Re: Samba (4.1.17) ldap backend create user failed

To: debian-user@lists.debian.org
Subject: Re: Samba (4.1.17) ldap backend create user failed
From: Gary Dale <garydale@torfree.net>
Date: Wed, 6 Apr 2016 09:54:47 -0400
Message-id: <[🔎] 57051527.2040003@torfree.net>
Reply-to: gary@extremeground.com
In-reply-to: <[🔎] 5704DE15.4010301@arcor.de>
References: <[🔎] 5704DE15.4010301@arcor.de>

On 06/04/16 05:59 AM, basti wrote:

Hello, I have upgrade my samba PDC from 3.xx (lenny) to 4.1 (jessie).
ldap and samba shares work all fine.

When I try to add a user I get the following

smbpasswd -a foobar
New SMB password:
Retype new SMB password:
ldapsam_create_user: Unable to allocate a new user id: bailing out!
Failed to add entry for user foobar.

I found this workaround
https://lists.samba.org/archive/samba/2009-October/151528.html

but testparam say that

WARNING: The "idmap backend" option is deprecated
Unknown parameter encountered: "idmap alloc backend"
Ignoring unknown parameter "idmap alloc backend"


smbd -V
Version 4.1.17-Debian

egrep -v "(^#|^$|^;)" /etc/samba/smb.conf
[global]
    workgroup = foo
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
os level = 255
preferred master = yes
domain master = yes
local master = yes

vfs object = recycle
recycle:repository = /home/samba/Papierkorb/%U
recycle:keeptree = yes
recycle:exclude = *.tmp *.temp *.swp
recycle:exclude_dir = /tmp /temp
recycle:touch = yes

server role = classic primary domain controller
encrypt passwords = true
passdb backend = ldapsam:ldapi:///
ldapsam:trusted=yes
ldapsam:editposix=yes
ldap admin dn = cn=admin,dc=foo
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
ldap user suffix = ou=Users
ldap suffix = dc=foo
ldap ssl = off
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    domain logons = yes
    logon path =
    logon script = login.bat
admin users = root, Administrator, @Domain Admins, admin
    ;idmap uid = 10000-20000
    ;idmap gid = 10000-20000
    ;template shell = /bin/bash

    idmap alloc config:ldap_base_dn = ou=idmap,dc=foo
    idmap alloc config:ldap_user_dn = cn=admin,dc=foo
    idmap alloc config:ldap_url = ldapi:///
    usershare allow guests = yes

[homes]
    comment = Home Directories
    browseable = no
    read only = yes
    create mask = 0700
    directory mask = 0700
    valid users = %S

[netlogon]
    comment = Network Logon Service
    path = /home/samba/netlogon
    guest ok = yes
    read only = yes

[printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    guest ok = no
    read only = yes
    create mask = 0700

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no

I want to use a samba NT4 domain and no AD.
Thanks for any help.

Best Regards, Basti

My suggestion would be to post this on a samba-specific list. It lookslike there may be a problem with your ldap setup but the samba folkswould be better at diagnosing the problem.

Reply to:

References:
- Samba (4.1.17) ldap backend create user failed
  - From: basti <black.fledermaus@arcor.de>

Prev by Date: Re: Modified Rapture<g>, and a new question
Next by Date: Re: Failure to reach login screen - nouveau problem
Previous by thread: Samba (4.1.17) ldap backend create user failed
Next by thread: nm-applet on testing with WPS & WPA2 Enterpise network: different behaviour from stable.
Index(es):
- Date
- Thread