[Samba] Adding a machine; I think I am onto something
lrivera at racsa.co.cr
Sun Jan 19 00:02:01 GMT 2003
I meditated long and hard on how to do this separation on 2.2.7a, even
going so far as to code most of the patch, but ran into the stone wall
that the search for the computer account is ALWAYS done as a search for
a user account (just with a "different" name - meaning the trailing $),
so I'd have to recode a lot of the stuff that searches for user accounts
to handle that.
Also, the way the user account is searched for is spread throughout, and
calls to getpwent() are made as well to find it, and THAT I definitely
could not change, since it is the correct behavior.
What's actually needed is full separation of the search for users and
computers, and that's not worth it (IMHO) in 2.2.7a if 3.0alpha has it
already (I believe it does). I'd rather contribute to 3.0alpha and help
get it out the door quicker than try to expand functionality on 2.2.7a.
Just my 2 cent's worth! :)
On Sat, 2003-01-18 at 16:56, Jim wrote:
> Parameters are:
> Samba 2.2.7a PDC setup with LDAP includeing posix authentication for Linux.
> OK, the tutorial I've based my setup on is the Mandrake tutorial found
> at http://www.mandrakesecure.net/en/docs/ldap-auth.php
> Works great for autenticateing Linux from LDAP but it is really sparse
> on the Samba side of things. Esepcially when it comes to adding machine
> trust accounts.
> So anyway I have some theories I would like verified.
> I've found that I can add a posix based machine name and that works fine
> BUT it only works in ou=People. The system cannot find a machine
> account in ou=Computers.
> Seems to me that several things have occured:
> > Jan 18 14:08:42 enigma smbd: [2003/01/18 14:08:42, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859)
> > Jan 18 14:08:42 enigma smbd: LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries.
> 1. Search for a uid=spartack$ which also has objectclass=sambaAccount.
> > Jan 18 14:08:42 enigma smbd: [2003/01/18 14:08:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176)
> 2. Get the password.
> > Jan 18 14:08:42 enigma smbd: get_md4pw: Workstation spartack$: no account in domain
> 3. Can't find the account.(of course because the user has not been added
> by the 'add user script' setting in smb.conf yet.)
> > Jan 18 14:08:49 enigma smbd: [2003/01/18 14:08:49, 0] passdb/pdb_ldap.c:pdb_getsampwnam(859)
> > Jan 18 14:08:49 enigma smbd: LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries.
> > Jan 18 14:08:50 enigma smbd: [2003/01/18 14:08:50, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929)
> > Jan 18 14:08:50 enigma smbd: User spartack$ does not exist in system password file (usually /etc/passwd). Cannot add account without
> > a valid local system user.
> 4. Try again only execute the 'add user script' first.
> Theoretically, it did not find one because there is no objectClass
> sambaAccount in the entry HOWEVER, I know from previous attempts it does
> find the posix only Computer account when it is placed in ou=People. Is
> there perhaps a different search performed the fist time around despite
> the log entry or is my understanding of
> "(&(uid=spartack_)(objectclass=sambaAccount))" flawed?
> So am I on target here? I can solve the problem if I can understand it. :-)
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba