[Samba] samba 3.0 - ldap - pdc
Stéphane Purnelle
stephane.purnelle at tiscali.be
Mon Dec 29 15:10:17 GMT 2003
Wolfgang Pichler a écrit :
>hi,
>
>thanx for this fast reply
>
>at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#smbpasswd there
>is documented that
>----------
>Example for (-a )dd a new (-m)achine named icb$ with debug (-D ) set
>to 256:
>
>./bin/smbpasswd -m -a icb$ -D 256
>----------
>this command is needed to add a machine to my PDC - but there isn't
>mentioned that i first have to create an user account with the same name
>(which doesn't seems to be logically to me). The aboce command should
>create the account (or i am wrong?)
>
>wolfi
>
>Am Mo, den 29.12.2003 schrieb Stéphane Purnelle um 15:51:
>
>
>>Wolfgang Pichler a écrit :
>>
>>
>>
>>>hi all,
>>>
>>>i am actually trying to get samba 3.01 (on SLES 8.0) working as PDC with
>>>the ldap backend. I have already configured nsswitch to also use ldap
>>>for groups and passwords (the root user is still in the /etc/passwd file
>>>- i can't imagine that putting the root user into openldap is a really
>>>good idea).
>>>
>>>There is one sentence in the howto
>>>(http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html#create_ldap_recs)
>>>which i don't understand complete - "Remember that if you need join a
>>>XP to the domain, an uidNumber=0 account is ALSO required (ie
>>>Administrator or root accounts)." - should this mean that i need (when
>>>i'd like to join XP's - not win2k?) to add the objectClass posixaccount
>>>to the Administrator entrie with the uidNumber 0 ? - If this is so -
>>>doesn't this collidates then with the root user in the /etc/passwd file
>>>?
>>>
>>>There is also another thing - I've triied to add a workstation with:
>>>"smbpasswd -a -m nomicro$ -D 256" - then i got this:
>>>-----------
>>>some messages about connecting...
>>>The LDAP server is succesful connected
>>>pdb backend ldapsam has a valid init
>>>Attempting to find an passdb backend to match guest (guest)
>>>Found pdb backend guest
>>>pdb backend guest has a valid init
>>>smbldap_search_suffix: searching
>>>for:[(&(uid=nomicro$)(objectclass=sambaSamAccount))]
>>>smbldap_open: already connected to the LDAP server
>>>ldapsam_getsampwnam: Unable to locate user [nomicro$] count=0
>>>Finding user nomicro$
>>>Trying _Get_Pwnam(), username as lowercase is nomicro$
>>>Trying _Get_Pwnam(), username as uppercase is NOMICRO$
>>>Checking combinations of 0 uppercase letters in nomicro$
>>>Get_Pwnam_internals didn't find user [nomicro$]!
>>>Failed to initialise SAM_ACCOUNT for user nomicro$.
>>>Failed to modify password entry for user nomicro$
>>>------
>>>
>>>this looks like it is searching for the user so that it can alter his
>>>password - but i wanted to add the user not to alter the password, so
>>>what is here wrong.
>>>
>>>and, the relevant parts from my smb.conf
>>>-------------
>>>[global]
>>> workgroup = DIALOG-TELEKOM
>>> netbios name = ZION
>>> comment = Dialog PDC
>>> security = user
>>> null passwords = Yes
>>> encrypt passwords = yes
>>> logon drive = U:
>>> logon path = \\%N\profiles\%g
>>> domain master = yes
>>> domain logons = yes
>>> preferred master = yes
>>> os level = 255
>>> wins support = yes
>>> public = No
>>> browseable = No
>>> writable = No
>>> debug level = 255
>>> # ldap parameters
>>> passdb backend = ldapsam
>>> ldap admin dn = "cn=administrator,dc=dialog-telekom,dc=at"
>>> ldap suffix = dc=dialog-telekom,dc=at
>>> ldap machine suffix = ou=computers
>>> ldap user suffix = ou=people
>>> ldap ssl = No
>>> ldap delete dn = no
>>>-----------
>>>
>>>hope this arn't stupid questions ;-)
>>>
>>>have a nice day
>>>wolfi
>>>
>>>
>>>
>>>
>>>
>>Have you created the account nomicro ?
>>smbuseradd -w nomicro
>>
>>
>
>
>
>
Could you see in your LDAP tree is you are a nomicro$$, samba add the
'$' directly.
More information about the samba
mailing list