SAMBA LDAP issue after completing CentOS 5.x Samba Domain Controller With LDAP

Discussion in 'Server Operation' started by tygerlilyjp, Jun 3, 2011.

  1. tygerlilyjp

    tygerlilyjp New Member

    Hello,

    I'm setting up an SMB server for my company for the first time in Linux using ldap as a passwd back end. I can log into the samba share using root, but I cannot log in as a normal user nor anonymous. I used the CentOS 5.x Samba Domain Controller With LDAP backend tutorial

    When I type in: smbclient //servername/in-depth -U gilligan. It asks me for my password and then replies with: Domain=[INDEPTH] OS=[Unix] Server=[Samba 3.5.4-0.70.el5_6.1]
    tree connect failed: NT_STATUS_BAD_NETWORK_NAME

    I'm not sure where to go from here since I have the firewall and SElinux turned off and the documentation on the error is minimal outside of those parameters.

    /samba/log.gilligan shows:


    [2011/06/03 10:24:13.353093, 0] smbd/service.c:988(make_connection_snum)
    canonicalize_connect_path failed for service in-depth, path /storage/in-depth

    My smb.conf file is:

    # Global parameters
    [global]
    ldap ssl = off
    passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
    preserve case = yes
    enable privileges = yes
    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
    show add printer wizard = yes
    time server = Yes
    passwd program = /usr/sbin/smbldap-passwd -u "%u"
    nt acl support = Yes
    netbios name = SAMBATEST
    printing = cups
    ldap passwd sync = yes
    logon script = logon.bat
    dos charset = 850
    workgroup = indepth
    os level = 65
    ldap admin dn = cn=root,dc=indepth,dc=com
    printcap name = cups
    security = user
    short preserve case = yes
    dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
    add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
    delete user script = /usr/sbin/smbldap-userdel "%u"
    max log size = 100000
    log level = 0
    log file = /var/log/samba/log.%U
    guest account = nobody
    load printers = Yes
    ldap user suffix = ou=Users
    add group script = /usr/sbin/smbldap-groupadd -p "%g"
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
    mangling method = hash2
    logon drive = H:
    deadtime = 10
    create mask = 0640
    map to guest = Bad User
    # domain master = Yes
    encrypt passwords = Yes
    # logon home =
    passdb backend = ldapsam:ldap://10.10.11.101:389
    case sensitive = no
    ldap machine suffix = ou=Computers
    ldap group suffix = ou=Group
    server string = Samba Server %v
    ldap suffix = dc=indepth,dc=com
    unix password sync = no
    logon path =
    directory mask = 0750
    add user script = /usr/sbin/smbldap-useradd -m "%u"
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    syslog = 0
    unix charset = ISO8859-1
    domain logons = Yes
    #interfaces = 192.168.5.11
    username map = /etc/samba/smbusers
    #security = ads
    # min passwd length = 3
    #pam password change = no
    #obey pam restrictions = NO

    # method 1:
    #unix password sync = no
    #ldap passwd sync = yes

    # method 2:



    # passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
    #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
    ldap idmap suffix = ou=Idmap
    ldap delete dn = Yes
    delete group script = /usr/sbin/smbldap-groupdel "%g"

    # printers configuration
    #printer admin = @"Print Operators"
    #force create mode = 0640
    #force directory mode = 0750
    ; to maintain capital letters in shortcuts in any of the profile folders:

    [netlogon]
    path = /home/netlogon/
    browseable = No
    read only = yes

    [profiles]
    path = /home/profiles
    read only = no
    create mask = 0600
    directory mask = 0700
    browseable = No
    guest ok = Yes
    profile acls = yes
    csc policy = disable
    # next line is a great way to secure the profiles
    force user = %U
    # next line allows administrator to access all profiles
    #valid users = %U "Domain Admins"

    [printers]
    comment = Network Printers
    #printer admin = @"Print Operators"
    guest ok = yes
    printable = yes
    path = /home/spool/
    browseable = No
    read only = Yes
    printable = Yes
    print command = /usr/bin/lpr -P%p -r %s
    lpq command = /usr/bin/lpq -P%p
    lprm command = /usr/bin/lprm -P%p %j
    # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
    # lpq command = /usr/bin/lpq -U%U@%M -P%p
    # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
    # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
    # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
    # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
    # queueresume command = /usr/sbin/lpc -U%U@%M start %p

    [print$]
    path = /home/printers
    guest ok = No
    browseable = Yes
    read only = Yes
    valid users = @"Print Operators"
    write list = @"Print Operators"
    create mask = 0664
    directory mask = 0775

    [public]
    path = /tmp
    guest ok = yes
    browseable = Yes
    writable = yes
    [in-depth]
    inherit owner = yes
    writeable = yes
    path = /storage/in-depth
    force directory mode = 770
    create mask = 0777
    comment = Top-Level Fulton SMB Share
    valid users = @Shared
    directory mode = 3770
    guest ok = no

    My user in ldap is apart of the Shared group as is root. Any suggestions on where I should be looking to resolve this issue?

    Thanks in advance.
     

Share This Page