[Samba] Samba PDC + LDAP

Sathi sathi_linux at gmx.net
Tue Jun 3 06:21:57 GMT 2003 

Hello All,

I was successfully added the machine name and username using the smbldap
tool but My windows machine was unable to contact the domain server.



But when I add the same user using smbpasswd command it adds to ldap server
and now I was able to contact the domain server.



I don't want to do this because I have to add that user as machine user
also.



[root at lotus sathi]# /usr/local/samba/bin/smbpasswd -a test

New SMB password:

Retype new SMB password:

User test does not exist in system password file (usually /etc/passwd).
Cannot add account without a valid local system user.

Failed to modify password entry for user test

[root at lotus sbin]# /usr/sbin/useradd test

[root at lotus sbin]# /usr/local/samba/bin/smbpasswd -a test

New SMB password:

Retype new SMB password:

ldap_connect_system: Binding to ldap server as "cn=Manager, dc=xxx, dc=com"

ldap_connect_system: Binding to ldap server as "cn=Manager, dc=xxx, dc=com"

Password changed for user test.

[root at lotus sbin]#



Is it possible to add the user only in LDAP and authenticate the clients?



Regards,

Sathi



> Sathi schrieb:
>
> > # ./smbldap-useradd.pl -w test
> > ldapadd: update failed: uid=test$,ou=Computers,dc=xxx,dc=com
> > ldap_add: Object class violation (65)
> >         additional info: no structural object class provided
> > ./smbldap-useradd.pl: error while adding posix account to machine test$
>
> It's not a bug, it's a feature. ;)
>
> Starting with OpenLDAP 2.1 (or 2.0 with schemacheck=on IIRC), every
> object must have exactly one structural class. If only auxiliary classes
> or more than one structural class are provided, OpenLDAP will refuse to
> create the desired object and shows the above error message.
>
> You should change your "smbldap_tools.pm" and add a structural object
> class that fits your needs. I have chosen to use the "device" object
> class for the domain computers:
>
> from smbldap_tools.pm:
>
> --- snip ---
>
> sub add_posix_machine
> {
>      my ($user, $uid, $gid) = @_;
>
>
> my $tmpldif =
> "dn: uid=$user,$computersdn
> objectclass: top
> objectclass: device               <----- add this
> objectclass: posixAccount
> cn: $user
> uid: $user
> uidNumber: $uid
> gidNumber: $gid
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
>
> --- snip ---
>
> and in "sub add_samba_machine_mkntpwd":
>
> --- snip ---
>
> "dn: uid=$user,$computersdn
> changetype: modify
> objectclass: top
> objectclass: device              <----- add this
> objectclass: posixAccount
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> acctFlags: [W          ]
> lmpassword: $lmpassword
> ntpassword: $ntpassword
> rid: $rid
> primaryGroupID: 0
>
> --- snip ---
>
>
> cu,
> Uwe
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

More information about the samba mailing list