Benjamin Nagel [sedo.de]
2005-Sep-01 12:15 UTC
[Samba] Samba with LDAP -> Can't include Windows Client
Hi,
at first sorry for my horrible englisch.
My name is Benjamin Nagel and I had setup a lot of Samba Server, but
untill now without LDAP as backend.
My data:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15
I had setup Samba and OpenLDAP like the IDEALX documentation. I can
create a linux user with the smbldap-useradd script and I can login with
this user.
But when I want to include a Windows XP client I get a error.
Samba create the machine account.
This is a snapshot of the client logfile:
[2005/09/01 13:26:49, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:26:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:49, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:26:50, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:26:50, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:26:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:26:50, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:26:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain MYDOMAIN ->
S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:26:52, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:32, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:32, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:43:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:32, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:43:33, 2] smbd/server.c:exit_server(575)
Closing connections
[2005/09/01 13:43:34, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/01 13:43:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(No such object)
[2005/09/01 13:43:34, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [root] -> [root] ->
[root] succeeded
[2005/09/01 13:43:34, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain MYDOMAIN ->
S-1-5-21-3304255874-2887972702-1555624387
[2005/09/01 13:43:36, 2] smbd/server.c:exit_server(575)
Closing connections
But the crazy thing is, that this groups exist:
[quote]
dn: cn=Domain Users,ou=Groups,dc=cologne,dc=mydomain,dc=local
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3304255874-2887972702-1555624387-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 3c3a55c4-aa64-1029-879f-fa8a7468604f
creatorsName: cn=Manager,dc=cologne,dc=mydomain,dc=local
createTimestamp: 20050826100220Z
memberUid: root
memberUid: benjamin
entryCSN: 20050901101848Z#000003#00#000000
modifiersName: cn=Manager,dc=cologne,dc=mydomain,dc=local
modifyTimestamp: 20050901101848Z
[/quote]
smb.conf:
[quote]
[global]
workgroup = MYDOMAIN
netbios name = hawking
server string = hawking as Samba-Server
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=cologne,dc=mydomain,dc=local
ldap suffix = dc=cologne,dc=mydomain,dc=local
ldap group suffix = ou=Groups,dc=cologne,dc=mydomain,dc=local
ldap user suffix = ou=Users,dc=cologne,dc=mydomain,dc=local
ldap machine suffix = ou=Computers,dc=cologne,dc=mydomain,dc=local
ldap idmap suffix = ou=Idmap,dc=cologne,dc=mydomain,dc=local
ldap ssl = no
add machine script = /sbin/yast
/usr/share/YaST2/data/add_machine.ycp %m$
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
username map = /etc/samba/smbusers
logon script = %u.BAT
logon drive = Y:
logon path = \\%L\profiles\%U
logon home = \\%L\%U
domain logons = yes
preferred master = yes
domain master = yes
security = user
local master = yes
os level = 65
dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15
log level = 2
log file = /home/samba/logs/%m.log
wins support = yes
panic action = kill `cat /var/run/samba/smbd.pid`; rm
/var/run/samba/smbd.pid ; /etc/init.d/smb start
keepalive = 60
smb ports = 445 139
use sendfile = no
large readwrite = no
idmap backend = ldap:ldap://10.0.1.253
[/quote]
I hope you can help me, and that I hadn't read over the comment that fix
my problem.
Thanks,
Benjamin Nagel
Joachim Kieferle
2005-Sep-01 12:22 UTC
[Samba] Samba with LDAP -> Can't include Windows Client
Benjamin Nagel [sedo.de] wrote:> Hi, > > at first sorry for my horrible englisch. > My name is Benjamin Nagel and I had setup a lot of Samba Server, but > untill now without LDAP as backend. > > My data: > Suse 9.2 > Samba 3.0.9-2.3-SUSE > OpenLDAP: slapd 2.2.15 > > I had setup Samba and OpenLDAP like the IDEALX documentation. I can > create a linux user with the smbldap-useradd script and I can login > with this user. > But when I want to include a Windows XP client I get a error. >[ ... ] Dear Benjamin, we have Samba running on SuSE 9.3. What we found out is that for the machine accounts you MUST NOT use ou=computers BUT ou=people, that means the same ou as you use for normal accounts. This phenomenon is also somewhere described in the Samba by example tutorial. At least in our environment this works. Hope this helps, best Joachim
Possibly Parallel Threads
- SAMBA3+LDAP PDC - Cannot join the domain
- LDAP passwords not working after upgrading to Samba 3
- Problems with NT passwords using Samba3 and LDAP
- Can't join pc to domain with smbldap-tools but can with smbpasswd
- Urgent Please - Samba 3.0.1 - LDAP - WinXP ... has anyone got it working???