From: Christian Geiger on
Great - that was the reason. In case someone else encounters the same
problem - adding the following lines helped:

idmap backend = ldap
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmaps,dc=lohrmann,dc=de
idmap alloc config:ldap_user_dn = cn=samba,dc=lohrmann,dc=de
idmap alloc config:ldap_url = ldap://ldap.lohrmann.de

Thx François!


Am 28.10.2009 17:23, schrieb François Legal:
> You have to define an allocation backend for idmapping, so that winbindd
> can allocate uids and gids for the users and groups that you want to
> create.
>
> On Wed, 28 Oct 2009 16:32:35 +0100, Christian Geiger
> <c.geiger(a)lohrmann.de>
> wrote:
>> Hi!
>>
>> I'm currently setting up a Samba 3 PDC. So far I managed to setup Samba
>> with an OpenLDAP backend, but adding a user with the command "net rpc
>> user add mg password -U root" results in the following error:
>>
>> Failed to add user 'mg' with: WERR_GENERAL_FAILURE.
>>
>> In the logfile it says:
>>
>> [2009/10/28 15:56:28, 0] passdb/pdb_ldap.c:ldapsam_create_user(5119)
>> ldapsam_create_user: Unable to allocate a new user id: bailing out!
>>
>> Unfortunately I cannot find any other hint on what the reason could be.
>> Has someone an idea what I might have misconfigured?
>>
>> Below's my smb.conf. The samba-user has granted the rights to manage the
>
>> whole domain-tree (olcAccess = {0}to dn.sub="dc=lohrmann,dc=de" by
>> dn="cn=samba,dc=lohrmann,dc=de" manage by * break).
>>
>> Thx a lot in advance!
>>
>> Chris
>>
>> --------
>>
>> smb.conf:
>>
>> [global]
>>
>> workgroup = LOHRMANN.DE
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> os level = 65
>>
>> passdb backend = ldapsam
>> ldap admin dn = cn=samba,dc=lohrmann,dc=de
>> ldap suffix = dc=lohrmann,dc=de
>> ldap passwd sync = yes
>> ldap machine suffix = ou=machines
>> ldap user suffix = ou=users
>> ldap group suffix = ou=groups
>> ldap idmap suffix = ou=idmaps
>> ldap ssl = no
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>>
>> ldapsam:trusted = yes
>> ldapsam:editposix = yes
>>
>> logon drive = H:
>> logon script = logon.bat
>> logon path = \\%N\profiles\%U\%a
>>
>> [homes]
>> comment = Users Home Directories
>> valid users = %S
>> writeable = yes
>>
>> [netlogon]
>> comment = Network Logon Service
>> path = /var/lib/samba/netlogon
>>
>> [profiles]
>> comment = Users profiles
>> path = /var/lib/samba/profiles
>>
>> [printers]
>> comment = All Printers
>> browseable = no
>> path = /var/spool/samba
>> printable = yes
>> guest ok = no
>> read only = yes
>> create mask = 0700
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>> browseable = yes
>> read only = yes
>> guest ok = no
>
> __________ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 4553 (20091028) __________
>
> E-Mail wurde gepr�ft mit ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba