Alejandro Gándara Álvarez
2010-Aug-27 11:00 UTC
[Samba] Configure Samba as Client of Samba PDC
Hi all, First of all, thanks . In my network I have this : Server :chacho ? 1 ldap ? 1 samba PDC and share, Now, I need a second samba in the same server (this was right , I ran a new instance without problems , but this one has to be a file server whith authentification against the ldap server. The problem is the following: The problem is that this new samba is not running how I would like , first ill show smb.conf This is the smb.conf of the PDC: [global] workgroup = domain netbios name = CHACHO server string = %h debug uid = Yes bind interfaces only = yes interfaces = 127.0.0.1,172.20.36.10/24 passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/sbin/smbldap-passwd -o %u # username map = /etc/samba/smbusers log level = 1 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts host bcast add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' #logon script = logon.bat logon path logon home domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=domain,dc=loc ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=domain,dc=loc ldap ssl = no ldap user suffix = ou=People idmap uid = 15000-20000 idmap gid = 15000-20000 admin users = @administradores create mask = 0777 directory mask = 0777 printcap cache time = 12600 printcap name socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 deadtime = 15 map to guest = Bad User reset on zero vc = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon/scripts guest ok = Yes browseable = no [Proyectos] comment = Carpetas comunes, documentaci?n, drivers path = /samba/Proyectos read only = No #map hidden = Yes #map system = Yes admin users = @administradores users = @desarrollo, at contabilidad, at jefesPT2, at jefesPR guest ok = no [temporal] comment = archivos temporales path = /samba/temporal admin users = @administradores, @desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt browseable = yes read only = no [putty] comment = archivos temporales path = /samba/putty admin users = @administradores, @desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt browseable = yes read only = no [software] comment = Programas path = /samba/software admin users @administradores, at desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt browseable = yes read only = no [exports] comment = Carpeta con los exports path = /samba/exports read only = No #map hidden = Yes #map system = Yes admin users @administradores, at desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt guest ok = no [proveedores] comment = Carpetas proveedores path = /samba/proveedores read only = No #map hidden = Yes #map system = Yes admin users = @administradores, at jefesPT2, at jefesPR, at dt users = @desarrollo, at contabilidad, at jefesPT2, at jefesPR guest ok = no And this smb.conf is the new one , I called it smb.chachopartners.conf [global] workgroup = domain netbios name = CHACHOPARTNERS security = DOMAIN bind interfaces only = yes interfaces = 172.20.52.11/24 passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/sbin/smbldap-passwd -o %u local master = no domain master = no preferred master = no domain logons = no name resolve order = wins host lmhosts bcast dns proxy = no log level = 1 ldap admin dn = cn=admin,dc=domain,dc=loc ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=domain,dc=loc ldap ssl = no ldap user suffix = ou=People idmap uid = 15000-20000 idmap gid = 15000-20000 admin users = @administradores create mask = 0777 directory mask = 0777 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 deadtime = 15 map to guest = Bad User reset on zero vc = yes [Proveedores] comment = Carpeta de proveedores path = /samba/proveedores read only = no admin users = @administradores, at jefesPT2, at jefesPR, at dt users = xxx, @xxx guest ok = no [yyy] comment = Carpetas comunes, documentaci?n, drivers path = /samba/proveedores/yyy read only = No admin users = @administradores, at jefesPT2, at jefesPR, at dt valid user = yyy1 guest ok = no [xxx] comment = Carpetas xxx path = /samba/proveedores/xxx read only = No admin users = @administradores, at jefesPT2, at jefesPR, at dt users = @developpers guest ok = no The problem is that Im having problems with the second samba when I try to modified or add permissions , cause it looks for the users in the new samba SID and it should look for in the domain. When I start smbd I got this errors: Could not peek rid out of sid S-1-5-21-1681343281-3888673916-306851540-500 [2010/08/27 12:54:11, 0] passdb/passdb.c:593(lookup_global_sam_name) User nobody with invalid SID S-1-5-21-1681343281-3888673916-306851540-2998 in passdb And if I go to phpldapadmin I see that now I have two sambadomainname domain , and chachopartners (Yes the netbios of the second one) that?s why I thought the problem was here , I thought it could be joining as DC and no as client. I?ve done this: testparm smb.chachopartners.conf and I got: Load smb config files from /etc/samba/smb.chachopartners.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[Proveedores]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions Thanks for all and sorry for my English Alejandro G?ndara , Junior System and Security Manager