Re: [Samba] Samba / LDAP / Idmap
This is a discussion on Re: [Samba] Samba / LDAP / Idmap within the Samba forums, part of the Networking and Network Related category; On Sun, Apr 13, 2008 at 10:23 PM, Anand Kumria <wildfire@progsoc.org> wrote: > > Hi, &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-14-2008
|
|||
|
|||
Re: [Samba] Samba / LDAP / Idmap
On Sun, Apr 13, 2008 at 10:23 PM, Anand Kumria <wildfire@progsoc.org> wrote:
> > Hi, > > This is probably documented somewhere very obvious but I do not seem to > be able to find it. > > Many years ago I configured my Samba server with an LDAP backend. I also > put in the parameter 'ldap idmap suffix = ou=Idmap' in my smb.conf file > too as per: > > <http://au1.samba.org/samba/docs/man/...ection/domain- > member.html#id2571568> > > Amazingly enough I now have to add two more members servers, checking via > GQ I see that the ou=Idmap tree is actually empty. > > Should it be? > > If not, how can I -- is there a way, even -- have it populated with the > existing Idmaps? My users are able to login to their machines perfectly > fine (everything is run via LDAP). > For a samba 3.0.28a member server using domain security and ldap and winbind enabled I had the same problem a few weeks ago and it ended up preventing my acls from working correctly. Basically after adding acls in windows xp they would be removed after applying. There would be an error in the samba logs. Something like could not allocate a UID or GID. I checked my ldap and the idmap tree was completely empty. So I decided to see if I could tell the format of what belongs in there and if I entered it would that fix the problem. I googled for a while and found a red hat doc that showed a slapcat with idmap entries. I Then added the entry for a test user via slapadd and then I added the user to an acl in windows and clicked accept and it took. So I looked deeper into the error and I found the two wbinfo allocate calls fail: # wbinfo --allocate-uid Could not allocate a uid # wbinfo --allocate-gid Could not allocate a gid but most other wbinfo stuff works ( -u -g -t ...) So at this point I set my winbind to use tdbsam and then I restarted samba and sure enough the properties tab of XP worked as expected. At that point I found a tool that would dump what was in a .tdb file and I wrote a shell script to populate the ldap with that. I am sorry I am not more specific but I am not at work and I did this stuff over a month ago. Anyways after populating the idmap tree from the .tdb file (in /var/cache/samba/) my acls work in XP for all users and groups that are in the tree. I switched back to using ldap to store winbind data because this is by no means the only samba server on our network. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
