Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Samba with 389 Directory Server Auth problem (http://www.linux-archive.org/centos/519408-samba-389-directory-server-auth-problem.html)

sync 04-28-2011 08:57 AM

Samba with 389 Directory Server Auth problem
 
Hi Folks,



I had a crack at setting up a Samba PDC using a fresh installation of
FDS 1.2.4* as the backend on one of our RHEL* 5.3 servers per the Wiki
Howto:Samba but ran into a few issues.



In the section 'Populating FDS with PDC Entry', it instructs the user to
run 'net getlocalsid'. This results in the following:



[root@mybox logs]# net getlocalsid


lib/smbldap.c:smbldap_search_domain_info(1392)
Adding domain info for CMOMA failed with NT_STATUS_UNSUCCESSFUL
SID for domain mybox is: S-1-5-21-4207250186-2406131440-3849861866



Thinking that I might just have a Samba configuration problem, I
continued by attempting to add the following ldif:



dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com


objectclass: sambaDomain


objectclass: sambaUnixIDPool


objectclass: top


sambaDomainName: CMOMA
samba

SID: S-1-5-21-4207250186-2406131440-3849861866


uidNumber: 550


gidNumber: 550





which resulted in the following error:



adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
ldap_add: Object class violation
ldap_add: additional info: unknown object class "sambaUnixIDPool"



I double checked
/opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the
initial setup steps and was unable to find a sambaUnixIDPool
objectclass, but did see a sambaUnixIdPool. However, after I edited
/tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap
still complains about an 'unknown object class'.



Any idea of what might be happening here?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Gordon Messmer 05-05-2011 01:09 AM

Samba with 389 Directory Server Auth problem
 
On 04/28/2011 01:57 AM, sync wrote:
> [root@mybox logs]# net getlocalsid
> lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for
> CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is:
> S-1-5-21-4207250186-2406131440-3849861866

You should run "getlocalsid" before you put any LDAP settings in
smb.conf. If you remove or comment all LDAP settings, you shouldn't get
an error.

> dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> objectclass: sambaDomain
> objectclass: sambaUnixIDPool
> objectclass: top
> sambaDomainName: CMOMA samba
> SID: S-1-5-21-4207250186-2406131440-3849861866
> uidNumber: 550
> gidNumber: 550

I'm pretty sure sambaDomainName cannot have spaces. It's subject to the
rules for Windows NT workgroup names. Use "CMOMA" only.

SID: should be sambaSID:

The recommended settings for uidNumber and gidNumber are 1000, and you
should include sambaNextRid with the same value.

> adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> ldap_add: Object class violation ldap_add: additional info: unknown
> object class "sambaUnixIDPool"
>
> I double checked
> /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the
> initial setup steps and was unable to find a sambaUnixIDPool
> objectclass, but did see a sambaUnixIdPool. However, after I edited
> /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap
> still complains about an 'unknown object class'.

I'm reasonably certain that objectclass names are case insensitive, so
the error probably indicates that your ldif isn't being loaded. It
could be a formatting error. Check the error log for your DS.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 11:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.