HOWTO: Samba PDC with LDAP backend

Oh,
Code:
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)

It was fixed by editing a /boot/loader.conf. But WARNINGS still continuous.
 
Yeah, I fixed it. Now I have:

Code:
srv01# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
WARNING: The "enable privileges" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

So how can I fix this WARNINGS? thx
 
I think you use a newer version of samba then 3.5.x.
Are you using samba 3.6.1?

If so, comment out by putting a # before the following lines.

Code:
     enable privileges = yes
      idmap backend                 = ldap:ldap://smb-server01.testdomain.com
      idmap uid                     = 10000-20000
      idmap gid                     = 10000-20000
That should get rid of the errors.

Gr
Johan
 
Yes, I'm using samba 3.6.1.
I've commented those lines and now it has no warnings, but does it's ok without those lines? :)

Now I have some problem with connection to domain:
Code:
srv01# net rpc join -S srv01 -U root
Connection failed: NT_STATUS_INVALID_PARAMETER
Enter root's password:
Could not connect to server srv01
Connection failed: NT_STATUS_INVALID_PARAMETER
Do you know how to fix it?
thx
 
No i have not used samba 3.6.1 before.
Maybe i have some time next week to try it, but i can not promise if i get to it.

Is everything running?
Cups, samba,(smbd, nmbd and winbind) slapd and so on.
Also try -Uroot without a space, i do not know if it makes a difference.

If you find the solution yourself, please let me know, then i can edit the howto.

regards
Johan
 
I guess the problem was because of I tried to install samba as pdc on computer with 2 ethernet card and PF firewall :)

Now it works!

I'm sorry for newbie question, but how should I add users? I've downloaded "LDAP Admin", but I'm not sure that it's right way. Maybe I should use some commands?
 
Hello, there are several ways.

one is LDAP Admin like you installed.

There is also ldap account manager also in the ports tree.

http://www.ldap-account-manager.org/


or you could use the command line.

http://clark-technet.com/linux-guides/adding-users-to-samba-ldap

The commands in your /usr/local/etc/smb.conf file can be used also from the command line.

Code:
add user script               = /usr/local/sbin/smbldap-useradd -m %u
      delete user script            = /usr/local/sbin/smbldap-userdel %u
      add group script              = /usr/local/sbin/smbldap-groupadd -p %g
      delete group script           = /usr/local/sbin/smbldap-groupdel %g
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m %u %g
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
      set primary group script      = /usr/local/sbin/smbldap-usermod -g %g %u
      add machine script            = /usr/local/sbin/smbldap-useradd -w %m

So the following comman will add the user illex to the system
Code:
/usr/local/sbin/smbldap-useradd -m illex

The following command will add a new group named experts

Code:
/usr/local/sbin/smbldap-groupadd -p experts

The following command will add the user illex to the group experts
Code:
/usr/local/sbin/smbldap-groupmod -m illex experts

So there are many ways

regards
Johan
 
Hi

I know it's been a while since this has been updated, but firstly: thanks!

I am having a small issue regarding certain aspects of the "net rpc" command though.

If I do:
Code:
# net rpc info -U root%password

I get output as expected (listing domain name, sid, number of users etc.), however the following happens if I try to list groups, for instance:

Code:
# net rpc group list -U root%password
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_PARAMETER

I get something similar if I try the command relating to users, but with an additional error:
Code:
# net rpc user info darenr -U root%password
Connection to localhost failed (Error NT_STATUS_INVALID_PARAMETER)
Failed to get groups for 'darenr' with error: Failed to connect to IPC$ share on localhost.

I have tried a bit of googling, but nothing seems to come up (or I'm going blind ;))

I have been able to successfully join a workstation to the domain, and login as a user I added via LAM, as well as successfully adding files to the test share I have set up.

If you could give any pointers or hints as to what I may have missed, I'd much appreciate it.

Thanks
Daren
 
I found out my issue. Although I had looked at it so many times, I had missed a "0" on the end of the lo0 interface in smb.conf.

What an idiot I feel :r
 
I followed this and everything goes great. However in Win7pro64 you cant run usermgr.exe. So I use the [cmd=]/usr/local/sbin/smbldap-useradd -m %u[/cmd] command with my intended user name, then I use smbldap-passwd to set the password. The user remains unable to log into the domain. I can join a machine to the domain just fine and I can even login with "root" on the domain.

Samba error log for the machine:
Code:
[2012/06/25 19:56:46.381799,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2012/06/25 19:56:46.382697,  0] lib/util_sock.c:1441(get_peer_addr_internal)
  getpeername failed. Error was Socket is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Socket is not connected.

and this is in slapd.conf:
Code:
Jun 25 19:56:17 services slapd[723]: conn=1155 fd=23 ACCEPT from IP=192.168.11.7:44708 (IP=192.168.11.7:389)
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" method=128
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 BIND dn="cn=Manager,dc=kb9yen,dc=com" mech=SIMPLE ssf=0
Jun 25 19:56:17 services slapd[723]: conn=1155 op=0 RESULT tag=97 err=0 text=
Jun 25 19:56:17 services slapd[723]: connection_input: conn=1155 deferring operation: binding
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SRCH attr=supportedControl
Jun 25 19:56:17 services slapd[723]: conn=1155 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SRCH attr=gidNumber sambaSID sambaGroupType
 sambaSIDList description displayName cn objectClass
Jun 25 19:56:17 services slapd[723]: conn=1155 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH base="sambaDomainName=KB9YEN,dc=kb9yen,dc=com"
 scope=0 deref=0 filter="(objectClass=sambaDomain)"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SRCH attr=sambaPwdHistoryLength
Jun 25 19:56:17 services slapd[723]: conn=1155 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH base="dc=kb9yen,dc=com" scope=2 deref=0
 filter="(&(uid=bmmcwhirt)(objectClass=sambaSamAccount))"
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=uid uidNumber gidNumber homeDirectory
 sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
 sn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
 sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
 objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
 sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SRCH attr=homeDirectory loginShell gecos
Jun 25 19:56:17 services slapd[723]: conn=1155 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 25 19:56:46 services slapd[723]: conn=1155 op=5 UNBIND
Jun 25 19:56:46 services slapd[723]: conn=1155 fd=23 closed

And the relevant output of ldapsearch:
Code:
# bmmcwhirt, People, kb9yen.com
dn: uid=bmmcwhirt,ou=People,dc=kb9yen,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: bmmcwhirt
sn: bmmcwhirt
uid: bmmcwhirt
uidNumber: 10003
gidNumber: 513
homeDirectory: /home/bmmcwhirt
loginShell: /bin/sh
gecos: System User
givenName: bmmcwhirt
userPassword:: {deleted for security}
shadowLastChange: 15516
shadowMax: 10000

Any help or advice would be greatly appreciated.
 
Back
Top