Christian Geiger
2009-Oct-28 15:32 UTC
[Samba] Samba & LDAP: "Unable to allocate a new user id: bailing out!"
Hi!
I'm currently setting up a Samba 3 PDC. So far I managed to setup Samba
with an OpenLDAP backend, but adding a user with the command "net rpc
user add mg password -U root" results in the following error:
Failed to add user 'mg' with: WERR_GENERAL_FAILURE.
In the logfile it says:
[2009/10/28 15:56:28, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
ldapsam_create_user: Unable to allocate a new user id: bailing out!
Unfortunately I cannot find any other hint on what the reason could be.
Has someone an idea what I might have misconfigured?
Below's my smb.conf. The samba-user has granted the rights to manage the
whole domain-tree (olcAccess = {0}to dn.sub="dc=lohrmann,dc=de" by
dn="cn=samba,dc=lohrmann,dc=de" manage by * break).
Thx a lot in advance!
Chris
--------
smb.conf:
[global]
workgroup = LOHRMANN.DE
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
passdb backend = ldapsam
ldap admin dn = cn=samba,dc=lohrmann,dc=de
ldap suffix = dc=lohrmann,dc=de
ldap passwd sync = yes
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmaps
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
ldapsam:trusted = yes
ldapsam:editposix = yes
logon drive = H:
logon script = logon.bat
logon path = \\%N\profiles\%U\%a
[homes]
comment = Users Home Directories
valid users = %S
writeable = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
[profiles]
comment = Users profiles
path = /var/lib/samba/profiles
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Christian Geiger
2009-Oct-29 07:49 UTC
[Samba] Samba & LDAP: "Unable to allocate a new user id: bailing out!"
Great - that was the reason. In case someone else encounters the same
problem - adding the following lines helped:
idmap backend = ldap
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
idmap alloc config:ldap_url = ldap://ldap.lohrmann.de
Thx Fran?ois!
Am 28.10.2009 17:23, schrieb Fran?ois Legal:> You have to define an allocation backend for idmapping, so that winbindd
> can allocate uids and gids for the users and groups that you want to
> create.
>
> On Wed, 28 Oct 2009 16:32:35 +0100, Christian Geiger
> <c.geiger at lohrmann.de>
> wrote:
>> Hi!
>>
>> I'm currently setting up a Samba 3 PDC. So far I managed to setup
Samba
>> with an OpenLDAP backend, but adding a user with the command "net
rpc
>> user add mg password -U root" results in the following error:
>>
>> Failed to add user 'mg' with: WERR_GENERAL_FAILURE.
>>
>> In the logfile it says:
>>
>> [2009/10/28 15:56:28, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
>> ldapsam_create_user: Unable to allocate a new user id: bailing out!
>>
>> Unfortunately I cannot find any other hint on what the reason could be.
>> Has someone an idea what I might have misconfigured?
>>
>> Below's my smb.conf. The samba-user has granted the rights to
manage the
>
>> whole domain-tree (olcAccess = {0}to
dn.sub="dc=lohrmann,dc=de" by
>> dn="cn=samba,dc=lohrmann,dc=de" manage by * break).
>>
>> Thx a lot in advance!
>>
>> Chris
>>
>> --------
>>
>> smb.conf:
>>
>> [global]
>>
>> workgroup = LOHRMANN.DE
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> os level = 65
>>
>> passdb backend = ldapsam
>> ldap admin dn = cn=samba,dc=lohrmann,dc=de
>> ldap suffix = dc=lohrmann,dc=de
>> ldap passwd sync = yes
>> ldap machine suffix = ou=machines
>> ldap user suffix = ou=users
>> ldap group suffix = ou=groups
>> ldap idmap suffix = ou=idmaps
>> ldap ssl = no
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>>
>> ldapsam:trusted = yes
>> ldapsam:editposix = yes
>>
>> logon drive = H:
>> logon script = logon.bat
>> logon path = \\%N\profiles\%U\%a
>>
>> [homes]
>> comment = Users Home Directories
>> valid users = %S
>> writeable = yes
>>
>> [netlogon]
>> comment = Network Logon Service
>> path = /var/lib/samba/netlogon
>>
>> [profiles]
>> comment = Users profiles
>> path = /var/lib/samba/profiles
>>
>> [printers]
>> comment = All Printers
>> browseable = no
>> path = /var/spool/samba
>> printable = yes
>> guest ok = no
>> read only = yes
>> create mask = 0700
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>> browseable = yes
>> read only = yes
>> guest ok = no
>
> __________ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4553
(20091028) __________
>
> E-Mail wurde gepr?ft mit ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>