[Samba] Question on LDAP+Samba+PDC
l.rathbone at imb.uq.edu.au
Mon May 19 05:36:07 GMT 2003
>I appreciate all your help. It has been great in helping me move
>farther along as well as understand more.
>I've been working with the IDEALX scripts and they are working
>great. However, I have a couple of questions I wanted to run by you.
>As of now, I have ou's of: ou=Computers, ou=Users, ou=Groups
>I also have: cn=Domain Admins,ou=Groups
> cn=Domain Users,ou=Groups
>My question(s) are: If I want to create my own groups, for example:
>Loan Officers and Loan Processors, I can do that no problem. It
>creates it like so:
>Thus, if I had 4-5 groups, I could create them using the IDEALX
>scripts. Simple enough.
>This is where i'm a bit lost. If I create a second group,
>loanprocessors, it creates the following:
>cn=loanprocessors,ou=Groups Which is correct. However, if I
>compare the two of them, i'm confused in one spot:
># loanofficers, Groups, courtesymortgage, com
># loanprocessors, Groups, courtesymortgage, com
This is a problem - gidNumbers should be unique. Are you creating
theses manually? Make sure they have different numbers. The IDEALX
scripts should create unique numbers.
>Being that they both have gidNumber's of 1000, is that going to be a problem?
>Which leads to my next question. If I have a user, Jason, that needs
>to be added to the group loanofficers, how can I do that with the
>scripts? Is it even possible?
If the group loanofficers is the primary group for the user then that
user's gidNumber needs to be set to loanofficers gidNumber.
In addition the memberUid of the group will contain the user's uid
IDEALX have a script to add members to a group:
smbldap-groupmod.pl -m f.flintstone loanofficers
>I hope i'm not rambling. I've been struggling to find out what the
>problem is and I have not been able to find any documentation on
>Thanks for your help Lance,
>At 09:16 AM 5/16/2003 +1000, you wrote:
>>>Thanks for your help. I do appreciate it.
>>>I have been reviewing the documentation that you sent as well as
>>>the scripts from idealx. I still have a lot of questions and
>>>testing to do.
>>>If you dont mind me asking you a couple more questions, i'd love
>>>to hear your advice.
>>>Are you coming from unix? have you tried them?
>>>The actual server I am working on is brand new. Nothing on it. All
>>>of our users use Win2k Pro computers and we are setup in a
>>>workgroup environment. They will all be joining the Samba PDC
>>>This is what I currently have. I am trying to figure out how to
>>>add the users and their machines to the PDC. I've tried using the
>>>smbldap-adduser.pl script to add users to the PDC, and it seems to
>>>work. However, I do not get the response that it has been added.
>>>But if I do a search, it is added.
>>When I add a machine like that it doesn't come back with a response
>>either, but what you really want to happen is to join the domain
>>automatically. This is in the line add user script =
>>/usr/local/sbin/smbldap-useradd.pl -w %u
>>To test this out go to a machine (windows client) that doesn't have
>>an LDAP account - delete an existing account if necessary - and try
>>to join the domain from the windows client. You will be prompted
>>for a username and password. (This is your LDAP "root" user with
>>write acces to the LDAP directory.)
>>Then it will try to join the domain. My machines take 20-30 seconds
>>then come back with something about 'welcome to domain'.
>>If it takes 3-4 minutes it hasn't worked!
Lance Rathbone BSc MCompStud
Senior IT Officer
Institute for Molecular Bioscience
Queensland Bioscience Precinct
Bldg 80, Services Road
The University of Queensland
St Lucia Qld 4072
Tel +61 7 3346 2205
More information about the samba