Hello all=20
=20
First of all Sorry for the long e-mail
=20
I am trying to get samba working as a domain member and store the idmap in a
ldap database.
=20
The join is successful and all commands are working like it should wbinfo =96u,
wbinfo =96g kinit enz
But the id administrator command gives me the following
=20
# id administrator
id: administrator: no such user
=20
If I do not use the ldap backend it works well.
=20
This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43
I did do all the things mentioned in chapter 7 of the by example doc.
Also the smbpasswd =96w 12345
=20
I am working on this for over 3 days now but my ldap understanding is not that
much I guess.
What am I forgetting or doing wrong.
=20
Best regards,
Johan Hendriks
=20
=20
My slapd.conf file
=20
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/openldap.schema
include /usr/local/etc/openldap/schema/samba.schema
=20
loglevel 256
=20
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
=20
# Load dynamic backend modules:
modulepath /usr/local/libexec/openldap
moduleload back_bdb
=20
#######################################################################
# BDB database definitions
#######################################################################
=20
database bdb
suffix "dc=3Ddouble-l,dc=3Dlocal"
rootdn "cn=3DManager,dc=3Ddouble-l,dc=3Dlocal"
rootpw =3D 12345
=20
=20
=20
directory /usr/local/var/db/openldap-data
=20
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
=20
my ldap.con and nss_ldap.conf file
=20
=20
base dc=3Ddouble-l,dc=3Dlocal
binddn cn=3DManager,dc=3Ddouble-l,dc=3Dlocal
bindpw 12345
=20
=20
pam_password exop
=20
bind_policy soft
bind_timelimit 10
=20
host 127.0.0.1
idle_timelimit 3600
ldap_version 3
=20
nss_base_group ou=3DGroups,dc=3Ddouble-l,dc=3Dlocal?one
nss_base_passwd ou=3DPeople,dc=3Ddouble-l,dc=3Dlocal?one
nss_base_shadow ou=3DPeople,dc=3Ddouble-l,dc=3Dlocal?one
=20
nss_connect_policy persist
nss_paged_results yes
=20
pagesize 1000
port 389
timelimit 30
=20
my vi /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
=20
my idmap.ldiff file=20
=20
dn: dc=3Dsnowshow,dc=3Dcom
objectClass: dcObject
objectClass: organization
dc: snowshow
o: The Greatest Snow Show in Singapore.
description: Posix and Samba LDAP Identity Database
=20
dn: cn=3DManager,dc=3Dsnowshow,dc=3Dcom
objectClass: organizationalRole
cn: Manager
description: Directory Manager
=20
dn: ou=3DIdmap,dc=3Dsnowshow,dc=3Dcom
objectClass: organizationalUnit
ou: idmap
=20
=20
and finally my smb.conf file
=20
[global]
workgroup =3D DOUBLE-L
netbios name =3D BEASTY
realm =3D DOUBLE-L.LOCAL
server string =3D Samba Server
security =3D ADS
log level =3D 1 ads:10 auth:10 sam:10 rpc:10
ldap admin dn =3D cn=3DManager,dc=3DDOUBLE-L,dc=3DLOCAL
ldap idmap suffix =3D ou=3DIdmap
ldap suffix =3D dc=3DDOUBLE-L,dc=3DLOCAL
idmap backend =3D ldap:ldap://127.0.0.1
idmap uid =3D 150000-550000
idmap gid =3D 150000-550000
template shell =3D /usr/local/bin/bash
winbind use default domain =3D Yes
=20
[share1]
comment =3D Data Directory
path =3D /mnt
#write list =3D @mr70
read only =3D no
create mask =3D 0777
directory mask =3D 0777
=20
and my /etc/krb5.conf file
=20
[libdefaults]
default_realm =3D DOUBLE-l.LOCAL
clockskew =3D 300
=20
[realms]
DOUBLE-l.LOCAL =3D {
kdc =3D w2003s01.double-l.local
}
=20
[domain_realm]
.double-l.local =3D DOUBLE-l.LOCAL
=20
=20
This is a part of my slapd.log file after a restart of samba and a id
administrator command
=20
Oct 21 16:47:34 beasty slapd[60723]: conn=3D7 fd=3D13 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=3D8 fd=3D15 closed (connection lost)
Oct 21 16:47:34 beasty slapd[60723]: conn=3D6 fd=3D12 closed (connection lost)
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 fd=3D12 ACCEPT from
IP=3D127.0.0.1:58176 (IP=3D127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" method=3D128
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" mech=3DSIMPLE ssf=3D0
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D0 RESULT tag=3D97 err=3D0
text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D1 SRCH
base=3D"ou=3DGroups,dc=3Ddouble-l,dc=3Dlocal" scope=3D1 deref=3D0
filter=3D"(&(objectClass=3DposixGroup))"
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D1 SRCH attr=3Dcn
userPassword memberUid uniqueMember gidNumber
Oct 21 16:47:35 beasty slapd[60723]: conn=3D13 op=3D1 SEARCH RESULT tag=3D101
err=3D32 nentries=3D0 text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 fd=3D13 ACCEPT from
IP=3D127.0.0.1:60398 (IP=3D127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D0 BIND
dn=3D"cn=3DManager,dc=3DDOUBLE-L,dc=3DLOCAL" method=3D128
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" mech=3DSIMPLE ssf=3D0
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D0 RESULT tag=3D97 err=3D0
text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D1 SRCH base=3D""
scope=3D0 deref=3D0 filter=3D"(objectClass=3D*)"
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D1 SRCH
attr=3DsupportedControl
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D1 SEARCH RESULT tag=3D101
err=3D0 nentries=3D1 text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D2 SRCH
base=3D"ou=3DIdmap,dc=3DDOUBLE-L,dc=3DLOCAL" scope=3D2 deref=3D0
filter=3D"(objectClass=3DsambaUnixIdPool)"
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D2 SRCH attr=3DuidNumber
gidNumber objectClass
Oct 21 16:47:35 beasty slapd[60723]: conn=3D14 op=3D2 SEARCH RESULT tag=3D101
err=3D0 nentries=3D1 text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 fd=3D15 ACCEPT from
IP=3D127.0.0.1:60156 (IP=3D127.0.0.1:389)
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D0 BIND
dn=3D"cn=3DManager,dc=3DDOUBLE-L,dc=3DLOCAL" method=3D128
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" mech=3DSIMPLE ssf=3D0
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D0 RESULT tag=3D97 err=3D0
text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D1 SRCH base=3D""
scope=3D0 deref=3D0 filter=3D"(objectClass=3D*)"
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D1 SRCH
attr=3DsupportedControl
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D1 SEARCH RESULT tag=3D101
err=3D0 nentries=3D1 text=3D
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D2 SRCH
base=3D"ou=3DIdmap,dc=3DDOUBLE-L,dc=3DLOCAL" scope=3D2 deref=3D0
filter=3D"(&(objectClass=3DsambaIdmapEntry)(gidNumber=3D65534))"
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D2 SRCH attr=3DsambaSID
uidNumber gidNumber objectClass
Oct 21 16:47:35 beasty slapd[60723]: conn=3D15 op=3D2 SEARCH RESULT tag=3D101
err=3D0 nentries=3D0 text=3D
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 fd=3D17 ACCEPT from
IP=3D127.0.0.1:50821 (IP=3D127.0.0.1:389)
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" method=3D128
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D0 BIND
dn=3D"cn=3DManager,dc=3Ddouble-l,dc=3Dlocal" mech=3DSIMPLE ssf=3D0
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D0 RESULT tag=3D97 err=3D0
text=3D
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D1 SRCH
base=3D"ou=3DPeople,dc=3Ddouble-l,dc=3Dlocal" scope=3D1 deref=3D0
filter=3D"(&(objectClass=3DposixAccount)(uid=3Dadministrator))"
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D1 SRCH attr=3Duid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description
objectClass shadowLastChange shadowMax shadowExpire
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 op=3D1 SEARCH RESULT tag=3D101
err=3D32 nentries=3D0 text=3D
Oct 21 16:47:50 beasty slapd[60723]: conn=3D16 fd=3D17 closed (connection lost)
=20
=20
=20
=20
=20
In nsswitch.conf, replace "ldap" by "winbind" 2008/10/21 Johan Hendriks <Johan@double-l.nl>:> Hello all > > > > First of all Sorry for the long e-mail > > > > I am trying to get samba working as a domain member and store the idmap in a ldap database. > > > > The join is successful and all commands are working like it should wbinfo ?u, wbinfo ?g kinit enz > > But the id administrator command gives me the following > > > > # id administrator > > id: administrator: no such user > > > > If I do not use the ldap backend it works well. > > > > This is on FreeBSD 7_RELEASE with samba 3.0.32 and openldap 2.3.43 > > I did do all the things mentioned in chapter 7 of the by example doc. > > Also the smbpasswd ?w 12345 > > > > I am working on this for over 3 days now but my ldap understanding is not that much I guess. > > What am I forgetting or doing wrong. > > > > Best regards, > > Johan Hendriks > > > > > > My slapd.conf file > > > > # > > # See slapd.conf(5) for details on configuration options. > > # This file should NOT be world readable. > > # > > include /usr/local/etc/openldap/schema/core.schema > > include /usr/local/etc/openldap/schema/cosine.schema > > include /usr/local/etc/openldap/schema/inetorgperson.schema > > include /usr/local/etc/openldap/schema/misc.schema > > include /usr/local/etc/openldap/schema/nis.schema > > include /usr/local/etc/openldap/schema/openldap.schema > > include /usr/local/etc/openldap/schema/samba.schema > > > > loglevel 256 > > > > pidfile /var/run/openldap/slapd.pid > > argsfile /var/run/openldap/slapd.args > > > > # Load dynamic backend modules: > > modulepath /usr/local/libexec/openldap > > moduleload back_bdb > > > > ####################################################################### > > # BDB database definitions > > ####################################################################### > > > > database bdb > > suffix "dc=double-l,dc=local" > > rootdn "cn=Manager,dc=double-l,dc=local" > > rootpw = 12345 > > > > > > > > directory /usr/local/var/db/openldap-data > > > > # Indices to maintain > > index objectClass eq > > index cn pres,sub,eq > > index sn pres,sub,eq > > index uid pres,sub,eq > > index displayName pres,sub,eq > > index uidNumber eq > > index gidNumber eq > > index memberUID eq > > index sambaSID eq > > index sambaPrimaryGroupSID eq > > index sambaDomainName eq > > index default sub > > > > my ldap.con and nss_ldap.conf file > > > > > > base dc=double-l,dc=local > > binddn cn=Manager,dc=double-l,dc=local > > bindpw 12345 > > > > > > pam_password exop > > > > bind_policy soft > > bind_timelimit 10 > > > > host 127.0.0.1 > > idle_timelimit 3600 > > ldap_version 3 > > > > nss_base_group ou=Groups,dc=double-l,dc=local?one > > nss_base_passwd ou=People,dc=double-l,dc=local?one > > nss_base_shadow ou=People,dc=double-l,dc=local?one > > > > nss_connect_policy persist > > nss_paged_results yes > > > > pagesize 1000 > > port 389 > > timelimit 30 > > > > my vi /etc/nsswitch.conf > > group: files ldap > > group_compat: nis > > hosts: files dns > > networks: files > > passwd: files ldap > > passwd_compat: nis > > shells: files > > services: compat > > services_compat: nis > > protocols: files > > rpc: files > > > > my idmap.ldiff file > > > > dn: dc=snowshow,dc=com > objectClass: dcObject > objectClass: organization > dc: snowshow > o: The Greatest Snow Show in Singapore. > description: Posix and Samba LDAP Identity Database > > dn: cn=Manager,dc=snowshow,dc=com > objectClass: organizationalRole > cn: Manager > description: Directory Manager > > dn: ou=Idmap,dc=snowshow,dc=com > objectClass: organizationalUnit > ou: idmap > > > > > > and finally my smb.conf file > > > > [global] > > workgroup = DOUBLE-L > > netbios name = BEASTY > > realm = DOUBLE-L.LOCAL > > server string = Samba Server > > security = ADS > > log level = 1 ads:10 auth:10 sam:10 rpc:10 > > ldap admin dn = cn=Manager,dc=DOUBLE-L,dc=LOCAL > > ldap idmap suffix = ou=Idmap > > ldap suffix = dc=DOUBLE-L,dc=LOCAL > > idmap backend = ldap:ldap://127.0.0.1 > > idmap uid = 150000-550000 > > idmap gid = 150000-550000 > > template shell = /usr/local/bin/bash > > winbind use default domain = Yes > > > > [share1] > > comment = Data Directory > > path = /mnt > > #write list = @mr70 > > read only = no > > create mask = 0777 > > directory mask = 0777 > > > > and my /etc/krb5.conf file > > > > [libdefaults] > > default_realm = DOUBLE-l.LOCAL > > clockskew = 300 > > > > [realms] > > DOUBLE-l.LOCAL = { > > kdc = w2003s01.double-l.local > > } > > > > [domain_realm] > > .double-l.local = DOUBLE-l.LOCAL > > > > > > This is a part of my slapd.log file after a restart of samba and a id administrator command > > > > Oct 21 16:47:34 beasty slapd[60723]: conn=7 fd=13 closed (connection lost) > > Oct 21 16:47:34 beasty slapd[60723]: conn=8 fd=15 closed (connection lost) > > Oct 21 16:47:34 beasty slapd[60723]: conn=6 fd=12 closed (connection lost) > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 fd=12 ACCEPT from IP=127.0.0.1:58176 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=0 RESULT tag=97 err=0 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SRCH base="ou=Groups,dc=double-l,dc=local" scope=1 deref=0 filter="(&(objectClass=posixGroup))" > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber > > Oct 21 16:47:35 beasty slapd[60723]: conn=13 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=14 fd=13 ACCEPT from IP=127.0.0.1:60398 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 BIND dn="cn=Manager,dc=DOUBLE-L,dc=LOCAL" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=0 RESULT tag=97 err=0 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SRCH attr=supportedControl > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SRCH base="ou=Idmap,dc=DOUBLE-L,dc=LOCAL" scope=2 deref=0 filter="(objectClass=sambaUnixIdPool)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SRCH attr=uidNumber gidNumber objectClass > > Oct 21 16:47:35 beasty slapd[60723]: conn=14 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=15 fd=15 ACCEPT from IP=127.0.0.1:60156 (IP=127.0.0.1:389) > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 BIND dn="cn=Manager,dc=DOUBLE-L,dc=LOCAL" method=128 > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=0 RESULT tag=97 err=0 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SRCH attr=supportedControl > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text> > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SRCH base="ou=Idmap,dc=DOUBLE-L,dc=LOCAL" scope=2 deref=0 filter="(&(objectClass=sambaIdmapEntry)(gidNumber=65534))" > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SRCH attr=sambaSID uidNumber gidNumber objectClass > > Oct 21 16:47:35 beasty slapd[60723]: conn=15 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text> > Oct 21 16:47:50 beasty slapd[60723]: conn=16 fd=17 ACCEPT from IP=127.0.0.1:50821 (IP=127.0.0.1:389) > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" method=128 > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 BIND dn="cn=Manager,dc=double-l,dc=local" mech=SIMPLE ssf=0 > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=0 RESULT tag=97 err=0 text> > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SRCH base="ou=People,dc=double-l,dc=local" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=administrator))" > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire > > Oct 21 16:47:50 beasty slapd[60723]: conn=16 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text> > Oct 21 16:47:50 beasty slapd[60723]: conn=16 fd=17 closed (connection lost) > > > > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Well that did it, thank you very very much. Did I read the documentation wrong or is it the documentation that need to be adjusted. I read this http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm and then the section IDMAP Storage in LDAP using Winbind regards, Johan Hendriks No virus found in this outgoing message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.2/1741 - Release Date: 23-10-2008 7:54