Hi Folks, I had a crack at setting up a Samba PDC using a fresh installation of FDS 1.2.4 as the backend on one of our RHEL 5.3 servers per the Wiki Howto:Samba but ran into a few issues. In the section 'Populating FDS with PDC Entry', it instructs the user to run 'net getlocalsid'. This results in the following: [root at mybox logs]# net getlocalsid lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is: S-1-5-21-4207250186-2406131440-3849861866 Thinking that I might just have a Samba configuration problem, I continued by attempting to add the following ldif: dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com objectclass: sambaDomain objectclass: sambaUnixIDPool objectclass: top sambaDomainName: CMOMA samba SID: S-1-5-21-4207250186-2406131440-3849861866 uidNumber: 550 gidNumber: 550 which resulted in the following error: adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com ldap_add: Object class violation ldap_add: additional info: unknown object class "sambaUnixIDPool" I double checked /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the initial setup steps and was unable to find a sambaUnixIDPool objectclass, but did see a sambaUnixIdPool. However, after I edited /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap still complains about an 'unknown object class'. Any idea of what might be happening here? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110428/6d2a030e/attachment-0005.html>
Gordon Messmer
2011-May-05 01:09 UTC
[CentOS] Samba with 389 Directory Server Auth problem
On 04/28/2011 01:57 AM, sync wrote:> [root at mybox logs]# net getlocalsid > lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for > CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is: > S-1-5-21-4207250186-2406131440-3849861866You should run "getlocalsid" before you put any LDAP settings in smb.conf. If you remove or comment all LDAP settings, you shouldn't get an error.> dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com > objectclass: sambaDomain > objectclass: sambaUnixIDPool > objectclass: top > sambaDomainName: CMOMA samba > SID: S-1-5-21-4207250186-2406131440-3849861866 > uidNumber: 550 > gidNumber: 550I'm pretty sure sambaDomainName cannot have spaces. It's subject to the rules for Windows NT workgroup names. Use "CMOMA" only. SID: should be sambaSID: The recommended settings for uidNumber and gidNumber are 1000, and you should include sambaNextRid with the same value.> adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com > ldap_add: Object class violation ldap_add: additional info: unknown > object class "sambaUnixIDPool" > > I double checked > /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the > initial setup steps and was unable to find a sambaUnixIDPool > objectclass, but did see a sambaUnixIdPool. However, after I edited > /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap > still complains about an 'unknown object class'.I'm reasonably certain that objectclass names are case insensitive, so the error probably indicates that your ldif isn't being loaded. It could be a formatting error. Check the error log for your DS.