Hi Folks,
I had a crack at setting up a Samba PDC using a fresh installation of FDS 1.2.4 as the backend on one of our RHEL 5.3 servers per the Wiki Howto:Samba but ran into a few issues.
In the section 'Populating FDS with PDC Entry', it instructs the user to run 'net getlocalsid'. This results in the following:
[root@mybox logs]# net getlocalsid
lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is: S-1-5-21-4207250186-2406131440-3849861866
Thinking that I might just have a Samba configuration problem, I continued by attempting to add the following ldif:
dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
objectclass: sambaDomain
objectclass: sambaUnixIDPool
objectclass: top
sambaDomainName: CMOMA samba
SID: S-1-5-21-4207250186-2406131440-3849861866
uidNumber: 550
gidNumber: 550
which resulted in the following error:
adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com ldap_add: Object class violation ldap_add: additional info: unknown object class "sambaUnixIDPool"
I double checked /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the initial setup steps and was unable to find a sambaUnixIDPool objectclass, but did see a sambaUnixIdPool. However, after I edited /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap still complains about an 'unknown object class'.
Any idea of what might be happening here?
On 04/28/2011 01:57 AM, sync wrote:
[root@mybox logs]# net getlocalsid lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is: S-1-5-21-4207250186-2406131440-3849861866
You should run "getlocalsid" before you put any LDAP settings in smb.conf. If you remove or comment all LDAP settings, you shouldn't get an error.
dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com objectclass: sambaDomain objectclass: sambaUnixIDPool objectclass: top sambaDomainName: CMOMA samba SID: S-1-5-21-4207250186-2406131440-3849861866 uidNumber: 550 gidNumber: 550
I'm pretty sure sambaDomainName cannot have spaces. It's subject to the rules for Windows NT workgroup names. Use "CMOMA" only.
SID: should be sambaSID:
The recommended settings for uidNumber and gidNumber are 1000, and you should include sambaNextRid with the same value.
adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com ldap_add: Object class violation ldap_add: additional info: unknown object class "sambaUnixIDPool"
I double checked /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the initial setup steps and was unable to find a sambaUnixIDPool objectclass, but did see a sambaUnixIdPool. However, after I edited /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap still complains about an 'unknown object class'.
I'm reasonably certain that objectclass names are case insensitive, so the error probably indicates that your ldif isn't being loaded. It could be a formatting error. Check the error log for your DS.
-
Gordon Messmer -
sync