Samba/LDAP issues

Place to discuss Fedora and/or Red Hat
Post Reply
X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Samba/LDAP issues

Post by X11 » Mon Jun 04, 2007 9:41 pm

At the place I am working (Yun Yang Temple) we are running a Fedora Core 4 server with a load of Windows XP client machines. There is an issue at the samba level in which no groups can be seen by typical NT based administration software (the NT 4.0 "USRMGR.EXE" running through some form of elven magic on top of Windows XP). They all exist in the ldap database because I have seen them with my own eyes. This tells me that the problem probably lies in the Samba configuration.

So here is the Samba configuration...

Code: Select all

[root@pusa3 SANDBOX]# cat /etc/samba/smb.conf
[global]
cups options = raw
load printers = Yes
printcap name = cups
printing = cups
printer admin = root @Administrators @"Domain Users" ittech
server string = Yun Yang Temple File Server
use client driver = no
   workgroup = pusanet3
netbios name = pusa3
passdb backend = ldapsam:ldap://127.0.0.1
encrypt passwords = Yes
log level = 1
syslog = 0
os level = 255
log file = /var/log/samba/%m
max log size = 0
smb ports = 139 445
name resolve order = wins bcast hosts
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
delete user script = /opt/IDEALX/sbin/smbldap-userdel -r '%u'
add group script = /opt/IDEALX/sbin/smbldap-groupadd -a '%g'
delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g'
add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path =
logon home = \\%N\%U
logon drive = H:
domain logons = Yes
domain master = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=yunyangtemple,dc=org,dc=au
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
ldap passwd sync = Yes
ldap suffix = dc=yunyangtemple,dc=org,dc=au
ldap ssl = no
ldap timeout = 20
ldap user suffix = ou=People
idmap backend = ldap:ldap://127.0.0.1
   idmap uid = 15000-20000
   idmap gid = 15000-20000
winbind nested groups = Yes
ea support = Yes
map acl inherit = Yes
   password server = 127.0.0.1
   template shell = /bin/false
   winbind use default domain = no
   security = user

[****]
SHARES HAVE BEEN OMMITED BY THE KINTARO
[****]

I know little about ldap but everything here looks okay to me. It's just that when you check an account (john.tate for example) for groups none show up. By none I really mean none, not a single one to add or a single one added.

John Tate

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Mon Jun 04, 2007 10:22 pm

I assume this worked at one time right? You don't know of anything that changed between the last time it worked and the first time it didn't work? I'm *very* rusty on Samba since I don't really use it anymore (no Windows). I see you are running IDEALX. I am not familiar with that either, or running an LDAP backend user database. I am interested though as it may relate to a project I am working on now. I need to set up LDAP users and passwords as a backend to our Secure ACS servers and provide a way to change passwords and enforce specific password restrictions. I would also look around in /var/log/samba for any errors that might lead to the problem.

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 » Mon Jun 04, 2007 10:32 pm

How odd, according to webmin there are no users but only groups.

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 » Thu Jun 07, 2007 10:02 pm

It all worked apparently until the server was upgraded, presumably to Fedora Core 4 since that is what the system is running. My mind can't remember the entire history of the Fedora project but the server was installed some two years ago I presume.

It seems that the problem lies in the Samba configuration however no errors seem to be reported. I think I will just have to RTFM on Samba a bit more.

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 » Tue Jun 12, 2007 6:55 pm

Apparently this issue will go away if I downgrade Samba to 2.x. There is apparently some way of fixing this, I think however basically the IDEALX scripts are less than ideal however red tape and such tend to stop me from doing too many changes to the configuration.

The past Administrator told me that he had problems with it and solved them by talking to Samba, somehow I don't think he got the whole <i>we don't do tech support</i>. I assume he was talking to the mailing list in which he got some kind of help however I am not sure of what and cannot find any record of it (even with my Internet Stalker skills from being a world class troll).

This issue is apparently common and the particular tool I am talking about is not used by me but the Monkey's... oh I mean Monk's. It is the Windows XP User Manager for Domains. Once I am seated with more power I will just replace this with something easier. I'll do it with a shell script and a small peice of paper that explains how to use putty if I must!

If I knew anything about Windows myself I would goto a forum for Windows, but they would just tell me to buy a copy of Server 2003. I'm trying to push for a Linux desktop to make my life easier

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Jun 12, 2007 7:08 pm

I wish I could help you but about all I can come up with is I wish you luck. :) It would be cool if you could get them switched over to Linux. Sounds like you work in an interesting/unique environment.

Post Reply