Displaying 20 results from an estimated 46 matches for "sambaidmapentry".
2004 Oct 25
1
LDAP: strange "net groupmap" behaviour
...; [2]
[2004/10/24 16:43:24, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2008)
ldapsam_getgroup: Did not find group
[2004/10/24 16:43:24, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base => [ou=Groups,ou=CHEL,o=SKBKontur,c=RU], filter => [(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=4294967295))], scope => [2]
[2004/10/24 16:43:24, 5] lib/smbldap.c:smbldap_search(963)
smbldap_search: base => [ou=IdMap,ou=CHEL,o=SKBKontur,c=RU], filter => [(&(objectClass=sambaIdmapEntry)(gidNumber=4294967295))], scope => [2]
[2004/10/24 16:43:24, 5] lib/smbldap....
2014 Mar 02
1
idmap ldap problems
Hi!
Since upgrade to Samba 3.6.9, I am experiencing problems concerning
winbind idmapping.
I am using an LDAP directory with RFC 2307 accounts and sambaSamAccount
sambaSID entries for each local domain user. SIDs for other domains
should be stored in sambaIdmapEntry objects in a separate LDAP tree.
The problem is that winbind doesn't seem to map SIDs from the local
domain to unix IDs. smbd initially work fine but after some time, Idmap
entries for my local domain groups are allocated, which results in
duplicate mappings. (I.e. a local domain group now...
2004 Aug 13
1
Group creation and ldap
...AP
entry with objectClass set to posixGroup and gidNumber set to the gid I
want to use and cn set to the group name. The next thing samba does is
look for the posix group with the following filters:
[(&(objectClass=sambaGroupMapping)(gidNumber=0))]
[(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=0))]
[(&(objectClass=sambaIdmapEntry)(gidNumber=0))]
In all cases they fail because the gidNumber is set to something non-zero.
Why is it searching on objectClass and gidNumber, not objectClass and cn?
Is there a way to change this behavior or let samba know what the
gidNumber shou...
2008 May 14
0
Samba Upgrade to 3.0.25b leads to core dumps with winbind and ldap idmap
...48: ldap_next_entry: Assertion `entry != ((void *)0)' failed.
And here is the /var/log/openldap.log file output from the same time as the core dump.
May 14 12:43:37 s10 slapd[4091]: conn=40 op=284 SRCH base="ou=idmap,dc=rbrooks,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaIdmapEntry)(uidNumber=10020))"
May 14 12:43:37 s10 slapd[4091]: conn=40 op=284 SRCH attr=sambaSID uidNumber gidNumber objectClass
May 14 12:43:37 s10 slapd[4091]: conn=40 op=284 SEARCH RESULT tag=101 err=0 nentries=2 text=
May 14 12:43:37 s10 slapd[4091]: conn=40 fd=11 closed
May 14 12:43:37 s10 slapd[40...
2003 Oct 06
1
Group not found, (objectclass=sambaGroupMapping) (gidNumber=4294967295) ???
I am sure that I don't quite have LDAP setup with the proper Samba entries,
but I only need a "bread crumb" to get me pointed in the right direction.
Where do I find some information on how and where to place the
sambaGroupMapping, sambaUnixIdPool, sambaIdmapEntry (automatically
created?), and sambaSidEntry in the LDAP tree. Could someone just give me a
little hint as to where the information might reside or give me enough info
to get my LDAP tree corrected?? Please!
Ed Asbury
Systems Admin/Programmer
Vogele America, Inc.
2005 Nov 09
2
Group Members and usersidlist problem
...main.co.uk,dc=domain,dc=co,dc=uk
sambaDomainName: SAMBADOMAIN
sambaSID: S-1-5-21-4160373677-3793490159-3852503765
objectClass: sambaDomain
dn: cn=Staff, ou=group,o=domain.co.uk,dc=domain,dc=co,dc=uk
uidNumber: 517
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: top
objectClass: sambaidmapentry
memberUid: User1
memberUid: User2
gidNumber: 517
sambaGroupType: 2
displayName: Staff
description: Staff Group
cn: Staff
sambaSID: S-1-5-21-4160373677-3793490159-3852503765-2035
dn: uid=User1,ou=People,o=domain.co.uk,dc=domain,dc=co,dc=uk
sambaPrimaryGroupSID: S-1-5-21-4160373677-3793490159-385250...
2003 Nov 10
1
Winbind+OpenLDAP: Id mapping data is stored partially
...e users
and winbindd + libnss_winbind.so to resolve these
users in Unix (SID <-> Unix id mapping).
But I have found that users' data, created by
"wbinfo -c" command, is not completely stored
in LDAP backed.
The "sambaUnixIdPool" objectclass is stored in LDAP,
but "sambaIdmapEntry" is not. Instead of, there is
a file "/var/locks/winbindd_idmap.tdb", which contains
actual SID<->uid mappings among with users' template
information (UNIX user's home, shell and etc).
The question: how can I get winbindd to store all
information in LDAP backend?
Thes...
2004 Aug 19
0
net groupmap -> gidNumber=4294967295
...pe => [2]
[2004/08/19 10:43:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
ldapsam_getgroup: Did not find group
[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
smbldap_search: base => [ou=groups,dc=agrl,dc=ethz], filter =>
[(&(|(objectCla
ss=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=4294967295))],
scope => [
2]
[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
smbldap_search: base => [dc=agrl,dc=ethz], filter =>
[(&(objectClass=sambaIdma
pEntry)(gidNumber=4294967295))], scope => [2]
[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_sear...
2003 Sep 03
0
[Help] Samba Panic with Samba 3.0Beta3, LDAP
...u=users,dc=eva,dc=mpg,dc=de
objectClass: person
objectClass: posixAccount
sn: foedisch
cn: foedisch
uid: foedisch
uidNumber: 502
gidNumber: 500
homeDirectory: /home/foedisch
loginShell: /bin/bash
userPassword:
# 65534, idmap, eva.mpg.de
dn: uidNumber=65534,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
uidNumber: 65534
sambaSID: S-1-5-21-1042031166-387543594-2118856591-501
# 500, idmap, eva.mpg.de
dn: gidNumber=500,ou=idmap,dc=eva,dc=mpg,dc=de
objectClass: sambaIdmapEntry
gidNumber: 500
sambaSID: S-1-5-21-1042031166-387543594-2118856591-2001
# foedisch, users, eva.mpg.de
dn: uid=foedisch,ou=use...
2005 Jun 14
1
Proper behavior of Interdomain Trust uid mappings
...a
creates a new posix account for them in the ou=users base.
I have nsswitch.conf using ldap, and samba configured to use winbind as
per the howto. Same wins etc.
What isn't clear to me is why the user account gets created as a regular
account and not in the ou=idmap base.
Shouldn't just a sambaIdmapEntry object be created in ou=IdMap and not a
posixaccount in ou=users?
The account gets created with a uid from the regular users range not
from the idmap uid range and still gets created when winbind is stopped.
I've read Chapter 18. Interdomain Trust Relationships over and over
again, but need so...
2011 Feb 03
1
samba constantly creating mapping
...red!
[2011/02/03 09:15:16.234300, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
with gidNumber increasing, although samba created mapping for this SID:
dn: sambaSID=S-1-5-21-3807515285-1394671770-2144936185-513,ou=idmap,dc=corp,dc=<domain>
objectClass: sambaIdmapEntry
objectClass: sambaSidEntry
gidNumber: 20042
sambaSID: S-1-5-21-3807515285-1394671770-2144936185-513
structuralObjectClass: sambaSidEntry
RID 513 is standard "Domain Users" group, but *S-1-5-21-3807515285-1394671770-2144936185* is not AD
domain:
wbinfo --all-domains
BUILTIN
DLC
CORP
DL...
2008 Jan 01
0
idmap_nss: Default domain not being used
...162-118601546-6958]
Cache entry with key =
IDMAP/SID/S-1-5-21-15318837-110984162-118601546-6958 couldn't be found
Query backends to map sids->ids
SID S-1-5-21-15318837-110984162-118601546-6958 is being handled by
default domain
Query ids from domain default domain
Filter:
[(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-21-15318837-110984162-118601546-6958))]
smbldap_search_ext: base => [ou=idmap,dc=ist,dc=massey,dc=ac,dc=nz],
filter =>
[(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-21-15318837-110984162-118601546-6958))],
scope => [2]
NO SIDs found
Search of the id pool (filter: (obj...
2004 Oct 06
2
winbind with ldap backend permissions
...="SAMBASID=S-1-5-32-546,OU=IDMAP,DC=EXAMPLE,DC=COM"
Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 RESULT tag=105 err=50
text=no write access to parent
Oct 6 13:02:49 mail slapd[21955]: conn=2 op=25 SRCH
base="ou=idmap,dc=example,dc=com" scope=2
filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-32-547))"
so, seems that winbind have no write access on the PARENT! if I give him
write access on dc=example,dc=com everything works just fine and the
sid/uid/gib-mapping works wonderful. but why is winbind needing access
on the parent and not just on the ou-container where t...
2017 Feb 03
1
Samba standalone + openldap
...: -1//
// sambaMinPwdAge: 0//
// sambaLockoutDuration: 30//
// sambaLockoutObservationWindow: 30//
// sambaLockoutThreshold: 0//
// sambaForceLogoff: -1//
// sambaRefuseMachinePwdChange: 0/
# samba's attributes (objectclass)
/ sambaSamAccountsambaconfig, sambagroupmapping, sambaidmapentry, etc ../
# openldap directory tree
* dc=my_domain, dc=com
o ou=Groups
+ groupe a (user1, user2, etc ..)
+ groupe b (user3, user4, etc ..)
+ groupe c (user5, user6, etc ..)
+ etc ...
o ou=Users
+ user1
+ user2...
2003 Oct 03
2
Samba entries in the LDAP tree, help!
...need in the tree (which I can see from setting the =
debugging to 2)it isn't finding these entries because I don't know where to=
put them and how this thing structurally should be laid out. Specifically =
where do the following fit into the LDAP tree; sambaGroupMapping, sambaUnix=
IdPool, sambaIdmapEntry (automatically created?), and sambaSidEntry. =
I used the IdealX smbldap-populate.pl tool to get the basic structure there=
and have at least gotten the User authentication portion working. But if =
someone could give me a clue of where to look (if I somehow missed it in th=
e documents, but I...
2011 Mar 17
1
Samba 3.4.7 can't retrieve idmap infor from ldap
...I have LDAP as a backend
(Sun/Oracle Directory Server 6.) I have an OU for user accounts, and
an OU for idmap entries. The PDC has already populated some idmap entries.
An idmap entry looks like
dn: sambaSID=S-1-5-21-xxxxxxxxxxxxxxx-1121,ou=mydomain,ou
=idmap,o=mycomany.com
objectClass: sambaIdmapEntry
objectClass: sambaSidEntry
uidNumber: 176
sambaSID: S-1-5-21-xxxxxxxxxxxxxxx-1121
The member servers can be read only
In the member server, smb.conf has the following entries
idmap config MYDOMAIN:backend = ldap
idmap config MYDOMAIN:ldap_url = ldap://pdc.mycompany.com
idmap config MYDOMAIN:rea...
2003 Aug 01
1
samba 3.0 beta3 ldapsam bug ?!?!
...ount_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
smbldap_search_suffix: searching for:[(&(uid=testr$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching for:[(uid=testr$)]
smbldap_search_suffix: searching for:[(&(sambaSID=S-0-
0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
failed to add user dn= uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de with: Object
class violation
object class 'sambaSamAccount' requires attribute 'sambaSID'
failed to modify/add user with uid = testr$ (dn =
uid=testr$,ou=Computers,o=sctg,...
2005 Nov 23
1
smbldap-useradd.pl -a -w '%m' questions
...;
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=15 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=16 SRCH
base="dc=commtechgroup,dc=co.uk" scope=2
filter="(&(sambaSID=S-1-5-21-1504740027-1884281049-541626052-3100)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=16 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=17 ADD
dn="UID=GARYB-1000$,OU=PEOPLE,DC=COMMTECHGROUP,DC=CO.UK"
Nov 23 10:46:23 linux-server slapd[20034...
2004 Aug 14
0
My lack of understanding of idmap
Hello,
I don't completely understand the BDC setup as described in the Chapter
6 of The Official Samba-3 HOWTO and Reference Guide.
The reason is that the example setup uses LDAP idmap backend. For
simplicity, the solution is discussed when both PDC and BDC use a Single
Central LDAP Server. (I have never experimented with BDCs before, but
have already set up a LDAP-backed PDC).
As I
2006 Feb 14
1
domain member with LDAP nss
I have a domain member server running samba 3. NSS info currently comes
from ldap, and the PDC is another samba 3 host. The PDC is also using
the ldap server for its data.
I'm not clear on how winbind is used in this configuration. When I look
at the owner/group of files from a Windows workstation, I see names of
the form "MYHOST\gmessmer" rather than