samba - Jan 2004 - Trying to configure a SAMBA 3 PDC with OpenLDAP

Hello,

I have some problems trying to configure a PDC with OpenLDAP backend using Samba
3.0.1.

My LDAP server is working fine and has the samba templates.

I am able to configure users. The procedure I am using is I first create the
user in the LDAP server using posixAccount, shadowAccount, etc. Then, as root, I
write

     smbpasswd -a user

and it works fine.

I get the same effect if I use 

     pdbedit -a -u borra

The user is able to mount a share in the server. At this point things are
working great.

My first problem is that I have been unable to add machines.
I tried a similar procedure. First create the machine in the LDAP server
(without sambaSamAccount) and then

     smbpasswd -m -a theMachine

I have tried everything including pdbedit and smbldap-tools 0.8.2.
I get the following errors when trying to add a machine called tuqueque using 

     smbpasswd -m -a tuqueque -D256

Netbios name list:-
my_netbios_names[0]="BOA"
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=Manager,dc=ica,dc=luz,dc=ve"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(uid=tuqueque$)(objectclass=sambaSamAccount))]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [tuqueque$] count=0
Finding user tuqueque$
Trying _Get_Pwnam(), username as lowercase is tuqueque$
Trying _Get_Pwnam(), username as uppercase is TUQUEQUE$
Checking combinations of 0 uppercase letters in tuqueque$
Get_Pwnam_internals didn't find user [tuqueque$]!


The smbldap-tools 0.8.2 do not work at all. They do not even work for adding
users (which I already solved using smbpasswd).

I have other questions:
I have read that I have to create some groups (Domain Admins, Domain Users,
Domain Guests), but the procedure for doing that when using LDAP is not clear. I
tried adding the groups to the LDAP server and then using something like

    net groupmap modify ntgroup="Domain Admins" unixgroup=domadmin

I get the following message:

     NT Group Domain Admins doesn't exist in mapping DB
       

Can somebody help me?

Here is my smb.conf:
[global]
hosts allow = 172.17.6.0/255.255.255.0
netbios name = BOA
workgroup = ICALUZ
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
os level = 33

ldap suffix = dc=ica,dc=luz,dc=ve
ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"

idmap backend = ldap:ldap://localhost
idmap gid = 10000-20000
idmap uid = 10000-20000
ldap idmap suffix = ou=Idmap

passdb backend = ldapsam:ldap://localhost
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Personas

ldap group suffix = ou=Grupos
ldap machine suffix = ou=Computadoras
#ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap filter = (uid=%u)

logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u\winprofile
logon script = logon.cmd

#logging
log level = 2
log file = /var/lib/samba/%m.log

[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = ntadmin

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0644
directory mask = 0755

[test]
path=/tmp
writeable=yes
public=yes


I have tried to follow the documentation, but it is somewhat confising when it
refers to LDAP. It is never clear whether they are talking about the new style
or the old Samba 2.x style. Maybe it is not completely updated.
Any help is appreciated.

Regards,
VS

On Sun, 11 Jan 2004 02:17:06 -0400 (VET)
vegeta2@ica.luz.ve wrote:

When you added the machine account by hand (the posix part), have you added the
$ behind the machine name? Samba expects machines to be like
tuqueque$ instead of tuqueque. It's just a quick guess. 
Btw, smbldap-tools work great for me (they automatically add all the needed
groups for example - you'd like that), what exactly is your problem?

Jesore

> Hello,
> 
> I have some problems trying to configure a PDC with OpenLDAP backend using
Samba 3.0.1.
> 
> My LDAP server is working fine and has the samba templates.
> 
> I am able to configure users. The procedure I am using is I first create
the user in the LDAP server using posixAccount, shadowAccount, etc. Then, as
root, I write
> 
>      smbpasswd -a user
> 
> and it works fine.
> 
> I get the same effect if I use 
> 
>      pdbedit -a -u borra
> 
> The user is able to mount a share in the server. At this point things are
working great.
> 
> My first problem is that I have been unable to add machines.
> I tried a similar procedure. First create the machine in the LDAP server
(without sambaSamAccount) and then
> 
>      smbpasswd -m -a theMachine
> 
> I have tried everything including pdbedit and smbldap-tools 0.8.2.
> I get the following errors when trying to add a machine called tuqueque
using
> 
>      smbpasswd -m -a tuqueque -D256
> 
> Netbios name list:-
> my_netbios_names[0]="BOA"
> Trying to load: ldapsam:ldap://localhost
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match ldapsam:ldap://localhost
(ldapsam)
> Found pdb backend ldapsam
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
> smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=ICALUZ))]
> smbldap_open_connection: ldap://localhost
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=Manager,dc=ica,dc=luz,dc=ve"
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesful connected
> pdb backend ldapsam:ldap://localhost has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> smbldap_search_suffix: searching
for:[(&(uid=tuqueque$)(objectclass=sambaSamAccount))]
> smbldap_open: already connected to the LDAP server
> ldapsam_getsampwnam: Unable to locate user [tuqueque$] count=0
> Finding user tuqueque$
> Trying _Get_Pwnam(), username as lowercase is tuqueque$
> Trying _Get_Pwnam(), username as uppercase is TUQUEQUE$
> Checking combinations of 0 uppercase letters in tuqueque$
> Get_Pwnam_internals didn't find user [tuqueque$]!
> 
> 
> The smbldap-tools 0.8.2 do not work at all. They do not even work for
adding users (which I already solved using smbpasswd).
> 
> I have other questions:
> I have read that I have to create some groups (Domain Admins, Domain Users,
Domain Guests), but the procedure for doing that when using LDAP is not clear. I
tried adding the groups to the LDAP server and then using something like
> 
>     net groupmap modify ntgroup="Domain Admins"
unixgroup=domadmin
> 
> I get the following message:
> 
>      NT Group Domain Admins doesn't exist in mapping DB
>        
> 
> Can somebody help me?
> 
> Here is my smb.conf:
> [global]
> hosts allow = 172.17.6.0/255.255.255.0
> netbios name = BOA
> workgroup = ICALUZ
> security = user
> encrypt passwords = yes
> preferred master = yes
> domain master = yes
> local master = yes
> domain logons = yes
> os level = 33
> 
> ldap suffix = dc=ica,dc=luz,dc=ve
> ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"
> 
> idmap backend = ldap:ldap://localhost
> idmap gid = 10000-20000
> idmap uid = 10000-20000
> ldap idmap suffix = ou=Idmap
> 
> passdb backend = ldapsam:ldap://localhost
> ldap ssl = off
> ldap delete dn = no
> ldap user suffix = ou=Personas
> 
> ldap group suffix = ou=Grupos
> ldap machine suffix = ou=Computadoras
> #ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> ldap filter = (uid=%u)
> 
> logon path = \\%N\profiles\%u
> logon drive = H:
> logon home = \\homeserver\%u\winprofile
> logon script = logon.cmd
> 
> #logging
> log level = 2
> log file = /var/lib/samba/%m.log
> 
> [netlogon]
> path = /var/lib/samba/netlogon
> read only = yes
> write list = ntadmin
> 
> [profiles]
> path = /var/lib/samba/profiles
> read only = no
> create mask = 0644
> directory mask = 0755
> 
> [test]
> path=/tmp
> writeable=yes
> public=yes
> 
> 
> I have tried to follow the documentation, but it is somewhat confising when
it refers to LDAP. It is never clear whether they are talking about the new
style or the old Samba 2.x style. Maybe it is not completely updated.
> Any help is appreciated.
> 
> Regards,
> VS
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>