Fwd: Re: [Samba] smbpasswd fails to add machine account with
ldapsam
Christoph Rudorff
christoph at wtal.de
Tue Nov 18 16:44:03 GMT 2003
Am Dienstag, 18. November 2003 15:08 schrieb Aaron Smith:
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=People
> ldap group suffix = ou=Group
> ldap suffix = dc=pandora-net,dc=com
from the smb.conf:
# Seperate suffixes are available for machines, users, groups, and idmap, if
# ldap suffix appears first, it is appended to the specific suffix.
Meanwhile, we hacked a perl script, which does a colorful output of ldap.conf.
ADD is ok, but filter=(&(uid=nopliz$)(objectClass=sambaSamAccount)) must fail,
because sambaSamAccount was not added by samba. Used to be add by the script,
but the lines are commented out:
if (!$with_smbpasswd) {
# (jtournier)
# Objectclass sambaSAMAccount is now added directly by samba when joigning
the domain (for samba3)
#if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
# die "$0: error while adding samba account\n";
#}
} else {
if (!add_samba_machine($userName)) {
die "$0: error while adding samba account\n";
}
Next lookup is
SRCH base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
filter=(&(objectClass=posixAccount)(uid=nopliz$))
so why people? I rubbed that work out of the smb.conf file. Must there be some
more Informations in the ldap? SambaDomain? Or group mappings for the machine
accounts? If uid ends with '$' samba should know .....
chris
ps: if someone is interesting in our colortail.ldap script, drop me a line.
---------------
ACCEPT conn=922 fd=29 from IP=127.0.0.1:36587 (IP=0.0.0.0:389)
BIND dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de method=128
BIND dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de mech=simple ssf=0
RESULT tag=97 err=0 text=
ADD dn=uid=nopliz$,ou=Hosts,dc=mki,dc=fh-duesseldorf,dc=de
RESULT tag=105 err=0 text=
UNBIND
CLOSED conn=922 fd=29
ACCEPT conn=915 fd=26 from IP=127.0.0.1:36580 (IP=0.0.0.0:389)
BIND dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de method=128
BIND dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de mech=simple ssf=0
RESULT tag=97 err=0 text=
SRCH base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
filter=(&(objectClass=sambaDomain)(sambaDomainName=MKIDOM))
attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid
sambaSID sambaAlgorithmicRidBase objectClass
RESULT tag=101 err=0 nentries=1 text=
SRCH base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
filter=(&(uid=Administrator)(objectClass=sambaSamAccount))
attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime samba
LogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaU
serWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags
RESULT tag=101 err=0 nentries=1 text=
SRCH base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
filter=(&(objectClass=sambaGroupMapping)(gidNumber=512))
attr=gidNumber sambaSID sambaGroupType description displayName cn
objectClass
RESULT tag=101 err=0 nentries=1 text=
SRCH base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
filter=(&(objectClass=sambaGroupMapping)(gidNumber=544))
attr=gidNumber sambaSID sambaGroupType description displayName cn
objectClass
RESULT tag=101 err=0 nentries=1 text=
SRCH base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
filter=(&(uid=nopliz$)(objectClass=sambaSamAccount))
attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet
sambaPwdCanChange sambaPwdMustChange sambaLogonTime samba
LogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath
sambaLogonScript sambaProfilePath description sambaU
serWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword
sambaDomainName objectClass sambaAcctFlags
RESULT tag=101 err=0 nentries=0 text=
CLOSED conn=915 fd=26
ACCEPT conn=918 fd=27 from IP=127.0.0.1:36583 (IP=0.0.0.0:389)
BIND dn= method=128
RESULT tag=97 err=0 text=
SRCH base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
filter=(&(objectClass=posixAccount)(uid=nopliz$))
attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
RESULT tag=101 err=0 nentries=0 text=
SRCH base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
filter=(&(objectClass=posixAccount)(uid=NOPLIZ$))
attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
RESULT tag=101 err=0 nentries=0 text=
SRCH base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
filter=(&(objectClass=posixAccount)(uid=nopliz$))
attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
RESULT tag=101 err=0 nentries=0 text=
SRCH base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
filter=(&(objectClass=posixAccount)(uid=NOPLIZ$))
attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell
gecos description objectClass
RESULT tag=101 err=0 nentries=0 text=
CLOSED conn=918 fd=27
More information about the samba
mailing list