[Samba] cancelling interdomain trusts
s.jousse at free.fr
s.jousse at free.fr
Mon Dec 22 10:05:07 GMT 2003
Hi Craig
I'm new to Samba 3, and I still have problems with LDAP ;o)
But maybe i can help on this...
I think you want to remove a Workstation (the $ told me that) but there're not
the W flag in sambaAcctFlags.
Sorry if I'm wrong...
Seb.
Selon Craig White <craigwhite at azapple.com>:
> Mother always told me that there'd be days like this. She just didn't
> tell me that they go on for weeks.
>
> OK - John's book suggests that we're not complete in this arena
> here...Yeah, I bought the Samba 3 How-to-guide - Borders/Phoenix had 3
> on the shelf (now 2) - and also an LDAP book for reference. It's been a
> fun weekend ;-)
>
> problemo...
>
> # smbpasswd -x -i MULLEN
> ldapsam_delete_entry: Could not delete attributes for
> uid=mullen$,ou=People,o=Mullen,c=US, error: Object class violation
> (object class 'person' requires attribute 'cn')
> Failed to delete entry for user MULLEN$.
> Failed to modify password entry for user MULLEN$
>
> [must check - yes, cn=MULLEN$ is there, but the $ is probably kinking
> the hose...dunno - it found it in simple search further down email]
>
> # net rpc trustdom list
> Password:
> The username or password was not correct.
> [2003/12/21 23:08:46, 0] utils/net_rpc.c:rpc_trustdom_list(2028)
> Couldn't connect to domain controller
>
> [too tired to figure this last one out]
>
> # ldapsearch -x -h localhost -b 'o=Mullen,c=US' '(uid=MULLEN$)'
> version: 2
>
> #
> # filter: (uid=MULLEN$)
> # requesting: ALL
> #
>
> # mullen$, People, Mullen, US
> dn: uid=mullen$,ou=People,o=Mullen,c=US
> uid: mullen$
> cn: mullen$
> sn: mullen$
> mail: mullen$@mullenpr.com
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: kerberosSecurityObject
> objectClass: sambaSamAccount
> krbName: mullen$@MULLENPR.COM
> loginShell: /bin/false
> uidNumber: 1001
> gidNumber: 1001
> homeDirectory: /home/mullen
> sambaSID: S-1-5-21-3186189368-1246494298-1334198317-3002
> sambaPrimaryGroupSID: S-1-5-21-3186189368-1246494298-1334198317-3003
> sambaPwdCanChange: 1072073389
> sambaPwdMustChange: 2147483647
> sambaLMPassword: the-names-have-been-changed
> sambaNTPassword: to-protect-the-innocent
> sambaPwdLastSet: 1072073389
> sambaAcctFlags: [I ]
>
> yes, there's an entry in /etc/passwd for MULLEN$ (had to hand edit after
> adding the user mullen)
>
> interdomain trust was working earlier today - but I ended up purging the
> LDAP one last time because I had to get rid of SID's from original
> domain captured by net rpc vampire and create a new SID for the second
> domain.
>
> wanted to just delete the trust from LINUX-DOMAIN to WINDOWS-DOMAIN to
> start over. Trust from WINDOWS-DOMAIN to LINUX-DOMAIN seems OK.
>
> Learning Samba 3 (so much has changed from 2.2x) simultaneously with
> LDAP has been a numbing experience. Methinks that there are config stuff
> for smb3 that aren't in LDAP db - possibly in secrets.tdb - sort of
> samba's equiv to the Windows registry. Don't mind passwords, but where
> do they hide the things like group mapping and domain trusts? I probably
> should have 'nuked' the secrets.tdb but I'm tired, chicken and perhaps
> someone will shine light in the dark corners.
>
> Craig
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list