[CentOS] Samba with 389 Directory Server Auth problem
yinyang at eburg.com
Thu May 5 01:09:13 UTC 2011
On 04/28/2011 01:57 AM, sync wrote:
> [root at mybox logs]# net getlocalsid
> lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for
> CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is:
You should run "getlocalsid" before you put any LDAP settings in
smb.conf. If you remove or comment all LDAP settings, you shouldn't get
> dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> objectclass: sambaDomain
> objectclass: sambaUnixIDPool
> objectclass: top
> sambaDomainName: CMOMA samba
> SID: S-1-5-21-4207250186-2406131440-3849861866
> uidNumber: 550
> gidNumber: 550
I'm pretty sure sambaDomainName cannot have spaces. It's subject to the
rules for Windows NT workgroup names. Use "CMOMA" only.
SID: should be sambaSID:
The recommended settings for uidNumber and gidNumber are 1000, and you
should include sambaNextRid with the same value.
> adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> ldap_add: Object class violation ldap_add: additional info: unknown
> object class "sambaUnixIDPool"
> I double checked
> /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the
> initial setup steps and was unable to find a sambaUnixIDPool
> objectclass, but did see a sambaUnixIdPool. However, after I edited
> /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap
> still complains about an 'unknown object class'.
I'm reasonably certain that objectclass names are case insensitive, so
the error probably indicates that your ldif isn't being loaded. It
could be a formatting error. Check the error log for your DS.
More information about the CentOS