[CentOS] Samba with 389 Directory Server Auth problem

Thu May 5 01:09:13 UTC 2011
Gordon Messmer <yinyang at eburg.com>

On 04/28/2011 01:57 AM, sync wrote:
> [root at mybox logs]# net getlocalsid
> lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for
> CMOMA failed with NT_STATUS_UNSUCCESSFUL SID for domain mybox is:
> S-1-5-21-4207250186-2406131440-3849861866

You should run "getlocalsid" before you put any LDAP settings in 
smb.conf.  If you remove or comment all LDAP settings, you shouldn't get 
an error.

> dn: sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> objectclass: sambaDomain
> objectclass: sambaUnixIDPool
> objectclass: top
> sambaDomainName: CMOMA samba
> SID: S-1-5-21-4207250186-2406131440-3849861866
> uidNumber: 550
> gidNumber: 550

I'm pretty sure sambaDomainName cannot have spaces.  It's subject to the 
rules for Windows NT workgroup names.  Use "CMOMA" only.

SID: should be sambaSID:

The recommended settings for uidNumber and gidNumber are 1000, and you 
should include sambaNextRid with the same value.

> adding new entry sambaDomainName=CMOMA,dc=cmoma,dc=mycompany,dc=com
> ldap_add: Object class violation ldap_add: additional info: unknown
> object class "sambaUnixIDPool"
> I double checked
> /opt/fedora-ds/slapd-<server>/config/schema/61samba.ldif created in the
> initial setup steps and was unable to find a sambaUnixIDPool
> objectclass, but did see a sambaUnixIdPool. However, after I edited
> /tmp/sambaDomainName.ldif to reflect this objectclass name, ldif2ldap
> still complains about an 'unknown object class'.

I'm reasonably certain that objectclass names are case insensitive, so 
the error probably indicates that your ldif isn't being loaded.  It 
could be a formatting error.  Check the error log for your DS.