Fwd: Re: [Samba] smbpasswd fails to add machine account with ldapsam

Christoph Rudorff christoph at wtal.de
Tue Nov 18 16:44:03 GMT 2003 

Am Dienstag, 18. November 2003 15:08 schrieb Aaron Smith:
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=People
> ldap group suffix = ou=Group
> ldap suffix = dc=pandora-net,dc=com

from the smb.conf:
# Seperate suffixes are available for machines, users, groups, and idmap, if
# ldap suffix appears first, it is appended to the specific suffix.

Meanwhile, we hacked a perl script, which does a colorful output of ldap.conf.
ADD is ok, but filter=(&(uid=nopliz$)(objectClass=sambaSamAccount)) must fail, 
because sambaSamAccount was not added by samba. Used to be add by the script, 
but the lines are commented out: 

if (!$with_smbpasswd) {
  # (jtournier)
  # Objectclass sambaSAMAccount is now added directly by samba when joigning 
the domain (for samba3)
  #if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
  #  die "$0: error while adding samba account\n";
  #}
    } else {
  if (!add_samba_machine($userName)) {
      die "$0: error while adding samba account\n";
  }

Next lookup is 
SRCH    base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
        filter=(&(objectClass=posixAccount)(uid=nopliz$))

so why people? I rubbed that work out of the smb.conf file. Must there be some 
more Informations in the ldap? SambaDomain? Or group mappings for the machine 
accounts? If uid ends with '$' samba should know .....

chris


ps: if someone is interesting in our colortail.ldap script, drop me a line.
---------------

ACCEPT  conn=922 fd=29 from IP=127.0.0.1:36587 (IP=0.0.0.0:389)
BIND    dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de method=128
BIND    dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de mech=simple ssf=0
RESULT  tag=97 err=0 text=
ADD     dn=uid=nopliz$,ou=Hosts,dc=mki,dc=fh-duesseldorf,dc=de
RESULT  tag=105 err=0 text=
UNBIND
CLOSED  conn=922 fd=29

ACCEPT  conn=915 fd=26 from IP=127.0.0.1:36580 (IP=0.0.0.0:389)
BIND    dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de method=128
BIND    dn=cn=Manager,dc=mki,dc=fh-duesseldorf,dc=de mech=simple ssf=0
RESULT  tag=97 err=0 text=
SRCH    base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
        filter=(&(objectClass=sambaDomain)(sambaDomainName=MKIDOM))
        attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid 
sambaSID sambaAlgorithmicRidBase objectClass
RESULT  tag=101 err=0 nentries=1 text=
SRCH    base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
        filter=(&(uid=Administrator)(objectClass=sambaSamAccount))
        attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet 
sambaPwdCanChange sambaPwdMustChange sambaLogonTime samba
LogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaU
serWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
sambaDomainName objectClass sambaAcctFlags
RESULT  tag=101 err=0 nentries=1 text=
SRCH    base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
        filter=(&(objectClass=sambaGroupMapping)(gidNumber=512))
        attr=gidNumber sambaSID sambaGroupType description displayName cn 
objectClass
RESULT  tag=101 err=0 nentries=1 text=
SRCH    base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
        filter=(&(objectClass=sambaGroupMapping)(gidNumber=544))
        attr=gidNumber sambaSID sambaGroupType description displayName cn 
objectClass
RESULT  tag=101 err=0 nentries=1 text=
SRCH    base=dc=mki,dc=fh-duesseldorf,dc=de scope=2
        filter=(&(uid=nopliz$)(objectClass=sambaSamAccount))
        attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet 
sambaPwdCanChange sambaPwdMustChange sambaLogonTime samba
LogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath 
sambaLogonScript sambaProfilePath description sambaU
serWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword 
sambaDomainName objectClass sambaAcctFlags
RESULT  tag=101 err=0 nentries=0 text=
CLOSED  conn=915 fd=26

ACCEPT  conn=918 fd=27 from IP=127.0.0.1:36583 (IP=0.0.0.0:389)
BIND    dn= method=128
RESULT  tag=97 err=0 text=
SRCH    base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
        filter=(&(objectClass=posixAccount)(uid=nopliz$))
        attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell 
gecos description objectClass
RESULT  tag=101 err=0 nentries=0 text=
SRCH    base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
        filter=(&(objectClass=posixAccount)(uid=NOPLIZ$))
        attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell 
gecos description objectClass
RESULT  tag=101 err=0 nentries=0 text=
SRCH    base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
        filter=(&(objectClass=posixAccount)(uid=nopliz$))
        attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell 
gecos description objectClass
RESULT  tag=101 err=0 nentries=0 text=
SRCH    base=ou=People,dc=mki,dc=fh-duesseldorf,dc=de scope=1
        filter=(&(objectClass=posixAccount)(uid=NOPLIZ$))
        attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell 
gecos description objectClass
RESULT  tag=101 err=0 nentries=0 text=
CLOSED  conn=918 fd=27

More information about the samba mailing list