HI,
I met problm with windbind.
Everything seems to work fine samba 3.0.7 - ldap - ssl
But in can not change user password account from windows workstation.
I investigate and find
Wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_UNSUCCESSFUL (0xc0000001)
Could not check secret
Wbinfo - u
Error looking up domain users
Wbinfo -g
Just list BuiltIn Group
I find recurrent error log winbind message:
internal_get_sid_from_id: fetching record GID 513
[2004/10/29 00:35:10, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base => [ou=Idmap,dc=e-nes,dc=net], filter =>
[(&(objectClass=sambaIdmapEntry)(gidNumber=513))], scope => [2]
[2004/10/29 00:35:10, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(525)
ldap_get_sid_from_id: mapping not found for gidNumber: 513
[2004/10/29 00:35:10, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(426)
Could not convert gid 513 to sid
[2004/10/29 00:35:10, 10] nsswitch/winbindd.c:client_write(523)
client_write: wrote 1300 bytes.
And defenitly my Idmap In ldap are empty.
Normaly wbinfo - u should populate it ?
But It fail.
Is there any way to manually populate it ?
Can you help me, my objectif is made windows able to change password , if
wbinfo still have problem I doesn't matter.
Here are my smb.conf
Many thanks
# Global parameters
[global]
deadtime = 60
passdb backend = ldapsam:"ldap://127.0.0.1",guest
ldap suffix = dc=e-nes,dc=net
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
#ldap admin dn = "cn=admin,dc=e-nes,dc=net"
ldap admin dn = cn=samba,ou=DSA,dc=e-nes,dc=net
ldap ssl = yes
ldap delete dn = yes
ldap passwd sync = yes
#only= ldap no = just NT et LM no ldap
#unix password sync = yes
encrypt passwords = true
null passwords = yes
passwd program = /usr/sbin/smbldap-passwd.pl %u
security = user
#user domainE-NES share
auth methods = sam, winbind
passwd chat = *New*password* %n\n *Retype*new*password* %n\n*
*password*has*been*changed*
passwd chat debug = yes
# password quality
min passwd length = 5
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m
"%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g
"%g"
"%u"
#get quota command = /usr/local/sbin/query_quota
#set quota command = /usr/local/sbin/set_quota
Dos charset = 850
Unix charset = ISO8859-1
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
idmap gid = 500-10000
strict sync = no
idmap uid = 999-10000
idmap backend = ldap:ldap://127.0.0.1
max xmit = 65534
winbind separator = +
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind use default domain = yes
wins support = Yes
wins server = 192.168.1.5
logon path
show add printer wizard = No
preferred master = Yes
logon script = scripts/logon.bat
domain logons = Yes
domain master = yes
server string = E-nes Enterprise Server
#%v
workgroup = E-nes
netbios name = E-nes
os level = 250
admin users = lauco,administrateur
#domain admin group = root,Domain Admins
#root = admin administrator
map to guest = Bad User
guest account = nobody
logon drive = h:
logon home = \\%L\%U
# syslog = 0
time server = Yes
unix extensions = Yes
allow trusted domains = Yes
message command = /bin/sh -c '/usr/bin/linpopup
max log size = 1000
interfaces = eth1, 192.168.1.5/255.255.255.224
panic action = /usr/share/samba/panic-action %d
read raw = yes
paranoid server security = No
map hidden = yes
dns proxy = No
name resolve order = wins host lmhosts bcast
algorithmic rid base = 1000
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
oplocks = yes
root directory = /
#chroot mode
write raw = yes
strict locking = no
log level = 3
log file = /var/log/samba/log.%m
[netlogon]
guest ok = yes
create mask = 0644
comment = The domain logon service
locking = no
path = /home/e-nes/netlogon
share modes = no
follow symlinks = no
[homes]
path = %H
valid users = %U
comment = Home Directories
browseable = No
writeable = yes
create mask = 0600
dos filetimes = yes
follow symlinks = no
force unknown acl user = no
# can copy local acl to e-nes
hide dot files = yes
[Public]
guest ok = yes
comment = E-nes Public Folder
writable = yes
path = /home/e-nes/Public
dos filemode = yes
dos filetimes = yes
store dos attributes = yes
follow symlinks = no
hide unreadable = yes
#hosts allow = 150.203. EXCEPT 150.203.6.66 lapland, arvidsjaur
-- hosts deny = pirate
[Private]
path=/home/e-nes/Private
Comment = E-Nes Private Folder
writable = yes
create mask = 0660
browsable = yes
locking = yes
#lock and open file
dos filemode = yes
#enable group to chage perm
dos filetimes = yes
#enable time change on dos acces like on windobe
follow symlinks = no
# do not permit to hack system by symlinks
#inherit acls = yes
#inherit permissions = no
[Admin]
path=/
Comment = E-Nes Root Admin
writable = yes
create mask = 0644
security mask = 0000
directory security mask = 0000
browsable = yes
locking = no
valid users = %U @"Domain Admins"
# administrateur
