[Samba] idmap problem

2009-07-15 Thread Tamás Pisch 
Hi,

I configured a SaMBa PDC and a BDC with a master and a slave OpenLDAP. I set
up TLS, because I wanted secure syncrepl. Slapd runs with -h ldap://
127.0.0.1/ ldaps.///.
I successfully joined an XP client to the servers' domain, I see shares (but
I havent logged in as a domain user, because I have to create a default
profile first).
My problem is in the log.winbindd-idmap log file:
[2009/07/15 09:24:23,  1] winbindd/idmap.c:idmap_init(385)
  Initializing idmap domains
[2009/07/15 09:24:23,  0] winbindd/idmap.c:idmap_init(396)
  idmap_init: Ignoring domain MYDOMAIN
[2009/07/15 09:24:23,  0] winbindd/idmap.c:idmap_init(549)
  ERROR: Could not get methods for backend ldapsam
[2009/07/15 09:24:23,  0] winbindd/idmap.c:idmap_init(801)
  Aborting IDMAP Initialization ...

smb.conf:
netbios name = SRV3
dos charset = CP852
unix charset = UTF8
workgroup = MYDOMAIN
interfaces = 127.0.0.0/8, eth0
bind interfaces only = Yes
passdb backend = ldapsam:ldap://127.0.0.1:389;
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/username.map
unix password sync = Yes
log level = 1 idmap:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
name resolve order = wins host bcast
time server = Yes
.
.
.
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=adm,dc=mydomain,dc=site
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=site
ldap user suffix = ou=People
eventlog list = Security, Application, Syslog
usershare max shares = 0
usershare path = /home/samba/usershares
panic action = /usr/share/samba/panic-action %d
idmap backend = ldapsam:ldap://127.0.0.1:389
idmap uid = 1-2
idmap gid = 1-2
map acl inherit = Yes
veto oplock files = /*.pdf/*.pst/

/etc/ldap/ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=site
logdir /var/lib/ldap/log
TLS_REQCERT  hard
TLS_CACERT /etc/ssl/certs/cacert.pem

slapd.conf:
###
# Global Directives:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include/etc/ldap/schema/samba3.schema
pidfile /var/run/slapd/slapd.pid
argsfile/var/run/slapd/slapd.args
loglevelconns stats filter
idletimeout30
modulepath/usr/lib/ldap
moduleloadback_hdb
moduleloadsyncprov
sizelimit unlimited
tool-threads 1
TLSCertificateFile /etc/ssl/certs/srv3cert.pem
TLSCertificateKeyFile /etc/ssl/private/srv3key.pem
TLSCACertificateFile /etc/ssl/certs/cacert.pem
TLSVerifyClient never

###
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backendhdb
databasehdb
suffixdc=mydomain,dc=site
rootdn  cn=adm,dc=mydomain,dc=site
rootpw  {SSHA}...
directory   /var/lib/ldap
dbconfig set_cachesize 0 1 1
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
dbconfig set_lg_regionmax 262144
dbconfig set_lg_bsize 524288
dbconfig set_lg_dir /var/lib/ldap/log
dbconfig set_flags   DB_LOG_AUTOREMOVE
index objectClasseq
index cnpres,sub,eq
index snpres,sub,eq
index uid   pres,sub,eq
index displayName   pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID  eq
index sambaPrimaryGroupSID  eq
index sambaDomainName   eq
index default   sub
index sambaSIDList  eq
index sambaGroupTypeeq
index entryCSN,entryUUID eq
lastmod on
checkpoint  512 30

access to *
by dn.exact=cn=replicator,dc=mydomain,dc=site tls_ssf=128 read
by * break

access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdCanChange
by dn=cn=admin,dc=mydomain,dc=site write
by dn=cn=replicator,dc=mydomain,dc=site read
by anonymous auth
by self write
by * none

access to dn.base= by * read

access to *
by dn=cn=admin,dc=mydomain,dc=site write
by dn=cn=replicator,dc=mydomain,dc=site read
by self write
by * read

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

libnss-ldap.conf:
host 127.0.0.1
base dc=mydomain,dc=site
timelimit 50
bind_timelimit 50
bind_policy hard
idle_timelimit 3600
nss_base_passwd

[Samba] idmap problem / Where is the shared module documentation?

2005-10-06 Thread Joshua Weage 
I've spent a couple of hours trying to figure out why the Samba
3.0.20aidmap facility doesn't appear to be working when it works just
fine with my
current config file and 3.0.14a.

I'm getting Username DOMAIN\MACHINE$ is invalid on this system errors in
the logs - which I believe I used to get with 3.0.14a until I enabled idmap.

Is this something to do with the --with-shared-modules config option? I
can't find documentation anywhere on what this option does, other than
someone mentioning that idmap_rid needs to be explicitly specified here.
Where are the docs?

Can anyone tell me why I'm getting the above error?

Please CC me as I'm not subscribed to the list.

Thanks,

Joshua Weage
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba