samba - Oct 2009 - Samba & LDAP: "Unable to allocate a new user id: bailing out!"

Hi!

I'm currently setting up a Samba 3 PDC. So far I managed to setup Samba 
with an OpenLDAP backend, but adding a user with the command "net rpc 
user add mg password -U root" results in the following error:

Failed to add user 'mg' with: WERR_GENERAL_FAILURE.

In the logfile it says:

[2009/10/28 15:56:28,  0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
   ldapsam_create_user: Unable to allocate a new user id: bailing out!

Unfortunately I cannot find any other hint on what the reason could be. 
Has someone an idea what I might have misconfigured?

Below's my smb.conf. The samba-user has granted the rights to manage the 
whole domain-tree (olcAccess = {0}to dn.sub="dc=lohrmann,dc=de" by 
dn="cn=samba,dc=lohrmann,dc=de" manage by * break).

Thx a lot in advance!

Chris

--------

smb.conf:

[global]

    workgroup = LOHRMANN.DE
    domain logons = yes
    domain master = yes
    local master = yes
    preferred master = yes
    os level = 65

    passdb backend = ldapsam
    ldap admin dn = cn=samba,dc=lohrmann,dc=de
    ldap suffix = dc=lohrmann,dc=de
    ldap passwd sync = yes
    ldap machine suffix = ou=machines
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmaps
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000

    ldapsam:trusted = yes
    ldapsam:editposix = yes

    logon drive = H:
    logon script = logon.bat
    logon path = \\%N\profiles\%U\%a

[homes]
    comment = Users Home Directories
    valid users = %S
    writeable = yes

[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon

[profiles]
    comment = Users profiles
    path = /var/lib/samba/profiles

[printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    guest ok = no
    read only = yes
    create mask = 0700

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no

Great - that was the reason. In case someone else encounters the same 
problem - adding the following lines helped:

    idmap backend = ldap
    idmap alloc backend = ldap
    idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
    idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
    idmap alloc config:ldap_url = ldap://ldap.lohrmann.de

Thx Fran?ois!


Am 28.10.2009 17:23, schrieb Fran?ois Legal:
> You have to define an allocation backend for idmapping, so that winbindd
> can allocate uids and gids for the users and groups that you want to
> create.
>
> On Wed, 28 Oct 2009 16:32:35 +0100, Christian Geiger
> <c.geiger at lohrmann.de>
> wrote:
>> Hi!
>>
>> I'm currently setting up a Samba 3 PDC. So far I managed to setup
Samba
>> with an OpenLDAP backend, but adding a user with the command "net
rpc
>> user add mg password -U root" results in the following error:
>>
>> Failed to add user 'mg' with: WERR_GENERAL_FAILURE.
>>
>> In the logfile it says:
>>
>> [2009/10/28 15:56:28,  0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
>>     ldapsam_create_user: Unable to allocate a new user id: bailing out!
>>
>> Unfortunately I cannot find any other hint on what the reason could be.
>> Has someone an idea what I might have misconfigured?
>>
>> Below's my smb.conf. The samba-user has granted the rights to
manage the
>
>> whole domain-tree (olcAccess = {0}to
dn.sub="dc=lohrmann,dc=de" by
>> dn="cn=samba,dc=lohrmann,dc=de" manage by * break).
>>
>> Thx a lot in advance!
>>
>> Chris
>>
>> --------
>>
>> smb.conf:
>>
>> [global]
>>
>>      workgroup = LOHRMANN.DE
>>      domain logons = yes
>>      domain master = yes
>>      local master = yes
>>      preferred master = yes
>>      os level = 65
>>
>>      passdb backend = ldapsam
>>      ldap admin dn = cn=samba,dc=lohrmann,dc=de
>>      ldap suffix = dc=lohrmann,dc=de
>>      ldap passwd sync = yes
>>      ldap machine suffix = ou=machines
>>      ldap user suffix = ou=users
>>      ldap group suffix = ou=groups
>>      ldap idmap suffix = ou=idmaps
>>      ldap ssl = no
>>      idmap uid = 10000-20000
>>      idmap gid = 10000-20000
>>
>>      ldapsam:trusted = yes
>>      ldapsam:editposix = yes
>>
>>      logon drive = H:
>>      logon script = logon.bat
>>      logon path = \\%N\profiles\%U\%a
>>
>> [homes]
>>      comment = Users Home Directories
>>      valid users = %S
>>      writeable = yes
>>
>> [netlogon]
>>      comment = Network Logon Service
>>      path = /var/lib/samba/netlogon
>>
>> [profiles]
>>      comment = Users profiles
>>      path = /var/lib/samba/profiles
>>
>> [printers]
>>      comment = All Printers
>>      browseable = no
>>      path = /var/spool/samba
>>      printable = yes
>>      guest ok = no
>>      read only = yes
>>      create mask = 0700
>>
>> [print$]
>>      comment = Printer Drivers
>>      path = /var/lib/samba/printers
>>      browseable = yes
>>      read only = yes
>>      guest ok = no
>
> __________ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4553
(20091028) __________
>
> E-Mail wurde gepr?ft mit ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>