[Samba] It would seem to be simple but it's got me scratching my head

Thu Dec 18 06:09:55 GMT 2003

Craig,

A few pointers might help you. I had to sweat my way through this stuff so
I can document it for my new book. This gave me one of those rare moments
when I started with totally clean systems and set everything up on an
isolated network. A real tease!

1. Beware of the ldap.conf file that has:
	nss_base_group          ou=Group,dc=abmas,dc=biz?one
when it should be:
        nss_base_group          ou=Groups,dc=abmas,dc=biz?one

That extra "s" caught me too. It's oly one character though! :)

2. Do not use the "Computers" container for machine accounts. It breaks.
You can totally avoid the problem by just using the "People" container.
There is apparently a Samba/LDAP search bug there. Jerry did warn me, but
I had to prove it for myself! :(

The symptom of the bug is that Samba (LDAP) can not find the trust account
for the workstation (same for BDCs).

3. Current CVS (and 3.0.1) has apparanetly a bug that prevents
Workstations from logging onto the domain for the first time. I
down-graded to CVS December 1st, and I could log on. Then I updated to
current CVS and it works fine. This bug bites only when a machine first
joins the domain. Rejoins work fine.

4. As for the vampire process - make sure that the back-end you use can
create accounts that have spaces and/or upper-case characters in the name.
If your backend can't handle this you must create a work-around that
intercepts the illegal name and mangles it to something that is legal for
the underlying backend.

I hope these comments prove a little helpful - if not too late.

Cheers,
John T.

On Wed, 17 Dec 2003, Craig White wrote:

> Answering my own question...Group / Groups - what's an 's' between
> friends - made me crazy.
>
> Anyway - got net rpc vampire completely in.
>
> At the end of the 'slurp' I got this one message...
>
> SAM_DELTA_DOMAIN_INFO not handled
>
> My google searches makes me think that this is about Upper case User
> names which ultimately won't be a problem because those logins will go
> bye bye anyway... Any other reason to worry because of that message?
>
> Craig
>
> On Wed, 2003-12-17 at 20:47, Craig White wrote:
> > Samba 3.0.0 - RH AS 3
> >
> > # ./smbldap-groupshow.pl Computers
> > No such object at /usr/local/sbin//smbldap_tools.pm line 590, <DATA>
> > line 283.
> >
> >
> > # ./smbldap-usershow.pl cnassa
> > dn: uid=cnassa,ou=People,o=Mullen,c=US
> >
> > Why can't I get the groups to work correctly, I do have a 'Computers'
> > group?  This same problem is causing a bunch of errors when I try to net
> > rpc vampire - it can't add the groups but it adds the users.
> >
> > section from smbldap_conf.pm
> > # Where are stored Users
> > # Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG
> > #$usersou = q(Users);
> > $usersou = q(People);
> > $usersdn = "ou=$usersou,$suffix";
> >
> > # Where are stored Computers
> > # Ex: $computersdn = "ou=Computers,$suffix"; for
> > ou=Computers,dc=IDEALX,dc=ORG
> > $computersou = q(Computers);
> > $computersdn = "ou=$computersou,$suffix";
> >
> > # Where are stored Groups
> > # Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG
> > $groupsou = q(Groups);
> > $groupsdn = "ou=$groupsou,$suffix";
> >
> > # Default scope Used
> > $scope = "sub";
> >
> > Craig
>
>

-- 
John H Terpstra
Email: jht at samba.org