I'm testing out a new Samba setup to hopefully replace my aging Win2k
domain. I've got some of it working:
- My PDC (shadow) seems to be working on the CASA domain with an LDAP
backend.
- nss_ldap and pam_ldap are working on shadow
- I can run wbinfo -u and get the user info from LDAP on shadow.
- I can run wbinfo -a username%password and authenticate a user on shadow.
I can run getent passwd and getent group and see the local users/groups as
well as the ones in the ldap directory but if I change /etc/nsswitch.conf
to only use winbind for passwd, I get nothing.
I see the following message in all of the winbind logs
[2009/03/29 09:03:26, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(624)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR
received from remote machine SHADOW pipe \lsarpc fnum 0x71a5!
this message appears over and over in log.winbindd
[2009/03/29 21:46:00, 2] winbindd/winbindd.c:remove_client(761)
final write to client failed: Broken pipe
Are either of those messages familiar to anyone? Are they something I need
to follow up on? Are they an indicator of something I don't have
configured correctly.
I'm learning a lot in the process, but I'm kind of running out of ideas
for
what I need to do to get winbind to work on the PDC. I'm also seeing the
same set of errors from every client I've built also. I used the same
smb.conf with localhost changed to shadow.casa.local and the security
changed from user to domain.
If anyone can let me know what I don't have configured correctly please let
me know.
Thanks,
Joe.
------------------
All servers are running FreeBSD 7.1, and Samba 3.2.8.
settings from SHADOW:
shadow# testparm
Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = CASA
server string = Shadow, the Casa PDC
passdb backend = ldapsam:ldap://shadow.casa.local
log level = 2
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script
= /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script
= /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script
= /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon path = \\eberon\Profiles\%U
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=samba,ou=DSA,dc=casa,dc=local
ldap group suffix = ou=group
ldap machine suffix = ou=machine
ldap passwd sync = Yes
ldap suffix = dc=casa,dc=local
ldap user suffix = ou=accounts,ou=people
idmap domains = ALLDOMAINS
idmap alloc backend = ldap
idmap alloc config:range = 10000 - 20000
idmap alloc config:ldap_user_dn = cn=samba,ou=DSA,dc=casa,dc=local
idmap alloc config:ldap_url = ldap://shadow.casa.local/
idmap alloc config:ldap_base_dn = ou=Idmap,dc=casa,dc=local
idmap config ALLDOMAINS:range = 10000 - 20000
idmap config ALLDOMAINS:ldap_url = ldap://localhost/
idmap config ALLDOMAINS:ldap_base_dn = ou=Idmap,dc=casa,dc=local
idmap config ALLDOMAINS:backend = ldap
idmap config ALLDOMAINS:default = yes
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = Yes
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No