# Samba, OpenLDAP and SID resolving

## jaccort

I have a problem with a Samba fileserver.  It's configured to use ACLs and OpenLDAP as a backend, but there is no Windows/SMB domain involved.  I am using samba-3.0.14a-r2  and openldap-2.2.28, with configuration files given below.

If I browse to a share in Windows, then click Properties... Security, all groups show up OK but users show up as "Account Unknown (S-1-5-21-40.....".   I'd expect them to show up as \\servername\username.

Looking through the logs on my LDAP server, I don't see any attempt by Samba to look up user SIDs.  However, Samba is trying to look up group SIDs.  I've searched around but can't find any reason as to why this should be.

/etc/samba/smb.conf:

```

[global]

   workgroup = U4EA

   netbios name = cronus

   server string = Cronus Samba Server %v

   log file = /var/log/samba3/log.%m

   max log size = 50

   log level = 6

   map to guest = bad user

   security = user

   encrypt passwords = yes

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   local master = no

   preferred master = no

passdb backend = ldapsam:ldap://ldap-usa

ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com

ldap suffix = dc=u4eatech,dc=com

ldap user suffix = ou=People

ldap group suffix = ou=Group

ldap idmap suffix = ou=People

ldap passwd sync = yes

ldap delete dn = no

   dns proxy = no

   dos charset = 850

   unix charset = ISO8859-1

[homes]

   comment = Home Directories

   browseable = no

   writable = yes

[public]

   path = /home/sambash

   public = yes

   only guest = yes

   writable = yes

   browsable = yes

   printable = no

[www]

   path = /home/www/localhost

   public = yes

   only guest = yes

   writable = yes

   browsable = yes

   printable = no

[backups]

   path = /home

   public = no

   writable = no

   browsable = no

   printable = no

   valid users = @backups

[fremont]

   path = /home/fremont

   browseable = yes

   writable = yes

```

Logs from openldap:

```

Jan  6 04:40:37 cronus slapd[13122]: conn=6 fd=15 ACCEPT from IP=172.16.1.202:41360 (IP=0.0.0.0:389)

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=0 BIND dn="cn=smbadmin,dc=u4eatech,dc=com" method=128

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=0 BIND dn="cn=smbadmin,dc=u4eatech,dc=com" mech=SIMPLE ssf=0

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=0 RESULT tag=97 err=0 text=

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=1 SRCH attr=supportedControl

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=1 ENTRY dn=""

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=2 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=cronus))"

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=2 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=3 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(sambaDomainName=cronus)(objectClass=sambaDomain))"

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=3 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=4 ADD dn="sambaDomainName=CRONUS,dc=u4eatech,dc=com"

Jan  6 04:40:37 cronus slapd[13125]: conn=6 op=4 RESULT tag=105 err=10 text=

Jan  6 04:40:37 cronus smbd[13218]: [2006/01/06 04:40:37, 0] lib/smbldap.c:smbldap_search_domain_info(1413)

Jan  6 04:40:37 cronus smbd[13218]:   Adding domain info for CRONUS failed with NT_STATUS_UNSUCCESSFUL

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=5 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-2010933411-583764787-752291125-501)(objectClass=sambaSamAccount))"

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=5 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:37 cronus slapd[13122]: conn=7 fd=21 ACCEPT from IP=172.16.1.202:41362 (IP=0.0.0.0:389)

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=0 BIND dn="cn=manager,dc=u4eatech,dc=com" method=128

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=0 BIND dn="cn=manager,dc=u4eatech,dc=com" mech=SIMPLE ssf=0

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=0 RESULT tag=97 err=0 text=

Jan  6 04:40:37 cronus slapd[13124]: conn=7 op=1 SRCH base="ou=People,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=nobody))"

Jan  6 04:40:37 cronus slapd[13124]: conn=7 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=2 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=nobody))"

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=2 SRCH attr=gidNumber

Jan  6 04:40:37 cronus slapd[13125]: conn=7 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=6 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=65534))"

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=6 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:40:37 cronus slapd[13124]: conn=6 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:40 cronus slapd[13125]: conn=6 op=7 UNBIND

Jan  6 04:40:40 cronus slapd[13125]: conn=6 fd=15 closed

Jan  6 04:40:40 cronus slapd[13122]: conn=8 fd=15 ACCEPT from IP=172.16.1.202:41363 (IP=0.0.0.0:389)

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=0 BIND dn="cn=smbadmin,dc=u4eatech,dc=com" method=128

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=0 BIND dn="cn=smbadmin,dc=u4eatech,dc=com" mech=SIMPLE ssf=0

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=0 RESULT tag=97 err=0 text=

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=1 SRCH attr=supportedControl

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=1 ENTRY dn=""

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=2 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(uid=jamesc)(objectClass=sambaSamAccount))"

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=2 ENTRY dn="uid=jamesc,ou=People,dc=u4eatech,dc=com"

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:40 cronus slapd[13122]: conn=7 fd=21 closed

Jan  6 04:40:40 cronus slapd[13122]: conn=9 fd=21 ACCEPT from IP=172.16.1.202:41364 (IP=0.0.0.0:389)

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=0 BIND dn="cn=manager,dc=u4eatech,dc=com" method=128

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=0 BIND dn="cn=manager,dc=u4eatech,dc=com" mech=SIMPLE ssf=0

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=0 RESULT tag=97 err=0 text=

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=1 SRCH base="ou=People,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=jamesc))"

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=1 ENTRY dn="uid=jamesc,ou=People,dc=u4eatech,dc=com"

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=2 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(|(memberUid=jamesc)(uniqueMember=uid=jamesc,ou=people,dc=u4eatech,dc=com)))"

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=2 SRCH attr=gidNumber

Jan  6 04:40:40 cronus slapd[13125]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18)

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=2 ENTRY dn="cn=sysadmins,ou=Group,dc=u4eatech,dc=com"

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=3 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixGroup)(uniqueMember=cn=sysadmins,ou=group,dc=u4eatech,dc=com))"

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=3 SRCH attr=gidNumber

Jan  6 04:40:40 cronus slapd[13124]: <= bdb_equality_candidates: (uniqueMember) index_param failed (18)

Jan  6 04:40:40 cronus slapd[13125]: conn=9 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:40 cronus slapd[13124]: conn=9 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=3 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=2000))"

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=3 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=4 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=100))"

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=4 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:40:40 cronus slapd[13124]: conn=8 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=5 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=2005))"

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=5 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:40:40 cronus slapd[13125]: conn=8 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:40:41 cronus slapd[13124]: conn=9 op=4 SRCH base="ou=People,dc=u4eatech,dc=com" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=james))"

Jan  6 04:40:41 cronus slapd[13124]: conn=9 op=4 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass

Jan  6 04:40:41 cronus slapd[13124]: conn=9 op=4 ENTRY dn="uid=james,ou=People,dc=u4eatech,dc=com"

Jan  6 04:40:41 cronus smbd[13227]: [2006/01/06 04:40:41, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:41 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:41 cronus slapd[13124]: conn=9 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:42 cronus smbd[13227]: [2006/01/06 04:40:42, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:42 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:42 cronus smbd[13227]: [2006/01/06 04:40:42, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:42 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:42 cronus smbd[13227]: [2006/01/06 04:40:42, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:42 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:42 cronus smbd[13227]: [2006/01/06 04:40:42, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:42 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:42 cronus smbd[13227]: [2006/01/06 04:40:42, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:42 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:43 cronus smbd[13227]: [2006/01/06 04:40:43, 0] smbd/service.c:make_connection_snum(615)

Jan  6 04:40:43 cronus smbd[13227]:   '/home/james' does not exist or is not a directory, when connecting to [james]

Jan  6 04:40:59 cronus slapd[13125]: conn=8 op=6 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(uid=jamesc)(objectClass=sambaSamAccount))"

Jan  6 04:40:59 cronus slapd[13125]: conn=8 op=6 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp

Jan  6 04:40:59 cronus slapd[13125]: conn=8 op=6 ENTRY dn="uid=jamesc,ou=People,dc=u4eatech,dc=com"

Jan  6 04:40:59 cronus slapd[13125]: conn=8 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=

Jan  6 04:40:59 cronus slapd[13124]: conn=8 op=7 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(gidNumber=2001))"

Jan  6 04:40:59 cronus slapd[13124]: conn=8 op=7 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:40:59 cronus slapd[13124]: conn=8 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=8 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-2010933411-583764787-752291125-5003)(objectClass=sambaSamAccount))"

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=8 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=9 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-2010933411-583764787-752291125-5003))"

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=9 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=10 SRCH base="dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(sambaSID=s-1-5-21-2010933411-583764787-752291125-5001)(objectClass=sambaSamAccount))"

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=10 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp

Jan  6 04:41:01 cronus slapd[13125]: conn=8 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=11 SRCH base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-2010933411-583764787-752291125-5001))"

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=11 SRCH attr=gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass

Jan  6 04:41:01 cronus slapd[13124]: conn=8 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=

Jan  6 04:41:17 cronus slapd[13122]: conn=8 fd=15 closed

Jan  6 04:41:17 cronus slapd[13122]: conn=9 fd=21 closed

```

----------

## jaccort

Bump, but whatever...

I've done a bit more research - I've got a number of Samba servers and only one of them is working properly in this case.

The one that is working properly has almost identical configuration to one which isn't.  Both systems share out separate home directories, both offer me the right directory according to who I'm logged in as.  However, when I look at the "Security" tab on Windows, only one successfully turns the user SID entries into usable usernames.

In this context, it is important to note that the LDAP servers in question are part of a cluster so they all contain the same data.

ON WORKING SYSTEM

```

# testparm -sv

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[printers]"

Processing section "[pdfdropbox]"

Processing section "[pdf]"

Loaded services file OK.

# Global parameters

[global]

        dos charset = 850

        unix charset = ISO8859-1

        display charset = LOCALE

        workgroup = U4EA

        netbios name = CYGNUS_NEW

        netbios aliases = 

        netbios scope = 

        server string = New Samba Server %v

        interfaces = 

        bind interfaces only = No

        security = USER

        auth methods = 

        encrypt passwords = Yes

        update encrypted = No

        client schannel = Auto

        server schannel = Auto

        allow trusted domains = Yes

        hosts equiv = 

        min password length = 5

        map to guest = Bad User

        null passwords = No

        obey pam restrictions = No

        password server = *

        smb passwd file = /var/lib/samba/private/smbpasswd

        private dir = /var/lib/samba/private

        passdb backend = ldapsam:ldaps://localhost, smbpasswd

        algorithmic rid base = 1000

        root directory = 

        guest account = ftp

        enable privileges = No

        pam password change = No

        passwd program = 

        passwd chat = *new*password* %n\n *new*password* %n\n *changed*

        passwd chat debug = No

        passwd chat timeout = 2

        check password script = 

        username map = 

        password level = 0

        username level = 0

        unix password sync = No

        restrict anonymous = 0

        lanman auth = Yes

        ntlm auth = Yes

        client NTLMv2 auth = No

        client lanman auth = Yes

        client plaintext auth = Yes

        preload modules = 

        use kerberos keytab = No

        log level = 10

        syslog = 1

        syslog only = No

        log file = /var/log/samba3/log.%m

        max log size = 50

        debug timestamp = Yes

        debug hires timestamp = No

        debug pid = No

        debug uid = No

        smb ports = 445 139

        large readwrite = Yes

        max protocol = NT1

        min protocol = CORE

        read bmpx = No

        read raw = Yes

        write raw = Yes

        disable netbios = No

        acl compatibility = 

        defer sharing violations = Yes

        nt pipe support = Yes

        nt status support = Yes

        announce version = 4.9

        announce as = NT

        max mux = 50

        max xmit = 16644

        name resolve order = wins hosts lmhosts bcast

        max ttl = 259200

        max wins ttl = 518400

        min wins ttl = 21600

        time server = No

        unix extensions = Yes

        use spnego = Yes

        client signing = auto

        server signing = No

        client use spnego = Yes

        change notify timeout = 60

        deadtime = 0

        getwd cache = Yes

        keepalive = 300

        kernel change notify = Yes

        lpq cache time = 30

        max smbd processes = 0

        paranoid server security = Yes

        max disk size = 0

        max open files = 10000

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        use mmap = Yes

        hostname lookups = No

        name cache timeout = 660

        load printers = Yes

        printcap cache time = 0

        printcap name = cups

        cups server = 

        disable spoolss = No

        enumports command = 

        addprinter command = 

        deleteprinter command = 

        show add printer wizard = Yes

        os2 driver map = 

        mangling method = hash2

        mangle prefix = 1

        stat cache = Yes

        machine password timeout = 604800

        add user script = 

        delete user script = 

        add group script = 

        delete group script = 

        add user to group script = 

        delete user from group script = 

        set primary group script = 

        add machine script = 

        shutdown script = 

        abort shutdown script = 

        logon script = 

        logon path = \\%N\%U\profile

        logon drive = 

        logon home = \\%N\%U

        domain logons = No

        os level = 20

        lm announce = Auto

        lm interval = 60

        preferred master = Yes

        local master = Yes

        domain master = Auto

        browse list = Yes

        enhanced browsing = Yes

        dns proxy = No

        wins proxy = Yes

        wins server = 

        wins support = Yes

        wins hook = 

        wins partners = 

        kernel oplocks = Yes

        lock spin count = 3

        lock spin time = 10

        oplock break wait time = 0

        ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com

        ldap delete dn = Yes

        ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"

        ldap group suffix = 

        ldap idmap suffix = 

        ldap machine suffix = 

        ldap passwd sync = Yes

        ldap replication sleep = 1000

        ldap suffix = dc=u4eatech,dc=com

        ldap ssl = 

        ldap timeout = 15

        ldap user suffix = ou=People

        add share command = 

        change share command = 

        delete share command = 

        config file = 

        preload = 

        lock directory = /var/cache/samba

        pid directory = /var/run/samba

        utmp directory = 

        wtmp directory = 

        utmp = No

        default service = 

        message command = 

        dfree command = 

        get quota command = 

        set quota command = 

        remote announce = 

        remote browse sync = 

        socket address = 0.0.0.0

        homedir map = auto.home

        afs username map = 

        afs token lifetime = 604800

        log nt token command = 

        time offset = 0

        NIS homedir = No

        panic action = 

        host msdfs = No

        enable rid algorithm = Yes

        idmap backend = ldap:ldaps://cygnus_new:636

        idmap uid = 

        idmap gid = 

        template primary group = nobody

        template homedir = /home/%D/%U

        template shell = /bin/false

        winbind separator = \

        winbind cache time = 300

        winbind enable local accounts = No

        winbind enum users = Yes

        winbind enum groups = Yes

        winbind use default domain = No

        winbind trusted domains only = No

        winbind nested groups = No

        comment = 

        path = 

        username = 

        invalid users = 

        valid users = 

        admin users = 

        read list = 

        write list = 

        printer admin = 

        force user = 

        force group = 

        read only = Yes

        create mask = 0744

        force create mode = 00

        security mask = 0777

        force security mode = 00

        directory mask = 0755

        force directory mode = 00

        directory security mask = 0777

        force directory security mode = 00

        force unknown acl user = No

        inherit permissions = No

        inherit acls = No

        guest only = No

        guest ok = No

        only user = No

        hosts allow = 

        hosts deny = 

        allocation roundup size = 1048576

        ea support = No

        nt acl support = Yes

        profile acls = No

        map acl inherit = No

        afs share = No

        block size = 1024

        max connections = 0

        min print space = 0

        strict allocate = No

        strict sync = No

        sync always = No

        use sendfile = No

        write cache size = 0

        max reported print jobs = 0

        max print jobs = 1000

        printable = No

        printing = cups

        cups options = 

        print command = 

        lpq command = %p

        lprm command = 

        lppause command = 

        lpresume command = 

        queuepause command = 

        queueresume command = 

        printer name = 

        use client driver = No

        default devmode = No

        force printername = No

        default case = lower

        case sensitive = Auto

        preserve case = Yes

        short preserve case = Yes

        mangling char = ~

        hide dot files = Yes

        hide special files = No

        hide unreadable = No

        hide unwriteable files = No

        delete veto files = No

        veto files = 

        hide files = 

        veto oplock files = 

        map system = No

        map hidden = No

        map archive = Yes

        mangled names = Yes

        mangled map = 

        store dos attributes = No

        browseable = Yes

        blocking locks = Yes

        csc policy = manual

        fake oplocks = No

        locking = Yes

        oplocks = Yes

        level2 oplocks = Yes

        oplock contention limit = 2

        posix locking = Yes

        strict locking = Yes

        share modes = Yes

        copy = 

        include = 

        preexec = 

        preexec close = No

        postexec = 

        root preexec = 

        root preexec close = No

        root postexec = 

        available = Yes

        volume = 

        fstype = NTFS

        set directory = No

        wide links = Yes

        follow symlinks = Yes

        dont descend = 

        magic script = 

        magic output = 

        delete readonly = No

        dos filemode = No

        dos filetimes = Yes

        dos filetime resolution = No

        fake directory create times = No

        vfs objects = 

        msdfs root = No

        msdfs proxy = 

[homes]

        comment = Home Directories

        read only = No

[printers]

        comment = All Printers

        path = /var/spool/samba

        guest ok = Yes

        printable = Yes

        browseable = No

[pdfdropbox]

        path = /home/pdfdropbox

        read only = No

        guest ok = Yes

[pdf]

        path = /tmp

        guest ok = Yes

        printable = Yes

        printing = bsd

        print command = /usr/local/bin/printpdf %s

        lpq command = 

```

ON NON-WORKING SYSTEM

```

testparm -sv

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[public]"

Processing section "[www]"

Processing section "[backups]"

Processing section "[fremont]"

Loaded services file OK.

# Global parameters

[global]

        dos charset = 850

        unix charset = ISO8859-1

        display charset = LOCALE

        workgroup = U4EA

        netbios name = CRONUS

        netbios aliases = 

        netbios scope = 

        server string = Cronus Samba Server %v

        interfaces = 

        bind interfaces only = No

        security = USER

        auth methods = 

        encrypt passwords = Yes

        update encrypted = No

        client schannel = Auto

        server schannel = Auto

        allow trusted domains = Yes

        hosts equiv = 

        min password length = 5

        map to guest = Bad User

        null passwords = No

        obey pam restrictions = No

        password server = *

        smb passwd file = /var/lib/samba/private/smbpasswd

        private dir = /var/lib/samba/private

        passdb backend = ldapsam:ldap://ldap-usa.u4eatech.com, smbpasswd

        algorithmic rid base = 1000

        root directory = 

        guest account = ftp

        enable privileges = No

        pam password change = No

        passwd program = 

        passwd chat = *new*password* %n\n *new*password* %n\n *changed*

        passwd chat debug = No

        passwd chat timeout = 2

        check password script = 

        username map = 

        password level = 0

        username level = 0

        unix password sync = No

        restrict anonymous = 0

        lanman auth = Yes

        ntlm auth = Yes

        client NTLMv2 auth = No

        client lanman auth = Yes

        client plaintext auth = Yes

        preload modules = 

        use kerberos keytab = No

        log level = 10

        syslog = 1

        syslog only = No

        log file = /var/log/samba3/log.%m

        max log size = 50

        debug timestamp = Yes

        debug hires timestamp = No

        debug pid = No

        debug uid = No

        smb ports = 445 139

        large readwrite = Yes

        max protocol = NT1

        min protocol = CORE

        read bmpx = No

        read raw = Yes

        write raw = Yes

        disable netbios = No

        acl compatibility = 

        defer sharing violations = Yes

        nt pipe support = Yes

        nt status support = Yes

        announce version = 4.9

        announce as = NT

        max mux = 50

        max xmit = 16644

        name resolve order = wins hosts lmhosts bcast

        max ttl = 259200

        max wins ttl = 518400

        min wins ttl = 21600

        time server = No

        unix extensions = Yes

        use spnego = Yes

        client signing = auto

        server signing = No

        client use spnego = Yes

        change notify timeout = 60

        deadtime = 0

        getwd cache = Yes

        keepalive = 300

        kernel change notify = Yes

        lpq cache time = 30

        max smbd processes = 0

        paranoid server security = Yes

        max disk size = 0

        max open files = 10000

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        use mmap = Yes

        hostname lookups = No

        name cache timeout = 660

        load printers = Yes

        printcap cache time = 0

        printcap name = 

        cups server = 

        disable spoolss = No

        enumports command = 

        addprinter command = 

        deleteprinter command = 

        show add printer wizard = Yes

        os2 driver map = 

        mangling method = hash2

        mangle prefix = 1

        stat cache = Yes

        machine password timeout = 604800

        add user script = 

        delete user script = 

        add group script = 

        delete group script = 

        add user to group script = 

        delete user from group script = 

        set primary group script = 

        add machine script = 

        shutdown script = 

        abort shutdown script = 

        logon script = 

        logon path = \\%N\%U\profile

        logon drive = 

        logon home = \\%N\%U

        domain logons = No

        os level = 20

        lm announce = Auto

        lm interval = 60

        preferred master = Yes

        local master = Yes

        domain master = Auto

        browse list = Yes

        enhanced browsing = Yes

        dns proxy = No

        wins proxy = Yes

        wins server = 

        wins support = Yes

        wins hook = 

        wins partners = 

        kernel oplocks = Yes

        lock spin count = 3

        lock spin time = 10

        oplock break wait time = 0

        ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com

        ldap delete dn = Yes

        ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"

        ldap group suffix = 

        ldap idmap suffix = 

        ldap machine suffix = 

        ldap passwd sync = Yes

        ldap replication sleep = 1000

        ldap suffix = dc=u4eatech,dc=com

        ldap ssl = 

        ldap timeout = 15

        ldap user suffix = ou=People

        add share command = 

        change share command = 

        delete share command = 

        config file = 

        preload = 

        lock directory = /var/cache/samba

        pid directory = /var/run/samba

        utmp directory = 

        wtmp directory = 

        utmp = No

        default service = 

        message command = 

        dfree command = 

        get quota command = 

        set quota command = 

        remote announce = 

        remote browse sync = 

        socket address = 0.0.0.0

        homedir map = auto.home

        afs username map = 

        afs token lifetime = 604800

        log nt token command = 

        time offset = 0

        NIS homedir = No

        panic action = 

        host msdfs = No

        enable rid algorithm = Yes

        idmap backend = ldap:ldap://cygnus_new

        idmap uid = 

        idmap gid = 

        template primary group = nobody

        template homedir = /home/%D/%U

        template shell = /bin/false

        winbind separator = \

        winbind cache time = 300

        winbind enable local accounts = No

        winbind enum users = No

        winbind enum groups = No

        winbind use default domain = No

        winbind trusted domains only = No

        winbind nested groups = No

        comment = 

        path = 

        username = 

        invalid users = 

        valid users = 

        admin users = 

        read list = 

        write list = 

        printer admin = 

        force user = 

        force group = 

        read only = Yes

        create mask = 0744

        force create mode = 00

        security mask = 0777

        force security mode = 00

        directory mask = 0755

        force directory mode = 00

        directory security mask = 0777

        force directory security mode = 00

        force unknown acl user = No

        inherit permissions = No

        inherit acls = No

        guest only = No

        guest ok = No

        only user = No

        hosts allow = 

        hosts deny = 

        allocation roundup size = 1048576

        ea support = No

        nt acl support = Yes

        profile acls = No

        map acl inherit = No

        afs share = No

        block size = 1024

        max connections = 0

        min print space = 0

        strict allocate = No

        strict sync = No

        sync always = No

        use sendfile = No

        write cache size = 0

        max reported print jobs = 0

        max print jobs = 1000

        printable = No

        printing = cups

        cups options = 

        print command = 

        lpq command = %p

        lprm command = 

        lppause command = 

        lpresume command = 

        queuepause command = 

        queueresume command = 

        printer name = 

        use client driver = No

        default devmode = No

        force printername = No

        default case = lower

        case sensitive = Auto

        preserve case = Yes

        short preserve case = Yes

        mangling char = ~

        hide dot files = Yes

        hide special files = No

        hide unreadable = No

        hide unwriteable files = No

        delete veto files = No

        veto files = 

        hide files = 

        veto oplock files = 

        map system = No

        map hidden = No

        map archive = Yes

        mangled names = Yes

        mangled map = 

        store dos attributes = No

        browseable = Yes

        blocking locks = Yes

        csc policy = manual

        fake oplocks = No

        locking = Yes

        oplocks = Yes

        level2 oplocks = Yes

        oplock contention limit = 2

        posix locking = Yes

        strict locking = Yes

        share modes = Yes

        copy = 

        include = 

        preexec = 

        preexec close = No

        postexec = 

        root preexec = 

        root preexec close = No

        root postexec = 

        available = Yes

        volume = 

        fstype = NTFS

        set directory = No

        wide links = Yes

        follow symlinks = Yes

        dont descend = 

        magic script = 

        magic output = 

        delete readonly = No

        dos filemode = No

        dos filetimes = Yes

        dos filetime resolution = No

        fake directory create times = No

        vfs objects = 

        msdfs root = No

        msdfs proxy = 

[homes]

        comment = Home Directories

        read only = No

[public]

        path = /home/sambash

        read only = No

        guest only = Yes

        guest ok = Yes

[www]

        path = /home/www/localhost

        read only = No

        guest only = Yes

        guest ok = Yes

[backups]

        path = /home

        valid users = @backups

        browseable = No

[fremont]

        path = /home/fremont

        read only = No

```

----------

## Po0ky

net groupmap list?

----------

## jaccort

Ah.

```

cronus ~ # net groupmap list

[2006/01/10 08:59:41, 0] param/loadparm.c:map_parameter(2536)

  Unknown parameter encountered: "ldap filter"

[2006/01/10 08:59:41, 0] param/loadparm.c:lp_do_parameter(3277)

  Ignoring unknown parameter "ldap filter"

[2006/01/10 08:59:41, 0] param/loadparm.c:map_parameter(2536)

  Unknown parameter encountered: "template primary group"

[2006/01/10 08:59:41, 0] param/loadparm.c:lp_do_parameter(3277)

  Ignoring unknown parameter "template primary group"

```

Looking around, it seems I've not got all the requisite entries in the LDAP database.  

This could be fun to fix.

----------

## Po0ky

emerge -pv samba  :Smile: 

----------

## jaccort

```

cronus ~ # emerge -pv samba

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-fs/samba-3.0.20b  +acl -async -automount +cups -doc -examples -kerberos +ldap -ldapsam -libclamav +mysql -oav +pam +postgres +python +quotas +readline (-selinux) +swat -syslog +winbind -xml -xml2 0 kB

Total size of downloads: 0 kB

cronus ~ #

```

----------

## casso

Did you manage to get your Samba server operational?

From your logs, you are missing domain information, group mapping, an entry for the root and nobody users under Samba, and probably more. I would suggest making your Samba server a member of a domain (i.e.: a PDC) and adding all the relevant group mapping information in. Most of the information you need for this is in the SAMBA-HOWTO-Collection as well as the information for adding the root and nobody accounts to the Samba backend, which in your case is LDAP.

It would be nice if you could close this thread off with a solved at some stage.

----------

## jaccort

To be honest, it was so long ago that I can barely remember myself  :Wink: 

At the time, I was working with what I'd inherited.  In the end, I decided that trying to maintain it as it was was far too much hassle and went down the Windows domain route.  Since I then put all the necessary information into LDAP for Samba to work properly as a domain controller, I've had far fewer issues.

----------

