[Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1

Sundaram Ramasamy sun at percipia.com
Fri Jan 9 21:42:42 GMT 2004 

Hi,

smbldap-useradd.pl  command -w option will append the $ sign to the computer
name.

I think its like a user account.

getent passwd

command will list computer account also.

-Sundaram

----- Original Message ----- 
From: "Jason P Holland" <jholland at cs.selu.edu>
To: "Sundaram Ramasamy" <sun at percipia.com>
Cc: <samba at lists.samba.org>
Sent: Friday, January 09, 2004 4:19 PM
Subject: Re: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1


>
> Thanks for the response.  Doesn't the machine account have to have a $ at
> the end??  In which case the user and machine account are not the same
> right?
>
> Jason
>
> On Fri, 9 Jan 2004, Sundaram Ramasamy wrote:
>
> > Can you put user and computer account in the same tree.
> >
> > change in smb.conf
> >
> >     ldap machine suffix = ou=User
> >
> > also change you smbldap_conf.pm file also.
> >
> >
> > ----- Original Message -----
> > From: "Jason P Holland" <jholland at cs.selu.edu>
> > To: <samba at lists.samba.org>
> > Sent: Friday, January 09, 2004 3:08 PM
> > Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1
> >
> >
> > >
> > > Hello,
> > >
> > > I am hoping someone will offer some help.  I'm currently trying to
setup a
> > > samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've
read
> > > loads of documentation, including
> > >
> > > http://www.hilinski.net/samba/ldap_PDC_samba.doc
> > > http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> > > http://samba.idealx.org/samba-ldap-howto.pdf
> > >
> > > As well as tons of posts in the mailing list archives, but I still
cannot
> > > get this combination to work.
> > >
> > > As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> > > smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf
password
> > > to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct
SID
> > > and ldap dn.  I've populated my ldap database using
smbldap-populate.pl,
> > > everything shows up correctly.  I've gone in to the ldap db and fixed
> > > roots uid and gid as well as its sambaSID so that it can act as
> > > administrator.  As far as I can tell, its setup correctly.
> > >
> > > However, when I go to join a W2k Workstation client, I get "The user
name
> > > could not be found.".  Thats using root-testing combination from my
config
> > > files.  Samba does automatically create the machine account, that
looks
> > > fine.  But it refuses to join the machine.  Yes, I'm aware of the
registry
> > > hack for XP,W2K machines, and that has also been changed.
> > >
> > >
> > > The weird thing is from that client, who I cannot join, I can view
shares
> > > on the PDC using root-testing user pass combination, so I know the
> > > authentication is working correctly through ldap.  So what does that
> > > user name not found error really mean?
> > >
> > > Does anyone see anything obviously wrong in my config files that would
> > > cause this?  I've cut them into the post below.  I would appreciate
any
> > > help as I'm just tired of reading and just can't seem to get past
adding
> > > a machine.  Thanks for any help...
> > >
> > > Jason
> > >
> > >
> > > --- begin ldap.conf ----
> > >
> > > HOST 127.0.0.1
> > > BASE dc=test,dc=edu
> > >
> > > ---- end ldap.conf ----
> > >
> > >
> > > --- begin slapd.conf ----
> > >
> > > include /etc/openldap/schema/core.schema
> > > include /etc/openldap/schema/cosine.schema
> > > include /etc/openldap/schema/nis.schema
> > > include /etc/openldap/schema/inetorgperson.schema
> > > include /etc/openldap/schema/samba.schema
> > >
> > > pidfile /var/run/slapd.pid
> > > argsfile /var/run/slapd.args
> > > database bdb
> > > suffix "dc=test,dc=edu"
> > > rootdn "cn=root,dc=test,dc=edu"
> > > rootpw testing
> > >
> > > directory /var/lib/ldap
> > > index objectClass eq
> > > index cn pres,sub,eq
> > > index sn pres,sub,eq
> > > index uid pres,sub,eq
> > > index displayName pres,sub,eq
> > > index uidNumber eq
> > > index gidNumber eq
> > > index memberUid eq
> > > index sambaSID eq
> > > index sambaPrimaryGroupSID eq
> > > index sambaDomainName eq
> > > index default sub
> > >
> > > ---- end slapd.conf ----
> > >
> > >
> > > ---- begin smb.conf ----
> > > [global]
> > > passdb backend = ldapsam
> > > ldap suffix = "dc=test,dc=edu"
> > > ldap machine suffix = ou=Computers
> > > ldap user suffix = ou=Users
> > > ldap group suffix = ou=Groups
> > > ldap admin dn = "cn=root,dc=test,dc=edu"
> > > ldap ssl = no
> > > idmap backend = ldap:ldap://127.0.0.1
> > > passwd chat debug = Yes
> > > passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> > > passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > > add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> > > add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> > > delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> > > add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> > > delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> > > add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u
%g
> > > delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x
%u
> > %g
> > > set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> > > workgroup = TEST
> > > netbios name = donald
> > > comment = test samba pdc
> > > security = user
> > > null passwords = yes
> > > encrypt passwords = yes
> > > logon script=logon.bat
> > > logon drive =
> > > logon path =
> > > domain master = yes
> > > domain logons = yes
> > > preferred master = yes
> > > os level = 33
> > > wins support = yes
> > > wins proxy = no
> > > log file = /var/log/samba/%m.log
> > > public = No
> > > browseable = yes
> > > writable = No
> > >
> > > ; necessary share for domain controller
> > > [netlogon]
> > > path = /netlogon
> > > locking = no
> > > read only = yes
> > > write list = ntadmin
> > >
> > > ;test share
> > > [tmp]
> > > writeable = yes
> > > public = yes
> > > path = /tmp
> > >
> > > [profiles]
> > > path = /profiles
> > > read only = no
> > > writeable = yes
> > > create mask = 0600
> > > directory mask = 0700
> > >
> > > ---- end smb.conf ---
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
>

More information about the samba mailing list