samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Configure Samba as Client of Samba PDC

[Samba] Configure Samba as Client of Samba PDC

From: Alejandro Gándara Álvarez <agandara_at_nospam>
Date: Fri Aug 27 2010 - 11:00:03 GMT
To: <samba@lists.samba.org>

Hi all,

 

First of all, thanks .

 

In my network I have this :

 

Server :chacho

· 1 ldap

· 1 samba PDC and share,

 

Now, I need a second samba in the same server (this was right , I ran a new
instance without problems , but this one has to be a file server whith
authentification against the ldap server. The problem is the following:

 

The problem is that this new samba is not running how I would like , first
ill show smb.conf

 

 

This is the smb.conf of the PDC:

 

 

[global]

        workgroup = domain

        netbios name = CHACHO

        server string = %h

        debug uid = Yes

        bind interfaces only = yes

        interfaces = 127.0.0.1,172.20.36.10/24

        passdb backend = ldapsam:ldap://127.0.0.1

        passwd program = /usr/sbin/smbldap-passwd -o %u

# username map = /etc/samba/smbusers

        log level = 1

        log file = /var/log/samba/log.%m

        max log size = 50

        name resolve order = wins lmhosts host bcast

        add user script = /usr/sbin/smbldap-useradd -m '%u'

        delete user script = /usr/sbin/smbldap-userdel %u

        add group script = /usr/sbin/smbldap-groupadd -p '%g'

        delete group script = /usr/sbin/smbldap-groupdel '%g'

        add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'

        delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'

        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

        add machine script = /usr/sbin/smbldap-useradd -w '%u'

        #logon script = logon.bat

        logon path =

        logon home =

        domain logons = Yes

        os level = 64

        preferred master = Yes

        domain master = Yes

        wins support = Yes

        ldap admin dn = cn=admin,dc=domain,dc=loc

        ldap group suffix = ou=Groups

        ldap idmap suffix = ou=Idmap

        ldap machine suffix = ou=Computers

        ldap passwd sync = Yes

        ldap suffix = dc=domain,dc=loc

        ldap ssl = no

        ldap user suffix = ou=People

        idmap uid = 15000-20000

        idmap gid = 15000-20000

        admin users = @administradores

        create mask = 0777

        directory mask = 0777

        printcap cache time = 12600

        printcap name =

        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192

        deadtime = 15

        map to guest = Bad User

        reset on zero vc = yes

[netlogon]

        comment = Network Logon Service

        path = /var/lib/samba/netlogon/scripts

        guest ok = Yes

        browseable = no

[Proyectos]

        comment = Carpetas comunes, documentación, drivers

        path = /samba/Proyectos

        read only = No

        #map hidden = Yes

        #map system = Yes

        admin users = @administradores

        users = @desarrollo,@contabilidad,@jefesPT2,@jefesPR

        guest ok = no

[temporal]

        comment = archivos temporales

        path = /samba/temporal

        admin users = @administradores,
@desarrollo,@contabilidad,@jefesPT2,@jefesPR,@dt

        browseable = yes

        read only = no

[putty]

        comment = archivos temporales

        path = /samba/putty

        admin users = @administradores,
@desarrollo,@contabilidad,@jefesPT2,@jefesPR,@dt

        browseable = yes

        read only = no

 

[software]

        comment = Programas

        path = /samba/software

        admin users =
@administradores,@desarrollo,@contabilidad,@jefesPT2,@jefesPR,@dt

        browseable = yes

        read only = no

[exports]

        comment = Carpeta con los exports

        path = /samba/exports

        read only = No

        #map hidden = Yes

        #map system = Yes

        admin users =
@administradores,@desarrollo,@contabilidad,@jefesPT2,@jefesPR,@dt

        guest ok = no

[proveedores]

        comment = Carpetas proveedores

        path = /samba/proveedores

        read only = No

        #map hidden = Yes

        #map system = Yes

        admin users = @administradores,@jefesPT2,@jefesPR,@dt

        users = @desarrollo,@contabilidad,@jefesPT2,@jefesPR

        guest ok = no

 

 

 

And this smb.conf is the new one , I called it smb.chachopartners.conf

 

[global]

        workgroup = domain

        netbios name = CHACHOPARTNERS

        security = DOMAIN

        bind interfaces only = yes

        interfaces = 172.20.52.11/24

        passdb backend = ldapsam:ldap://127.0.0.1

        passwd program = /usr/sbin/smbldap-passwd -o %u

        local master = no

        domain master = no

        preferred master = no

        domain logons = no

        name resolve order = wins host lmhosts bcast

        dns proxy = no

 

        log level = 1

 

                ldap admin dn = cn=admin,dc=domain,dc=loc

        ldap group suffix = ou=Groups

        ldap idmap suffix = ou=Idmap

        ldap machine suffix = ou=Computers

        ldap passwd sync = Yes

        ldap suffix = dc=domain,dc=loc

        ldap ssl = no

        ldap user suffix = ou=People

        idmap uid = 15000-20000

        idmap gid = 15000-20000

        admin users = @administradores

        create mask = 0777

        directory mask = 0777

        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192

        deadtime = 15

        map to guest = Bad User

        reset on zero vc = yes

 

[Proveedores]

        comment = Carpeta de proveedores

        path = /samba/proveedores

        read only = no

        admin users = @administradores,@jefesPT2,@jefesPR,@dt

        users = xxx, @xxx

        guest ok = no

[yyy]

        comment = Carpetas comunes, documentación, drivers

        path = /samba/proveedores/yyy

        read only = No

        admin users = @administradores,@jefesPT2,@jefesPR,@dt

        valid user = yyy1

        guest ok = no

 

[xxx]

        comment = Carpetas xxx

        path = /samba/proveedores/xxx

        read only = No

        admin users = @administradores,@jefesPT2,@jefesPR,@dt

        users = @developpers

        guest ok = no

 

 

 

The problem is that Im having problems with the second samba when I try to
modified or add permissions , cause it looks for the users in the new samba
SID and it should look for in the domain.

 

When I start smbd I got this errors:

 

Could not peek rid out of sid S-1-5-21-1681343281-3888673916-306851540-500

[2010/08/27 12:54:11, 0] passdb/passdb.c:593(lookup_global_sam_name)

  User nobody with invalid SID S-1-5-21-1681343281-3888673916-306851540-2998
in passdb

 

 

And if I go to phpldapadmin I see that now I have two sambadomainname
domain , and chachopartners (Yes the netbios of the second one) that’s why I
thought the problem was here , I thought it could be joining as DC and no
as client.

 

I´ve done this: testparm smb.chachopartners.conf and I
got:

 

Load smb config files from /etc/samba/smb.chachopartners.conf

rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)

Processing section "[Proveedores]"

Loaded services file OK.

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

 

 

Thanks for all and sorry for my English

 

Alejandro Gándara , Junior System and Security Manager

 

 

 

 

 

 

 

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba