[Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]

Henrik Dige Semark hds at semark.dk
Mon Aug 17 03:04:11 MDT 2009 

Henrik Dige Semark skrev:
>  Adam Tauno WIlliams skrev:
>>  
>>> [2009/08/14 18:22:24,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
>>>  pdb_get_group_sid: Failed to find Unix account for DomAdmin
>>> [2009/08/14 18:22:24,  1] auth/auth_util.c:make_server_info_sam(562)
>>>  User DomAdmin in passdb, but getpwnam() fails!
>>>     
>>
>> I don't know why it is looking for a "DomAdmin" account. Perhaps your
>> directory is not fully initialized?  Loaded with the required users,
>> etc...
>>   
> DomAdmin, is a Domain-administrator accaunt I have created instead of 
> "admin" ore "root"
> I have ran "smbldap-populate -u 10000 -g 10000 -a admin -g guest" and 
> it populates LDAP with all the default users and groupes windows need 
> to be able to join.
> -u uidNumber  first uidNumber to allocate (default: 1000)
> -g gidNumber  first uidNumber to allocate (default: 1000)
> -a user       administrator login name (default: root)
> -b user       guest login name (default: nobody)
>>  
>>> Error: modifications require authentication at 
>>> /usr/share/perl5/smbldap_tools.pm line 1083.
>>> [2009/08/14 18:22:48,  0] 
>>> passdb/pdb_interface.c:pdb_default_create_user(336)
>>>  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd 
>>> -t 0 -w -i "hds$"' gave 127
>>>     
>>
>> I don't use smblap-tools but this looks like they don't have sufficient
>> config to authenticate to the DSA.
>>   
> Don't know what the problem is with smbldap-useradd, but when I run 
> the command alone it creates a windows machine user:
> # smbldap-useradd -w -i testcomputer
> New password : 1234
> Retype new password : 1234
> *failed to add entry: structural object class modification from 
> 'account' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd 
> line 311, <STDIN> line 2. *
>
> I have the schemas that provite account and inetOrgPerson
>
> # smbldap-useradd -?
> (c) Jerome Tournier - (jtournier at gmail.com)- Licensed under the GPL
> Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
>  -a    is a Windows User (otherwise, Posix stuff only)
>  -b    is a AIX User
>  -c    gecos
>  -d    home
>  -g    gid
>  -i    is a trust account (Windows Workstation)
>  -k    skeleton dir (with -m)
>  -m    creates home directory and copies /etc/skel
>  -n    do not create a group
>  -o    add the user in the organizational unit (relative to the user 
> suffix. Ex: 'ou=admin,ou=all')
>  -u    uid
>  -s    shell
>  -t    time. Wait 'time' seconds before exiting (when adding Windows 
> Workstation)
>  -w    is a Windows Workstation (otherwise, Posix stuff only)
>  -A    can change password ? 0 if no, 1 if yes
>  -B    must change password ? 0 if no, 1 if yes
>  -C    sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
>  -D    sambaHomeDrive (letter associated with home share, like 'H:')
>  -E    sambaLogonScript (DOS script to execute on login)
>  -F    sambaProfilePath (profile directory, like 
> '\\PDC-SRV\profiles\foo')
>  -G    supplementary comma-separated groups
>  -H    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
>  -M    local mailAddress (comma seperated)
>  -N    given name
>  -P    ends by invoking smbldap-passwd
>  -S    surname (Family name)
>  -T    mailToAddress (forward address) (comma seperated)
>  -?    show this help message
>
> Mike Eggleston skrev:
>
>    I'm not at work and am unable to compare your configuration with
>    my production configuration. I have a similar environment, though,
>    and found for windows boxes I needed to create the account in LDAP
>    first (I use smbldap-adduser ...), then I must also add my samba
>    server as a WINS server to the windows box, then I can join the
>    windows box to my samba pdc domain.
>
>    Mike
>     
> I have now tryed to set my server as wins-server - still samme problem
>
More info:
There is something I don't understand when I try to join the domain 
there is no traffic to LDAP at all, but when i do
# wbinfo -u
guest
domadmin

# wbinfo -g
domain admins
domain users
domain guests
domain computers
BUILTIN%users

# wbinfo --ping
Ping to winbindd succeeded

It looks up in LDAP just fine, so the link is apparently working fine

-- 
Med Venlig Hilsen / Best regards
Henrik Dige Semark

More information about the samba mailing list