[Samba] renaming a computer fail on a samba domain using ldap
backend
ioguix
ioguix at free.fr
Wed Apr 2 14:53:20 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Replying to myself :
Add the following conf line to smb.conf:
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
ioguix a écrit :
> Hello,
>
> I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
> Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.
>
> I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
> add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
> add group script = /usr/sbin/smbldap-groupadd '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> So far, I can add a computer on a domain, but I can't rename it.
>
> I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
> unknown.
>
> The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
> renaming it under WinXP, re-join the domain, then drop the old computer account.
>
> Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
> http://pastebin.org/26701
> The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"
>
> I could give a more verbose log file, but this one is pretty huge...
>
> So, where did I fail ?
>
> Do we can rename a computer on a samba domain ?
>
> Feel free to ask me anything more you need to help me :)
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PTTFc89vSACfRXhi
boB8PEzyPb1m8LHv15laWTc=
=CgVf
-----END PGP SIGNATURE-----
More information about the samba
mailing list