cups max print jobs = 100 enable privileges = yes log level = 2 password level = 8 username level = 8 bind interfaces only = yes local master = Yes os level = 65 domain master = yes preferred master = yes remote browse sync = 192.168.130.3 null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes logon script = %u.bat logon path = logon drive = X: logon home = wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/s
[Samba] Getting error Samba SID does not belong to our domain
Hi all we have samba 3.0.21c with OpenLDAP backend as PDC and also 4 BDC's Suddenly on PDC we are getting these error messages in /var/log/messages I am unable to register any system to the domain. niether able to logon to the domain. ## Feb 15 11:14:32 msdpl smbd[18212]: [2007/02/15 11:14:32, 0] lib/util_sock.c:send_smb(765) Feb 15 11:14:32 msdpl smbd[18212]: Error writing 5 bytes to client. -1. (Connection reset by peer) Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-500 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-2998 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3004 does not belong to our domain Feb 15 11:14:34 msdpl smbd[18217]: [2007/02/15 11:14:34, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:34 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3006 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3008 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3010 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3012 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3014 does not belong to our domain Feb 15 11:14:35 msdpl smbd[18217]: [2007/02/15 11:14:35, 0] passdb/pdb_ldap.c:ldapuser2displayentry(4006) Feb 15 11:14:35 msdpl smbd[18217]: sid S-1-5-21-3963901886-956592875-555457773-3016 does not belong to our domain # when typing net rpc info it gives the following error rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine MEDHAPDC pipe \samr fnum 0x7008returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/02/15 21:12:52, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x7008 to machine MEDHAPDC. Error was Call timed out: server did not respond after 1 milliseconds this is net rpc error but when we type #net getlocalsid it gives the SID S-1-5-21-3963901886-956592875-555457773 Actually my server's SID is the same as above. what does the above error means . The below is my smb.conf ### [global] workgroup = msdpl.com netbios name = medhapdc passdb backend = ldapsam:ldap://msdpl.com server string = Domain Controller hosts allow = 192.168.128. 192.168.129. 192.168.130. 127. security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0,lo printing = cups disable spoolss = Yes printcap name = cups max print jobs = 100 enable privileges = yes log level = 2 password level = 8 username level = 8 bind interfaces only = yes local master = Yes os level = 65 domain master = yes preferred master = yes remote browse sync = 192.168.130.3 null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes logon script = %u.bat logon path = logon drive = X: logon home = wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/%m.log max log size = 50 nt acl support = yes ldap passwd sync = yes add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%m" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' ldap delete dn = Yes ldap ssl = no ldap suffix = dc=msdpl,dc=com ldap admin dn = cn=manager,dc=msdpl,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People
[Samba] Client browsing problem
hi all
I have a samba pdc with ldap backed, samba version being 3.0.21c, and
openldap 2.3.19.
All clients get ip through dhcp and dynamically updates dns also
The problem i am facing is from a windows 2000 client if i go to run and
browse another system
it connects to some other system
for example from START-> RUN->\\system1 , it will open some other system say
system2
when i ping to system1 it shows the ip of system2. So i change ip in my zone
file and restart the named
service.
whenever a client gets ip from dhcpd , it updates zone file but it
overwrites with some other ip.
please guide me . For a samba pdc, what is the better dhcpd and
named.confconfiguration.
below are my configuration files, please guide me
dhcpd.conf
###default-lease-time 259200;
max-lease-time 259201;
option domain-name "msdpl.com";
option domain-name-servers 192.168.129.20;
option netbios-name-servers 192.168.129.20;
option netbios-node-type 8; ### Node type = Hybrid ###
ddns-updates on; ### Dynamic DNS enabled ###
ddns-update-style interim;
authoritative;
one-lease-per-client true;
option netbios-dd-server 192.168.1.2;
option netbios-node-type 8;
subnet 192.168.129.0 netmask 255.255.255.0 {
range dynamic-bootp 192.168.129.30 192.168.129.254;
option subnet-mask 255.255.255.0;
option routers 192.168.129.1;
allow unknown-clients;
}
#
my named.conf
#
[EMAIL PROTECTED] pdc]$ cat named.conf
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders { 192.168.129.18; 192.168.130.3; 192.168.128.3; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
acl msdpl {
192.168.129.0/24;
192.168.128.0/24;
192.168.130.0/24;
};
zone "msdpl.com" IN {
type master;
file "msdpl.com.zone";
notify yes;
allow-query { msdpl; };
allow-transfer { msdpl; };
allow-update { msdpl; };
};
zone "129.168.192.in-addr.arpa" IN {
type master;
file "192.168.129.20.rev";
notify yes;
allow-query { msdpl; };
allow-transfer { msdpl; };
allow-update { msdpl; };
};
zone "130.168.192.in-addr.arpa" IN {
type master;
file "192.168.130.0.rev";
notify yes;
allow-query { msdpl; };
allow-transfer { msdpl; };
allow-update { msdpl; };
};
zone "128.168.192.in-addr.arpa" IN {
type master;
file "192.168.128.0.rev";
notify yes;
allow-query { msdpl; };
allow-transfer { msdpl; };
allow-update { msdpl; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "medhaindia.com" IN {
type master;
file "medhaindia.com.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
###
my smb.conf
###
[global]
workgroup = msdpl.com
netbios name = medhapdc
passdb backend = ldapsam:ldap://msdpl.com
server string = Domain Controller
hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0,lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
enable privileges = yes
log level = 2
password level = 8
username level = 8
bind interfaces only = yes
local master = Yes
os level = 65
domain master = yes
remote browse sync = 192.168.130.3
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon
Re: [Samba] Samba PDC with Ldap, problems after restart
Hi i think we need more information do the following steps 1) increase the debug level in smb.con to above 5 2) and also check whether the following command gives you the SID of the domain [EMAIL PROTECTED] rpc info 3)Again rejoin a system to the domain and check in the nmbd.log file what is the exact log outout On 12/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hello, I have installed my Samba as a PDC with LDAP Backend, it worked fine, I was able to join the Domain with a Windows XP Client.But Today when i started the server, i can't join a domain anymore. I also can't add users to ldap anymore with smbldap-tools i always get this failure message: 3444 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 217. 3445 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 218. 3446 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 219. 3447 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 220. 3448 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 221. 3449 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 223. 3450 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 224. 3451 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 225. 3452 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 226. 3453 Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 140, line 227. Does anyone has an idea of the problem? thx Ernest Aigner -- "Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log of file delete/create/open/close operations
Hi you can turn on vfs objects = audit or extd_audit in the share , so u can log file open/close/create/delete Regards niranjan On 5/15/06, taso <[EMAIL PROTECTED]> wrote: Is it possible to log file open/close/create/delete operations without turning on level 10 debug? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Configuring BDC
Hi all I have a samba PDC(3.0.21c with openldap 2.3.19) . and some file servers as domain member server( linux with samba 3.0.21c). i would like to setup BDC. according to samba documentation BDC's to have slave ldap server is optimal solution. i have 3 different locations, so at 1 location i would like to setup PDC, and another 2 location's i would like to setup BDC's Q) can i have this type of setup ? Q) if i can, how do i configure DNS of the BDC, whether it should be secondary dns server or it should also have a master DNS server of the same domain. By default PDC's have the DNS with DHCP (ddns implemented). Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Security
Dear all I have a samba 3.0.21 with openldap as a primary domain controller, and all my windows clients are joined to my domain. i have file servers (Domain Member servers - linux systems) which are given access for file sharing to my clients. so all the windows clients in my domain access the file server according to their user permissions. i also have some windows clients which are not joined to my domain, but are in the same network as my PDC. they are also able to access the file server, but it prompts for username and password, and user gives the username and password and access it. is there any way that the windows clients which are joined in my domain only should be able to access the file servers and the sysetms which are not joined should not be able to access file services. i don't want to implement ip level security on shares, as user can change the ip and access it. i would like to know if file servers which are in joined to my PDC can be given access to only windows clients which are joined to my domain, any other windows client which is not in OU=Computers ie which is not yet joined to my PDC should be denied. Is it possible ? please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with Slave LDAP server
Hi all Thanks for Replying , i have another query. In BDC , according the samba3-by example PDF, IDMAP is said to be pointed to Master LDAP Server. But in Master LDAP server i have samba 3.0.21, which is configured as PDC, i have created users and all windows users are able to login to PDC. but i have only these entries in ou=Idmap, in Master LDAP server dn:ou=Idmap,dc=mydomain,dc=com objectClass: Organizational Unit objectClass: SambaunixIdpool ou: idmap uidnumber: 1 gidnumber: 1 Apart from these entries in ou=Idmap, i donot have any other entries, i home some how feel, there should be more entires, ie when ever a user is created there should some entry. what is wrong, now since i have already created users, and all my windows clients are already joined, without disturibing the current environment, is it possible to correct the Idmap problem. please guide me Regards ashok On 1/27/06, Anthony Messina <[EMAIL PROTECTED]> wrote: > > ashok cvs wrote: > > Hi all > > > > I have a samba PDC with LDAP with samba version 3.0.21,(domain= > mydomain.com > > ). > > the samba and openldap are configured on a single system. > > i would like to setup samba BDC with slave LDAP server for domain > > mydomain.com > > and samba BDC is also having DNS server for domain . > > > > my query is, the nsswitch.conf and ldap.con of BDC should point to it's > own > > LDAP server > > or Master LDAPserver > > > > and in smb.conf file of BDC, the passdb backed should point to master or > > slave. > > > > and smbpasswd -w , (which password should i enter , the master > > LDAP server rootdn password or slave LDAP server rootdn passowrd) > > > > please guide me > > > > Regards > > ashok > > the bdc should point to its local ldap (slave) server. this is what > gives you the ability to run as a *backup*. if you had both pdc and bdc > pointing to the master ldap server and that server went down, your bdc > is worthless. > > read the "official how-to" at samba.org. it describes the various > options for setting up a pdc and bdc with ldap. > > http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html > > by far, the best is pointing the pdc at the master ldap server > (read/write) and pointing the bdc at the slave server (read only). > > you will also need to point your nsswitch.conf and your ldap.conf on the > bdc to the slave server (assuming your samba bdc is on the same host > as your slave ldap server. > > -anthony > > -- > My Website: http://messinet.com > My Online Gallery: > http://messinet.com/modules.php?name=Web_Links&l_op=visit&lid=3 > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC with Slave LDAP server
Hi all I have a samba PDC with LDAP with samba version 3.0.21,(domain=mydomain.com ). the samba and openldap are configured on a single system. i would like to setup samba BDC with slave LDAP server for domain mydomain.com and samba BDC is also having DNS server for domain . my query is, the nsswitch.conf and ldap.con of BDC should point to it's own LDAP server or Master LDAPserver and in smb.conf file of BDC, the passdb backed should point to master or slave. and smbpasswd -w , (which password should i enter , the master LDAP server rootdn password or slave LDAP server rootdn passowrd) please guide me Regards ashok -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind necessary when samba is configured with ldap
hi but in samba documentation, idmap is set to ldap://localhost:389 and winbind default domain = yes idmap uid 1-2 idmap gid 1-2 i have set default domain = no, in my pdc, does it affect my pdc, In ldap also there is an ou=idmap, does have only one entry . what exactly is this "winbind default domain = yes " means, Regards Niranjan greez On 1/20/06, Michael Gasch <[EMAIL PROTECTED]> wrote: > > in this setup (no trusts, no services on DC using ntlm_auth) you don't > need winbindd on your DCs > > greez > > mallapadi niranjan wrote: > > Hi all > > > > > > I have a query that > > when we are using LDAP with samba in PDC, and also BDC is configured > > and using Slave ldap server, with nss_ldap . is winbind necessary. > > If winbind is necessary, how do we configure it > > > > > > Regards > > niranjan > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba wbinfo -U "error Looking up domain users"
Dear all I have a system with samba PDC with LDAP, samba version being 3.0.21 and openLDAP version 2.2.13 i have another linux system with samba version being 3.0.10 which is a member server to samba pdc. i have configured nss_ldap, and ldap.conf configured on the member server pointing to my ldap server on samba pdc The samba PDC LDAP is configured for simple bind . 1 )i have been getting the following errors: on the member server when i issue the command root# net rpc info i get the following error rpc_parse/parse_prs.c prs_mem_get(537) prs_mem_get: reading data size 14418130 would overrun buffer what does the above error mean 2) on the domain member server i get the error: nss_wins ldap_simple_bind can't contact LDAP server 3) And often on the samba PDC /var/log/message i get the following error init_sam_from_ldap , Failed to get password history for user 4) In the below samba configuration the "winbind use default domain = no" , when i type the command 'net rpc info" i get the output but when i type the command "wbinfo -U" error Looking Up domain Users should i have to enable winbind and set it to yes my slapd.conf of samba pdc is ### include/etc/openldap/schema/core.schema include/etc/openldap/schema/cosine.schema include/etc/openldap/schema/inetorgperson.schema include/etc/openldap/schema/nis.schema include/etc/openldap/schema/samba.schema allow bind_v2 pidfile/var/run/slapd.pid argsfile/var/run/slapd.args ### # ldbm and/or bdb database definitions ### databasebdb suffix"dc=msdpl,dc=com" rootdn"cn=manager,dc=msdpl,dc=com" rootpwsecret idletimeout 30 timelimit 30 directory/var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index loginShelleq,pres index nisMapName,nisMapEntryeq,pres,sub index displayName eq,pres,sub index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Users,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Guests,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Print Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Backup Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Replicators,ou=Groups,dc=msdpl,dc=com" write by anonymous auth by * none # some attributes need to be readable anonymously so that 'id user' can answer correctly access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by * read # somme attributes can be writable by users themselves access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by * read # some attributes need to be writable for samba access to dn.base="dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new users account access to dn="ou=People,dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new groups account access to dn="ou=Groups,dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new computers account access to dn="ou=Computers,dc=msdpl,dc=com"
