Eddie Lania
2002-Aug-03 12:21 UTC
[Samba] Fw: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?
Hi again, I just wanted to add this to make my information more complete: The id primary group id of user "eddie" in the ldap tree is 500:201. 201 is the group "Domain Users" But you have to know that user "eddie" also excists with id and gid 500:500 in the /etc/passwd and /etc/group files. Examining the log file below, this raises the following question to me: Is the passdb backend plugin "ldap" perhaps using a normal "getent" function do determine the correct user id and gid? If so, this could explain why I have these errors, but does this mean that the configuration of /etc/nsswitch.conf should be changed from: passwd: files ldap shadow: files ldap group: files ldap to: passwd: ldap files shadow: ldap files group: ldap files And will this affect the way people log in using other applications like shh for example? Or should there be a different solution? Also, the params: ldap suffix = "dc=techdream,dc=net" ldap user suffix = "ou=Users" ldap machine suffix = "ou=Computers Are, in my opinion "fairly undocumented" and I have not been able to gather more information about them, so, the vallues that i've used are only guessed by myself and I would like to know if their right or wrong. It also seems to me that the smbgroupedit program is not usefull when authenticating against a ldap server (I have tried to map some of the unix groups to the "domain groups" but didn't notice any change). Is this right? Thanks again, Eddie. ----- Original Message ----- From: "Eddie Lania" <e.lania@home.nl> To: <samba@lists.samba.org> Sent: Saturday, August 03, 2002 8:23 PM Subject: Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?> Hello list, > > Can someone tell me why I keep getting these kind of errors in the sambalog> files? > I just went over from 2.2.5 to 3.0-alpha 18, I never had these errors inthe> 2.2.5 version. > Especially the rid [0] is a complete mistery to me since I have no account > defined in my ldap service that has rid 0. > > Thank you very much for your help. > > Eddie Lania. > > ---------------- > [2002/08/03 19:21:27, 0, effective(1001, 202), real(0, 0)] > rpc_server/srv_util.c:get_domain_user_groups(346) > get_domain_user_groups: primary gid of user [eddie] is not a Domaingroup> ! > get_domain_user_groups: You should fix it, NT doesn't like that > [2002/08/03 19:21:38, 1, effective(500, 500), real(0, 0)] > smbd/service.c:make_connection_snum(676) > p450aukje (192.168.168.253) connect to service profiles initially asuser> eddie (uid=500, gid=500) (pid 24710) > [2002/08/03 19:21:41, 1, effective(0, 0), real(0, 0)] > smbd/service.c:close_cnum(843) > p450aukje (192.168.168.253) closed connection to service profiles > [2002/08/03 19:21:41, 1, effective(500, 500), real(0, 0)] > smbd/service.c:make_connection_snum(676) > p450aukje (192.168.168.253) connect to service netlogon initially asuser> eddie (uid=500, gid=500) (pid 24710) > [2002/08/03 19:21:43, 1, effective(0, 0), real(0, 0)] > smbd/service.c:close_cnum(843) > p450aukje (192.168.168.253) closed connection to service netlogon > [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)] > smbd/service.c:make_connection_snum(676) > p450aukje (192.168.168.253) connect to service homes initially as user > eddie (uid=500, gid=500) (pid 24710) > [2002/08/03 19:21:43, 1, effective(500, 500), real(0, 0)] > smbd/service.c:make_connection_snum(676) > p450aukje (192.168.168.253) connect to service netlogon initially asuser> eddie (uid=500, gid=500) (pid 24710) > [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)] > rpc_server/srv_util.c:get_domain_user_groups(346) > get_domain_user_groups: primary gid of user [eddie] is not a Domaingroup> ! > get_domain_user_groups: You should fix it, NT doesn't like that > [2002/08/03 19:21:53, 0, effective(0, 0), real(0, 0)] > passdb/pdb_ldap.c:ldapsam_getsampwrid(1250) > We don't find this rid [0] count=0 > [2002/08/03 19:21:53, 0, effective(500, 500), real(0, 0)] > rpc_server/srv_util.c:get_domain_user_groups(346) > get_domain_user_groups: primary gid of user [eddie] is not a Domaingroup> ! > get_domain_user_groups: You should fix it, NT doesn't like that > ----------------- > > This is how I compiled samba: >./configure --sbindir=/usr/local/samba/bin --with-logfilebase=/var/log/samba> --with-smbmount --with-ldapsam --with-acl-support > > Here my smb.conf: > > [global] > passdb backend = ldapsam:ldap://localhost > ldap suffix = "dc=techdream,dc=net" > ldap user suffix = "ou=Users" > ldap machine suffix = "ou=Computers" > ldap admin dn = "cn=Manager,dc=techdream,dc=net" > ldap ssl = off > use spnego = No > workgroup = TECHDREAM > time server = Yes > deadtime = 15 > server string = Linux Samba Server %v > wins support = Yes > os level = 64 > prefered master = Auto > domain master = Yes > local master = Yes > security = user > encrypt passwords = Yes > null passwords = Yes > passwd program = /usr/local/sbin/smbldap-passwd.pl > guest account = Guest > socket address = 192.168.168.192 > interfaces = 192.168.168.0/24 127.0.0.1 > bind interfaces only = Yes > domain logons = Yes > add user script = /usr/local/sbin/smbldap-useradd.pl -a -Elogin.bat> %u > add machine script = /usr/local/sbin/smbldap-useradd.pl -g 102 -w%u> delete user script = /usr/local/sbin/smbldap-userdel.pl %u > logon path = \\%L\profiles\%U > logon drive = q: > logon home = \\%L\%U\.profile > logon script = login.bat > debug uid = Yes > log file = /var/log/samba/%m.log > max log size = 0 > [netlogon] > comment = Network Logon Service > path = /home/netlogon > read only = Yes > guest ok = Yes > write list = @"Administrators" > inherit acls = Yes > inherit permissions = Yes > [homes] > path = /home/users/%U > read only = No > browseable = No > inherit acls = Yes > inherit permissions = Yes > csc policy = disable > [profiles] > comment = User Profiles share > path = /home/profiles > read only = No > inherit acls = Yes > inherit permissions = Yes > csc policy = disable > [users] > comment = Users directories > path = /home/users > read only = No > inherit acls = Yes > inherit permissions = Yes > [public] > comment = Public Files share > path = /mnt/big_f32/public > force user = nobody > read only = No > [apps] > comment = Applications share > path = /mnt/big_f32/apps > force user = nobody > read only = No > [backup] > comment = Backup share > path = /mnt/big_f32/backup > force user = nobody > read only = Yes > > >
Apparently Analagous Threads
- Samba 3.0-alpha 18 with ldapsam backend and primary gid of user?
- samba-latest and tdbsam - unable to logon to domain?
- primary gid of user [1005] is not a Domain group !
- smbpasswd backend, group-per-user, and primary gid not a domain group
- primary gid of user [gerhardr] is not a Domain group