[KLUG Members] Help for upgrade to Samba 3.0.1 (LDAPSAM) fm 2.2.8a
anybody?
Jim C.
members@kalamazoolinux.org
Tue, 13 Jan 2004 23:10:41 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| |My condolances. :) I think my quality of life would be higher if I
| |didn't so readily understand the above, or in fact, if I had no idea
| |what a CIFS Domain was......
|
| OK, so I am trying to get my ldap database structure straight.
I think I've got some kind of success but it still gives "Access
denied" when trying to add a machine to the domain.
I've made the following changes:
# Global parameters
[global]
~ ldap idmap suffix = ou=Idmap
~ idmap backend = ldap:ldap://localhost
~ idmap uid = 10000-20000
~ idmap gid = 10000-20000
~ printer admin = @adm, '@Domain Admins'
I did add the Idmap ou but the system doesn't seem to be using it for
anything.
I note that I have a new critter called sambaDomainName now. I also
found it strange that
in some places in the docs it talks about ou=Idmap and yet in smb.conf
ldap idmap suffix is
set to cn=Idmap. It is, of course, commented out but this still seems
strange. Is it an ou or is it a cn?
Note that the IDEALX scripts added the following users and groups:
Users:
Administrator:x:998:512:Netbios Domain Administrator:/home:/bin/false
nobody:x:999:514:nobody:/dev/null:/bin/false
Groups:
Domain Admins:x:512:Administrator
Domain Users:x:513:
Domain Guests:x:514:
Administrators:x:544:Administrator
Users:x:545:
Guests:x:546:nobody
Power Users:x:547:
Account Operators:x:548:
Server Operators:x:549:
Print Operators:x:550:
Backup Operators:x:551:
Replicator:x:552:
Domain Computers:x:553:
Also delving into groupmaps produced some problems:
[root@enigma samba3]# net3 groupmap list
Domain Admins (S-1-5-21-1825057718-3407101348-4194330872-512) ->
Domain Admins
Domain Users (S-1-5-21-1825057718-3407101348-4194330872-513) -> Domain
Users
Domain Guests (S-1-5-21-1825057718-3407101348-4194330872-514) ->
Domain Guests
Administrators (S-1-5-21-1825057718-3407101348-4194330872-544) ->
Administrators
users (S-1-5-21-1825057718-3407101348-4194330872-545) -> Users
Guests (S-1-5-21-1825057718-3407101348-4194330872-546) -> Guests
Power Users (S-1-5-21-1825057718-3407101348-4194330872-547) -> Power Users
Account Operators (S-1-5-21-1825057718-3407101348-4194330872-548) ->
Account Operators
Server Operators (S-1-5-21-1825057718-3407101348-4194330872-549) ->
Server Operators
Print Operators (S-1-5-21-1825057718-3407101348-4194330872-550) ->
Print Operators
Backup Operators (S-1-5-21-1825057718-3407101348-4194330872-551) ->
Backup Operators
Replicator (S-1-5-21-1825057718-3407101348-4194330872-552) -> Replicator
Domain Computers (S-1-5-21-1825057718-3407101348-4194330872-553) ->
Domain Computers
Domain Guests (S-1-5-21-1825057718-3407101348-4194330872-514) -> nobody
Domain Admins (S-1-5-21-1825057718-3407101348-4194330872-512) -> root
Domain Users (S-1-5-21-1825057718-3407101348-4194330872-513) -> dusers
[root@enigma samba3]#
As can be seen, I've got some dupes here because of my experimenting
with commands.
I think these settings are in the secrets.tdb file and not the ldap
server because
I was messing with this before I setup Idmap. Is there a way to
remove the duplicates?
I keep getting:
[2004/01/13 23:04:50, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(269)
~ ldapsam_delete_entry: Entry must exist exactly once!
Failed to removing group S-1-5-21-1825057718-3407101348-4194330872-512
from the mapping db!
[root@enigma samba3]# net3 groupmap delete ntgroup="Domain Admins"
NT Group Domain Admins doesn't exist in mapping DB
Unable to resolve group Domain Admins to a SID
[root@enigma samba3]#
One thing I've thought of is deleteing or re-initializeing (if that is
possible) secrets.tdb.
Jim C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFABOtx57L0B7uXm9oRAi27AJ0SMXAFFKOuPQ7hYLaQGALjvNZ2WwCfUfrs
vT4bPMNz7VZj3X6SE0hleqc=
=2Itm
-----END PGP SIGNATURE-----