samba - Apr 2010 - smbldap-tools vrs. Ldapsam:Editposix

Hi,

recently I got my ldap server up an running and now I'd like to start to
use it with our 600-user-300-windows-pc samba server.

(Centos 5.4, samba-3.0.33-3.28, openldap-2.3.43, smbldap-tools-0.9.5-)

So I started to read the samba how to, some books, a lot of postings and
finaly tried first the smbldap-tools from idealx.

After that I tried the Ldapsam:Editposix as this is the build in and may
be "simpler" way to set up/manage the samba server.

But as a novice in samba+ldap I'm faced with some questions and did not
find any answers yet, because most docs start with a fresh set up and
don't do a migration.

After importing my posix accounts into ldap and populating the basic
tree for samba I was able to migrate the sambapasswd too and finaly my
windows users can log in. (This was the smbldap-tools-way)

Doing this the Ldapsam:Editposix-way, something with the users main
group mapping(?) fails. (1)

May be somewone can poit me to a good "migrating to Ldapsam:Editposix
how tos"? Or can help my in an other way? I can provide my config in
detail and describe the steps I did.

One importend question for me too is, should I go the Ldapsam:Editposix
way or smbldap-tool-way? Any suggestions?


Thanks a lot and best regards,

	G?tz



(1)


[2010/04/26 15:38:30, 3]
passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2719)
  primary group of [greinick] not found
[2010/04/26 15:38:30, 10] auth/auth_util.c:make_server_info_sam(639)
  pdb_enum_group_memberships failed: NT_STATUS_UNSUCCESSFUL
[2010/04/26 15:38:30, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/04/26 15:38:30, 0] auth/auth_sam.c:check_sam_security(353)
  check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'
[2010/04/26 15:38:30, 5] auth/auth.c:check_ntlm_password(273)
  check_ntlm_password: sam authentication for user [greinick] FAILED
with error NT_STATUS_UNSUCCESSFUL
[2010/04/26 15:38:30, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain
[DALICLONE] was for this SAM.
[2010/04/26 15:38:30, 10] auth/auth.c:check_ntlm_password(261)
  check_ntlm_password: winbind had nothing to say
[2010/04/26 15:38:30, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [greinick] -> [greinick]
FAILED with error NT_STATUS_UNSUCCESSFUL
[2010/04/26 15:38:30, 5] auth/auth_util.c:free_user_info(2108)
  attempting to free (and zero) a user_info structure




-- 
G?tz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-W?rttemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia H?bner

Gesch?ftsf?hrer:
Prof. Thomas Schadt