Hi,
i have running samba with ldap as a PDC. The PDC works fine, except
adding new computer to the domain. The Computer how was added 2-3 Years
ago works fine, but i cannot add new PCs to the domain.
The samba log says to remove the paramtere 'algorithmic rid base' and
use 'net groupmap add' and 'net setmaxrid'. The command
"net setmaxrid"
is not existent.
For me it is important to add the new PCs to the Domain. So is there any
way to add the PCs on Server side? Or any other workaround - it does not
matter how.
I hope you can help me! :)
log.smb:
[2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072)
'algorithmic rid base' is set but a passdb backend without
algorithmic RIDs is chosen.
Please map all used groups using 'net groupmap add', set the maximum
used RID using
'net setmaxrid' and remove the parameter
smb.conf:
[global]
workgroup = FAB
server string = zeus
interfaces = 195.72.98.12/255.255.255.240,
10.14.45.12/255.255.255.0
map to guest = Bad User
passdb backend = ldapsam
algorithmic rid base = 5000
log level = 1
log file = /var/log/log.smb
smb ports = 139
name resolve order = wins hosts bcast lmhosts
time server = Yes
deadtime = 15
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
printcap name = cups
add user script = ldapsmb -a -u "%u"
delete user script = ldapsmb -d -u "%u"
add group script = ldapsmb -a -g "%g"
delete group script = ldapsmb -d -g "%g"
add user to group script = ldapsmb -j -u "%u" -g
"%g"
delete user from group script = ldapsmb -r -u "%u" -g
"%g"
set primary group script = ldapsmb -m -u "%u" -gid
"%g"
add machine script = ldapsmb -a -w "%u" -gid 515
logon script = kix32 fab_login.scr
logon path = \\%L\profiles\%U
logon drive = h:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
ldap group suffix = ou=Groups
ldap machine suffix = ou=People
ldap passwd sync = Yes
ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
ldap ssl = no
ldap user suffix = ou=People
admin users = @ntadmin, root
hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45.,
10.14.43., 10.14.44., 10.10.57.
printing = cups
print command lpq command = %p
lprm command = /usr/bin/lprm -P%p %j
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
SW:
Opensuse 10.3 64bit
Samba 3.0.26a
Openldap: 2.3.37
Best regards,
- David B?hm
Rubin Bennett schrieb:> On Thu, 2008-05-29 at 10:21 +0200, David B?hm wrote: >> Hi, >> >> i have running samba with ldap as a PDC. The PDC works fine, except >> adding new computer to the domain. The Computer how was added 2-3 Years >> ago works fine, but i cannot add new PCs to the domain. >> >> The samba log says to remove the paramtere 'algorithmic rid base' and >> use 'net groupmap add' and 'net setmaxrid'. The command "net setmaxrid" >> is not existent. >> >> For me it is important to add the new PCs to the Domain. So is there any >> way to add the PCs on Server side? Or any other workaround - it does not >> matter how. >> >> I hope you can help me! :) >> >> >> log.smb: >> [2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072) >> 'algorithmic rid base' is set but a passdb backend without >> algorithmic RIDs is chosen. >> Please map all used groups using 'net groupmap add', set the maximum >> used RID using >> 'net setmaxrid' and remove the parameter >> >> >> smb.conf: >> [global] >> workgroup = FAB >> server string = zeus >> interfaces = 195.72.98.12/255.255.255.240, >> 10.14.45.12/255.255.255.0 >> map to guest = Bad User >> passdb backend = ldapsam >> algorithmic rid base = 5000 >> log level = 1 >> log file = /var/log/log.smb >> smb ports = 139 >> name resolve order = wins hosts bcast lmhosts >> time server = Yes >> deadtime = 15 >> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY >> printcap name = cups >> add user script = ldapsmb -a -u "%u" >> delete user script = ldapsmb -d -u "%u" >> add group script = ldapsmb -a -g "%g" >> delete group script = ldapsmb -d -g "%g" >> add user to group script = ldapsmb -j -u "%u" -g "%g" >> delete user from group script = ldapsmb -r -u "%u" -g "%g" >> set primary group script = ldapsmb -m -u "%u" -gid "%g" >> add machine script = ldapsmb -a -w "%u" -gid 515 >> logon script = kix32 fab_login.scr >> logon path = \\%L\profiles\%U >> logon drive = h: >> domain logons = Yes >> os level = 65 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de >> ldap group suffix = ou=Groups >> ldap machine suffix = ou=People >> ldap passwd sync = Yes >> ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de >> ldap ssl = no >> ldap user suffix = ou=People >> admin users = @ntadmin, root >> hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45., >> 10.14.43., 10.14.44., 10.10.57. >> printing = cups >> print command >> lpq command = %p >> lprm command = /usr/bin/lprm -P%p %j >> veto files = /*.eml/*.nws/riched20.dll/*.{*}/ >> >> >> SW: >> Opensuse 10.3 64bit >> Samba 3.0.26a >> Openldap: 2.3.37 >> >> >> >> >> Best regards, >> >> - David B?hm >> > ?I'm guessing that somewhere along the line you upgraded your server and > moved your Samba install to the new box? > > This has happened to me several times and there are a few items in the > config that need to be added for later versions of Samba to work as > expected. > > In the global section, add > enable privileges = yes > > And see if that works. > > HTH, Rubin >Hi, your supposition is right. There was a upgrade to a new box. The option you describe is already set. I don't know why it is not listed above. Maybe testparam doesn't dump the complete config? Here is the config with cat! :) Thx for supporting me! best regards, David smb.conf: # smb.conf is the main samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE # Date: 2002-09-12 # # [global] workgroup = FAB netbios name = zeus server string = zeus map to guest = Bad User encrypt passwords = yes enable privileges = yes passdb backend = ldapsam ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap ssl = no ldap passwd sync = yes add user script = ldapsmb -a -u "%u" delete user script = ldapsmb -d -u "%u" add machine script = ldapsmb -a -w "%u" -gid 515 add group script = ldapsmb -a -g "%g" delete group script = ldapsmb -d -g "%g" add user to group script = ldapsmb -j -u "%u" -g "%g" delete user from group script = ldapsmb -r -u "%u" -g "%g" set primary group script = ldapsmb -m -u "%u" -gid "%g" algorithmic rid base = 5000 local master = yes preferred master = yes os level = 65 time server = Yes unix extensions = Yes admin users = @ntadmin root log level = 1 log file = /var/log/log.smb load printers = yes printing = cups printcap name = cups lprm command = /usr/bin/lprm -P%p %j default devmode = yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes dns proxy = yes name resolve order = wins hosts bcast lmhosts veto files = /*.eml/*.nws/riched20.dll/*.{*}/ domain master = yes domain logons = yes logon script = kix32 fab_login.scr logon path = \\%L\profiles\%U logon drive = h: hosts allow = 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57. interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0 deadtime = 15 dos charset = CP850 unix charset = UTF-8 display charset = LOCALE smb ports = 139 -------------- next part -------------- # smb.conf is the main samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE # Date: 2002-09-12 # # [global] workgroup = FAB netbios name = zeus server string = zeus map to guest = Bad User encrypt passwords = yes enable privileges = yes passdb backend = ldapsam ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap ssl = no ldap passwd sync = yes add user script = ldapsmb -a -u "%u" delete user script = ldapsmb -d -u "%u" add machine script = ldapsmb -a -w "%u" -gid 515 add group script = ldapsmb -a -g "%g" delete group script = ldapsmb -d -g "%g" add user to group script = ldapsmb -j -u "%u" -g "%g" delete user from group script = ldapsmb -r -u "%u" -g "%g" set primary group script = ldapsmb -m -u "%u" -gid "%g" algorithmic rid base = 5000 local master = yes preferred master = yes os level = 65 time server = Yes unix extensions = Yes admin users = @ntadmin root log level = 1 log file = /var/log/log.smb load printers = yes printing = cups printcap name = cups lprm command = /usr/bin/lprm -P%p %j default devmode = yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes dns proxy = yes name resolve order = wins hosts bcast lmhosts veto files = /*.eml/*.nws/riched20.dll/*.{*}/ domain master = yes domain logons = yes logon script = kix32 fab_login.scr logon path = \\%L\profiles\%U logon drive = h: hosts allow = 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57. interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0 deadtime = 15 dos charset = CP850 unix charset = UTF-8 display charset = LOCALE smb ports = 139
On Thu, 2008-05-29 at 15:21 +0200, David B?hm wrote:> > Rubin Bennett schrieb: > > On Thu, 2008-05-29 at 10:21 +0200, David B?hm wrote: > >> Hi, > >> > >> i have running samba with ldap as a PDC. The PDC works fine, except > >> adding new computer to the domain. The Computer how was added 2-3 Years > >> ago works fine, but i cannot add new PCs to the domain. > >> > >> The samba log says to remove the paramtere 'algorithmic rid base' and > >> use 'net groupmap add' and 'net setmaxrid'. The command "net setmaxrid" > >> is not existent. > >> > >> For me it is important to add the new PCs to the Domain. So is there any > >> way to add the PCs on Server side? Or any other workaround - it does not > >> matter how. > >> > >> I hope you can help me! :) > >> > >> > >> log.smb: > >> [2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072) > >> 'algorithmic rid base' is set but a passdb backend without > >> algorithmic RIDs is chosen. > >> Please map all used groups using 'net groupmap add', set the maximum > >> used RID using > >> 'net setmaxrid' and remove the parameter > >> > >> > >> smb.conf: > >> [global] > >> workgroup = FAB > >> server string = zeus > >> interfaces = 195.72.98.12/255.255.255.240, > >> 10.14.45.12/255.255.255.0 > >> map to guest = Bad User > >> passdb backend = ldapsam > >> algorithmic rid base = 5000 > >> log level = 1 > >> log file = /var/log/log.smb > >> smb ports = 139 > >> name resolve order = wins hosts bcast lmhosts > >> time server = Yes > >> deadtime = 15 > >> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY > >> printcap name = cups > >> add user script = ldapsmb -a -u "%u" > >> delete user script = ldapsmb -d -u "%u" > >> add group script = ldapsmb -a -g "%g" > >> delete group script = ldapsmb -d -g "%g" > >> add user to group script = ldapsmb -j -u "%u" -g "%g" > >> delete user from group script = ldapsmb -r -u "%u" -g "%g" > >> set primary group script = ldapsmb -m -u "%u" -gid "%g" > >> add machine script = ldapsmb -a -w "%u" -gid 515 > >> logon script = kix32 fab_login.scr > >> logon path = \\%L\profiles\%U > >> logon drive = h: > >> domain logons = Yes > >> os level = 65 > >> preferred master = Yes > >> domain master = Yes > >> wins support = Yes > >> ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de > >> ldap group suffix = ou=Groups > >> ldap machine suffix = ou=People > >> ldap passwd sync = Yes > >> ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de > >> ldap ssl = no > >> ldap user suffix = ou=People > >> admin users = @ntadmin, root > >> hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45., > >> 10.14.43., 10.14.44., 10.10.57. > >> printing = cups > >> print command > >> lpq command = %p > >> lprm command = /usr/bin/lprm -P%p %j > >> veto files = /*.eml/*.nws/riched20.dll/*.{*}/ > >> > >> > >> SW: > >> Opensuse 10.3 64bit > >> Samba 3.0.26a > >> Openldap: 2.3.37 > >> > >> > >> > >> > >> Best regards, > >> > >> - David B?hm > >> > > ?I'm guessing that somewhere along the line you upgraded your server and > > moved your Samba install to the new box? > > > > This has happened to me several times and there are a few items in the > > config that need to be added for later versions of Samba to work as > > expected. > > > > In the global section, add > > enable privileges = yes > > > > And see if that works. > > > > HTH, Rubin > > > > Hi, > > your supposition is right. There was a upgrade to a new box. > > The option you describe is already set. I don't know why it is not > listed above. Maybe testparam doesn't dump the complete config? > > Here is the config with cat! :) > > > Thx for supporting me! >No prob :) It didn't show up because it's a default value in later versions of Samba and as I recall, testparm only outputs non-defaults. I'm sure we'll get this, although I have to be honest and tell you I haven't used LDAP (yet) as a backend. If you run the add machine script as root on the server, does it work correctly? Rubin> best regards, > > David > > smb.conf: > # smb.conf is the main samba configuration file. You find a full commented > # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE > # Date: 2002-09-12 > # > # > [global] > workgroup = FAB > netbios name = zeus > server string = zeus > map to guest = Bad User > encrypt passwords = yes > enable privileges = yes > > passdb backend = ldapsam > ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de > ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > > ldap ssl = no > ldap passwd sync = yes > > add user script = ldapsmb -a -u "%u" > delete user script = ldapsmb -d -u "%u" > add machine script = ldapsmb -a -w "%u" -gid 515 > add group script = ldapsmb -a -g "%g" > delete group script = ldapsmb -d -g "%g" > add user to group script = ldapsmb -j -u "%u" -g "%g" > delete user from group script = ldapsmb -r -u "%u" -g "%g" > set primary group script = ldapsmb -m -u "%u" -gid "%g" > > algorithmic rid base = 5000 > > local master = yes > preferred master = yes > os level = 65 > time server = Yes > unix extensions = Yes > admin users = @ntadmin root > log level = 1 > log file = /var/log/log.smb > load printers = yes > printing = cups > printcap name = cups > lprm command = /usr/bin/lprm -P%p %j > default devmode = yes > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY > wins support = yes > dns proxy = yes > name resolve order = wins hosts bcast lmhosts > veto files = /*.eml/*.nws/riched20.dll/*.{*}/ > > domain master = yes > domain logons = yes > logon script = kix32 fab_login.scr > logon path = \\%L\profiles\%U > logon drive = h: > > hosts allow = > 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57. > interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0 > > deadtime = 15 > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > smb ports = 139 > > > plain text document attachment (smb.conf) > # smb.conf is the main samba configuration file. You find a full commented > # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE > # Date: 2002-09-12 > # > # > [global] > workgroup = FAB > netbios name = zeus > server string = zeus > map to guest = Bad User > encrypt passwords = yes > enable privileges = yes > > passdb backend = ldapsam > ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de > ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de > ldap group suffix = ou=Groups > ldap user suffix = ou=People > ldap machine suffix = ou=People > > ldap ssl = no > ldap passwd sync = yes > > add user script = ldapsmb -a -u "%u" > delete user script = ldapsmb -d -u "%u" > add machine script = ldapsmb -a -w "%u" -gid 515 > add group script = ldapsmb -a -g "%g" > delete group script = ldapsmb -d -g "%g" > add user to group script = ldapsmb -j -u "%u" -g "%g" > delete user from group script = ldapsmb -r -u "%u" -g "%g" > set primary group script = ldapsmb -m -u "%u" -gid "%g" > > algorithmic rid base = 5000 > > local master = yes > preferred master = yes > os level = 65 > time server = Yes > unix extensions = Yes > admin users = @ntadmin root > log level = 1 > log file = /var/log/log.smb > load printers = yes > printing = cups > printcap name = cups > lprm command = /usr/bin/lprm -P%p %j > default devmode = yes > socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY > wins support = yes > dns proxy = yes > name resolve order = wins hosts bcast lmhosts > veto files = /*.eml/*.nws/riched20.dll/*.{*}/ > > domain master = yes > domain logons = yes > logon script = kix32 fab_login.scr > logon path = \\%L\profiles\%U > logon drive = h: > > hosts allow = 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57. > interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0 > > deadtime = 15 > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > smb ports = 139 >-- Rubin Bennett RB Technologies http://thatitguy.com rbennett@thatitguy.com (802)223-4448 "They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety" --Benjamin Franklin, Historical Review of Pennsylvania, 1759
On Fri, 2008-05-30 at 08:19 +0200, David B?hm wrote:> > No prob :) It didn't show up because it's a default value in later > > versions of Samba and as I recall, testparm only outputs non-defaults. > > I'm sure we'll get this, although I have to be honest and tell you I > > haven't used LDAP (yet) as a backend. > > > > If you run the add machine script as root on the server, does it work > > correctly? > > > > Rubin > > > > Yes the script works fine. The machine will be created in ldap but > without any samba attributes (no sid,..). > > I also allready tried just to comment the parameter "algorithmic rid > base = 5000". But if i do that samba doesn't start anymore. The log > reportes, that i changed that parameter and after that core dump: > > [2008/05/28 09:55:03, 0] passdb/pdb_ldap.c:pdb_init_ldapsam(5733) > The value of 'algorithmic RID base' has changed since the LDAP > database was initialised. Aborting. > [2008/05/28 09:55:03, 0] passdb/pdb_interface.c:make_pdb_method_name(146) > pdb backend ldapsam:ldap://localhost:389 did not correctly init > (error was NT_STATUS_UNSUCCESSFUL) > [2008/05/28 09:55:03, 0] lib/util.c:smb_panic(1632) > PANIC (pid 7067): pdb_get_methods_reload: failed to get pdb methods > for backend ldapsam:ldap://localhost:389 > > [2008/05/28 09:55:03, 0] lib/util.c:log_stack_trace(1736) > BACKTRACE: 7 stack frames: > #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x55555578186c] > #1 /usr/sbin/smbd(smb_panic+0x43) [0x555555781953] > #2 /usr/sbin/smbd [0x55555573c815] > #3 /usr/sbin/smbd(initialize_password_db+0x9) [0x55555573c849] > #4 /usr/sbin/smbd(main+0x59b) [0x5555558369ab] > #5 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b0c8832db54] > #6 /usr/sbin/smbd [0x5555555c6259] > [2008/05/28 09:55:03, 0] lib/fault.c:dump_core(181) > dumping core in /var/log/samba/cores/smbd > [2008/05/28 09:55:54, 1] smbd/service.c:make_connection_snum(1033) > > > Btw, it don't realy know why need this parameter. I thought the > association between UID and SID happends in ldap. > > Thx > > - David > >Unfortunately at this point you've gone beyone my experience with Samba running against an LDAP backend. Does anyone else out there have advice for David? Thanks Rubin -- Rubin Bennett RB Technologies http://thatitguy.com rbennett@thatitguy.com (802)223-4448 "They that can give up essential liberty to obtain a little temporary security deserve neither liberty nor safety" --Benjamin Franklin, Historical Review of Pennsylvania, 1759