I've followed the OpenLDAP + SAMBA Domain Controller tutorial
step-by-step: http://ubuntuforums.org/showthread.php?t=640760
And after long hours, and enless googling, I've yet to find a solution.
LDAP works great
SAMBA works great.
But the intergration between them don't work.
Here is the samba log:
root:/etc# tail /var/log/samba/log.smbd
smbd version 3.0.28a started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
I've tried to "net groupmap" the group's, but they've
already been
mapped, and still no luck.
I'm running Ubuntu 8.04, samba version 3.0.28a-1ubuntu4.5
When i try to access the share from the local machine with smbclient, I get:
root:/etc# smbclient //hostname/Storage -U ricky
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
(Note: I renamed "hostname" with the original hostname, i don't
want
to post any internal info.)
And if I do a ldapsearch, it brings up all of the right information.
My LDAP configuration in the smb.conf looks like this:
passdb backend = ldapsam:ldap://localhost/
ldap admin dn = cn=admin,dc=domain,dc=com
ldap user suffix = ou=Users
ldap suffix = dc=domain,dc=com
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
ldap delete dn = Yes
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
(Note: I renamed "domain com" with the original domain, I don't
want
to post any internal info.)
I've double, triple, quad triple, and had someone else look at it, and
we are not seeing what could be going wrong.
If there is anyone who can shine some light on this, it'd be greatly
appreciated!
Thanks!
- Bradley
There are any user/group stored on the ldap?? if yes, try the command to read all users stored on Passwd and on the ldap: #gentent passwd and the command # gentent group to check the groups stored on the ldap and unix system. Reggards, ---------------------------------- Iarly Selbir ( Ski0s ) On Tue, Nov 11, 2008 at 7:07 AM, Brad Nielsen <Brad.Nielsen@techsonix.com>wrote:> I've followed the OpenLDAP + SAMBA Domain Controller tutorial > step-by-step: http://ubuntuforums.org/showthread.php?t=640760 > > And after long hours, and enless googling, I've yet to find a solution. > > LDAP works great > SAMBA works great. > > But the intergration between them don't work. > > Here is the samba log: > root:/etc# tail /var/log/samba/log.smbd > smbd version 3.0.28a started. > Copyright Andrew Tridgell and the Samba Team 1992-2008 > [2008/11/10 22:11:32, 0] > auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > [2008/11/10 22:11:47, 0] > auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > > I've tried to "net groupmap" the group's, but they've already been > mapped, and still no luck. > > I'm running Ubuntu 8.04, samba version 3.0.28a-1ubuntu4.5 > > When i try to access the share from the local machine with smbclient, I > get: > root:/etc# smbclient //hostname/Storage -U ricky > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > (Note: I renamed "hostname" with the original hostname, i don't want > to post any internal info.) > > And if I do a ldapsearch, it brings up all of the right information. > > My LDAP configuration in the smb.conf looks like this: > > passdb backend = ldapsam:ldap://localhost/ > > ldap admin dn = cn=admin,dc=domain,dc=com > ldap user suffix = ou=Users > ldap suffix = dc=domain,dc=com > ldap idmap suffix = ou=Users > ldap passwd sync = Yes > ldap delete dn = Yes > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > > (Note: I renamed "domain com" with the original domain, I don't want > to post any internal info.) > > I've double, triple, quad triple, and had someone else look at it, and > we are not seeing what could be going wrong. > > If there is anyone who can shine some light on this, it'd be greatly > appreciated! > > Thanks! > > - Bradley > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Check if the users are stored on the samba database. # pdbedit -L or #pdbedit -Lv user_test Reggards, ---------------------------------- iarly Selbir ( Ski0s ) On Tue, Nov 11, 2008 at 8:37 PM, Brad Nielsen <Brad.Nielsen@techsonix.com>wrote:> Hey Larly, > > I've got users and group's... > > I've used this command to create the user: > smbldap-useradd -a -m -M ricky -c "Richard M" ricky >
Brad Nielsen wrote:> I've followed the OpenLDAP + SAMBA Domain Controller tutorial > step-by-step: http://ubuntuforums.org/showthread.php?t=640760 > > And after long hours, and enless googling, I've yet to find a solution. > > LDAP works great > SAMBA works great. > > But the intergration between them don't work. > > Here is the samba log: > root:/etc# tail /var/log/samba/log.smbd > smbd version 3.0.28a started. > Copyright Andrew Tridgell and the Samba Team 1992-2008 > [2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/11/10 22:11:32, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > [2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators > [2008/11/10 22:11:47, 0] auth/auth_util.c:create_builtin_users(758) > create_builtin_users: Failed to create Users > > I've tried to "net groupmap" the group's, but they've already been > mapped, and still no luck. > > I'm running Ubuntu 8.04, samba version 3.0.28a-1ubuntu4.5 > > When i try to access the share from the local machine with smbclient, I get: > root:/etc# smbclient //hostname/Storage -U ricky > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > (Note: I renamed "hostname" with the original hostname, i don't want > to post any internal info.) > > And if I do a ldapsearch, it brings up all of the right information. > > My LDAP configuration in the smb.conf looks like this: > > passdb backend = ldapsam:ldap://localhost/ > > ldap admin dn = cn=admin,dc=domain,dc=com > ldap user suffix = ou=Users > ldap suffix = dc=domain,dc=com > ldap idmap suffix = ou=Users > ldap passwd sync = Yes > ldap delete dn = Yes > ldap machine suffix = ou=Computers > ldap group suffix = ou=Groups > > (Note: I renamed "domain com" with the original domain, I don't want > to post any internal info.) > > I've double, triple, quad triple, and had someone else look at it, and > we are not seeing what could be going wrong. > > If there is anyone who can shine some light on this, it'd be greatly > appreciated! > > Thanks! > > - Bradley >Looks like you are hitting the same stone-wall I encountered couple days ago. Try creating a user using -m and not -a This is what I use: smbldap-useradd -c "${fname} ${lname}" -M ${email} -N ${fname} -S ${lname} -A 1 -a -D H: -E allusers.bat -m -d "/data/home/${uid}" ${uid} Let me know if that fixes it, because I did 'a lot' trying to get this going and I am still not 100% convinced that this is the solution that does it all... Regards Peter -- Peter Van den Wildenbergh Owner & Principal I.T. Consultant meta-logica 13 Cimarron Meadows Close Okotoks AB T1S 1T5 SREC office E-mail : peter@srecengineering.com Phone : 403.984.9591 (ext. 591) meta-logica office E-mail : peter@meta-logica.com Web : www.meta-logica.com Phone : (403) 478-META [6382]
Have you stored the password for cn=admin in secrets.tdb? # smbpasswd -w put_your_ldap_admin_password_here Last week I tried to get a new samba server to authenticate to my PDC (samba+openLDAP) and after digging for two days I found out that the only part I missing was the above line. Stupid me.