cancel
Showing results for 
Search instead for 
Did you mean: 

Samba & Win2003 integration

Oscar Garcia
Regular Advisor

Samba & Win2003 integration

Hi Guys,

I am trying to integrate a SLES 10 sp2 with a windows 2003 sp1 environment. My PDC is the Win2003 box and I want to be able to share files from the linux box to my WinXP clients using samba. I am also trying to use ldap.
I have managed to join the domain, but the samba configuration has proved difficult. The smbd does not start but logs:

log.smbd:
[2009/12/09 15:13:08, 0] smbd/server.c:main(944)
smbd version 3.0.28-0.5-1657-SUSE-CODE10 started.

This is my smb.conf
[global]
workgroup = ABS2020
realm = ABS2020.COM
server string = SLES 10 Development Server
security = ADS
auth methods = winbind
null passwords = Yes
passdb backend = ldapsam:ldap://192.168.1.2 smbpasswd
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
logon script = STARTUP.BAT
logon drive = H:
os level = 2
domain master = No
ldap admin dn = cn=Administrator,dc=abs2020,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=abs2020,dc=com
ldap ssl = no
ldap user suffix = ou=Users
usershare allow guests = Yes
idmap backend = ldap:ldap://192.168.1.2
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind refresh tickets = Yes
winbind offline logon = Yes
vfs objects = recycle

[homes]
comment = Home Directories
path = /home
read only = No
create mask = 0640
directory mask = 0750
guest ok = Yes
hosts allow = 192.168.1.
nt acl support = No
printing = cups
print command =
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = Yes
ldap suffix = dc=abs2020,dc=com
ldap ssl = no
ldap user suffix = ou=Users
usershare allow guests = Yes
idmap backend = ldap:ldap://192.168.1.2
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind refresh tickets = Yes
winbind offline logon = Yes
vfs objects = recycle

[homes]
comment = Home Directories
path = /home
read only = No
create mask = 0640
directory mask = 0750
guest ok = Yes
hosts allow = 192.168.1.
nt acl support = No
printing = cups
print command =

/var/log/samba/log.:
[2009/12/09 15:13:08, 0] auth/auth_util.c:create_builtin_administrators(802)
create_builtin_administrators: Failed to create Administrators
[2009/12/09 15:13:08, 0] auth/auth_util.c:create_builtin_users(763)
create_builtin_users: Failed to create Users

Thanks in advance for any help,
6 REPLIES
Ivan Ferreira
Honored Contributor

Re: Samba & Win2003 integration

When you use security = ADS you normally won't use ldap parameters.

Check this link, it has a very simple tutorial to configure samba with ADS.

http://www.justlinux.com/forum/archive/index.php/t-118288.html
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Oscar Garcia
Regular Advisor

Re: Samba & Win2003 integration

Thanks Ivan for your help.

The link is pretty good, although did not resolve my issue.
I removed all the entries for ldap and imap to make it as the one in the link, still I can see the share but I cannot connect as apparently no password is good enough.

Any other ideas?
Ivan Ferreira
Honored Contributor

Re: Samba & Win2003 integration

Can you post again some logs and the error message you get?

Did you started the winbind service?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Oscar Garcia
Regular Advisor

Re: Samba & Win2003 integration

Hi Ivan,

Yes I am restarting all 3 services from swat interface. This is my smb.conf now:

[global]
workgroup = ABS2020
realm = ABS2020.COM
server string = SLES 10 Development Server
security = ADS
auth methods = winbind
password server = 192.168.1.2
encrypt passwords = yes
local master = no
preferred master = no
wins server = 192.68.1.2
log file = /var/log/samba/log.%U
max log size = 100000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = No
# idmap backend = ldap:ldap://192.168.1.2

[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
guest ok = Yes
hosts allow = 192.168.1.
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

Log files:
------log.winbindd-idmap
[2009/12/11 11:19:49, 1] nsswitch/idmap.c:idmap_init(377)
Initializing idmap domains
[2009/12/11 11:19:49, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
idmap uid range missing or invalid
idmap will be unable to map foreign SIDs
[2009/12/11 11:19:49, 0] nsswitch/idmap.c:idmap_init(717)
ERROR: Initialization failed for alloc backend tdb, deferred!
[2009/12/11 11:19:49, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
idmap uid range missing or invalid
idmap will be unable to map foreign SIDs
[2009/12/11 11:19:49, 0] nsswitch/idmap.c:idmap_alloc_init(765)
ERROR: Initialization failed for alloc backend, deferred!

---------log.
[2009/12/11 11:19:49, 1] lib/util_tdb.c:tdb_validate_and_backup(1334)
tdb '/var/lib/samba/winbindd_cache.tdb' is valid
[2009/12/11 11:19:49, 1] lib/util_tdb.c:tdb_validate_and_backup(1344)
Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/
winbindd_cache.tdb'
[2009/12/11 11:19:49, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(223
0)
initialize_winbindd_cache: clearing cache and re-creating with version number
1
[2009/12/11 11:20:20, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2009/12/11 11:20:20, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.104. Error Connection
reset by peer
[2009/12/11 11:20:20, 0] lib/util_sock.c:send_smb(769)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/12/11 11:20:23, 1] nsswitch/idmap.c:idmap_init(377)
Initializing idmap domains
[2009/12/11 11:20:23, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
idmap uid range missing or invalid
idmap will be unable to map foreign SIDs
[2009/12/11 11:20:23, 0] nsswitch/idmap.c:idmap_init(717)
ERROR: Initialization failed for alloc backend tdb, deferred!

Cheers!
Oscar Garcia
Regular Advisor

Re: Samba & Win2003 integration

And this is what I get if I include these lines in global:

idmap backend = ldap:ldap://192.168.1.2
idmap uid = 10000-20000
idmap gid = 10000-20000

-------log.winbindd-idmap
[2009/12/11 11:33:18, 1] nsswitch/idmap.c:idmap_init(377)
Initializing idmap domains
[2009/12/11 11:33:18, 0] passdb/secrets.c:fetch_ldap_pw(822)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/12/11 11:33:18, 0] passdb/secrets.c:fetch_ldap_pw(822)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/12/11 11:33:18, 1] nsswitch/idmap_ldap.c:verify_idpool(169)
Unable to verify the idpool, cannot continue initialization!
[2009/12/11 11:33:18, 0] nsswitch/idmap.c:idmap_init(717)
ERROR: Initialization failed for alloc backend ldap, deferred!
[2009/12/11 11:33:19, 0] passdb/secrets.c:fetch_ldap_pw(822)
fetch_ldap_pw: neither ldap secret retrieved!
[2009/12/11 11:33:19, 1] nsswitch/idmap_ldap.c:verify_idpool(169)
Unable to verify the idpool, cannot continue initialization!
[2009/12/11 11:33:19, 0] nsswitch/idmap.c:idmap_alloc_init(765)
ERROR: Initialization failed for alloc backend, deferred!

-------log.
[2009/12/11 11:33:18, 1] lib/util_tdb.c:tdb_validate_and_backup(1334)
tdb '/var/lib/samba/winbindd_cache.tdb' is valid
[2009/12/11 11:33:18, 1] lib/util_tdb.c:tdb_validate_and_backup(1344)
Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/
winbindd_cache.tdb'
[2009/12/11 11:33:18, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(223
0)
initialize_winbindd_cache: clearing cache and re-creating with version number
1
[2009/12/11 11:33:35, 0] lib/util_sock.c:get_peer_addr(1232)
getpeername failed. Error was Transport endpoint is not connected
[2009/12/11 11:33:35, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.104. Error Connection
reset by peer
[2009/12/11 11:33:35, 0] lib/util_sock.c:send_smb(769)
Error writing 4 bytes to client. -1. (Connection reset by peer)
Ivan Ferreira
Honored Contributor

Re: Samba & Win2003 integration

You must not configure the idmap backed parameter. You just need to configure:


winbind separator = \
# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000

That is needed the start correctly winbind. But avoid specifying idmap backed.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?