[Samba] Samba 3.2 Ldap problem
This is a discussion on [Samba] Samba 3.2 Ldap problem within the Samba forums, part of the Networking and Network Related category; Charlie, I didn't copied the secrets.tdb, I've used smbpasswd -w. In my Ldap I have an object ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-04-2008
|
|||
|
|||
Re: [Samba] Samba 3.2 Ldap problem
Charlie,
I didn't copied the secrets.tdb, I've used smbpasswd -w. In my Ldap I have an object named "sambaDomainName=OPEN,dc=my,dc=company" which I didn't create, it's automagically created by samba. That object has it's own sid, I've even deleted the secrets.tdb file and the ldap OPEN object, they are recreated with "smbpasswd -w xxxxx", so I assume everything is automagically right. In addition I've tried the index on sambaSID attribute, I already have an "eq" index on it, and I can't create a "sub" index, I think this is because of the attribute definition. I've updated to samba-3.2.0-21 but I'm still stuck. I'm worried about your comment on users located by sid as all my users already has a sid assigned, is that sid server-dependant? I must assume it isn't, it's only user-dependant, isn't it? Regards, -- Ing. Ernesto Silva. Coordinador de Desarrollo Web y Sistemas Abiertos Centro de Procesamiento de Datos Universidad ORT Uruguay. E-mail: silva@ort.edu.uy Tel: (+5982) 903-1995, (+5982) 902-9687 ext. 102 Fax: (+5982) 900-2952 Charlie wrote: > On Tue, Jul 1, 2008 at 8:16 PM, Ernesto Silva <silva@ort.edu.uy> wrote: >> A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came >> with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the >> working server to the new one with little modifications like the netbios >> name and which shares it serves, say Server B. I'm connecting to the same >> Ldap server. > > Did you copy over the secrets.tdb as well? If not, you are going to > have to use "net setlocalsid" to set the machine SID to match the old > one, and "smbpasswd -w" to set the LDAP access password. Samba tracks > users by SID now (which I don't like, personally, but it's something > that the Samba Team apparently had to do if they wanted to > interoperate with later versions of Microsoft's networking stack) so > your users will have SIDs that were created by the old system. > > You also will want to put a "sub" index on the sambaSID attribute in > OpenLDAP's slapd.conf file if you haven't already done so. Later > versions of samba need it... you get a nice efficiency boost. Um, and > watch your search limits in OpenLDAP also -the "machine suffix" and > "user suffix" parameters in smb.conf are not applied as filters in the > searches that samba makes in LDAP, so search returns might be bigger > than you anticipate, and I'm not sure that samba can properly handle > an RFC-compliant paged LDAP search result like OpenLDAP might return. > > I prefer using net setlocalsid and smbpasswd rather than just copying > over an old secrets.tdb - but use tdbdump on the old one to see if > there is anything else in there (like domain trust passwords) before > you decide. > > --Charlie > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
