[Samba] Samba 3.0 - LDAP create machine account fails
Kent L. Nasveschuk
kent at wareham.k12.ma.us
Mon Nov 10 15:32:24 GMT 2003
Hello,
It's me again. I'm running Samba 3.0 and LDAP 2.1.23 on a RedHat 8.0
system.
I am able to browse shares and home directories. I get a:
Logon failure: unknown username or bad password
when I try to connect a W2k machine. For Win/95/98 the system already
works. I believe it is setup OK I need to work on scripts that work with
MMC. I just want a basic connect a w2k machine right now.
Output from /usr/local/samba/bin/net groupmap list
root at 172.16.0.3's password:
Last login: Mon Nov 10 08:10:41 2003 from 172.16.1.246
[root at whs1 root]# /usr/local/samba/bin/net groupmap list
domain_users (S-1-5-21-1129281578-1295143107-3311307472-513) -> dusers
domain_guests (S-1-5-21-1129281578-1295143107-3311307472-514) -> nobody
domain_admins (S-1-5-21-1129281578-1295143107-3311307472-512) -> root
administrators (S-1-5-32-544) -> 544
users (S-1-5-21-1129281578-1295143107-3311307472-545) -> users
guests (S-1-5-21-1129281578-1295143107-3311307472-546) -> nobody
power_users (S-1-5-21-1129281578-1295143107-3311307472-547) -> 547
account_operators (S-1-5-32-548) -> 548
server_operators (S-1-5-32-549) -> sys
print_operators (S-1-5-32-550) -> lp
backup_operators (S-1-5-32-551) -> bin
replicator (S-1-5-21-1129281578-1295143107-3311307472-552) -> daemon
computers (S-1-5-21-1129281578-1295143107-3311307472-515) -> dcomputers
Enterprise Admins (S-1-5-21-1129281578-1295143107-3311307472-519) -> 519
[root at whs1 root]#
output ldap search =>cn=domain_admins
[root at whs1 root]# ldapsearch -xv -b "dc=tow,dc=net" cn=domain_admins
ldap_initialize( <DEFAULT> )
filter: cn=domain_admins
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <dc=tow,dc=net> with scope sub
# filter: cn=domain_admins
# requesting: ALL
#
# domain_admins, Groups, tow.net
dn: cn=domain_admins,ou=Groups,dc=tow,dc=net
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-512
gidNumber: 0
cn: domain_admins
memberUid: Administrator,kent
description: Netbios Domain Administrators
sambaGroupType: 2
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
smb.conf
[root at whs1 root]# cat /usr/local/samba/lib/smb.conf
# Samba config file created using SWAT
# from 172.16.1.246 (172.16.1.246)
# Date: 2003/11/04 16:29:07
# Global parameters
[global]
workgroup = WarehamPS
netbios name = WHS1
server string = RedHat 8.0 LDAP Server
passdb backend = ldapsam
passwd program = /usr/local/sbin/smbldap-passwd.pl
log file = /var/log/samba.%m
max log size = 50
time server = Yes
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUnix\spassword:* %n\n
# unix password sync = Yes
# add user script = /usr/local/sbin/smbldap-useradd.pl -w -d
/dev/null -c
'Machine Account' -s /bin/False
# delete user script = /usr/local/sbin/smbldap-userdel.pl
# add group script = /usr/local/sbin/smbldap-groupadd.pl
# delete group script = /usr/local/sbin/smbldap-groupdel.pl
add machine script = /usr/local/sbin/smbldap-useradd.pl -w -g
"domain_computer" -d /dev/null -c "Machine Account" -s /bin/false %u$
add user script = /usr/sbin/useradd -m -d /accounts/"%u" -g 500
%u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groudadd %g
add user to group script = /usr/sbin/usermod -G %g %u
# add machine script = /usr/sbin/useradd -s /bin/false -g 502 -d
/dev/null %u$
logon script = netlogon.bat
logon home = \\%L\%U
domain logons = Yes
os level = 64
domain master = Yes
dns proxy = No
ldap suffix = dc=tow,dc=net
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=admin,dc=tow,dc=net
admin users = @domain_admins
ldap ssl = no
read only = No
create mask = 02770
directory mask = 02770
[homes]
comment = Home Directories
path = %H
hide files = /.*/
browseable = No
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
read only = Yes
hide files = /.*/*.bat/*.dll/200*/
browseable = No
[profiles]
comment = Domain User Profiles
path = /accounts/profiles
read only = No
browseable = No
[staff]
comment = Staff common
path = /accounts/staff
[images]
comment = Ghost image files
path = /accounts/images
[printers]
comment = All Printers
path = /var/spool/samba
read only = Yes
printable = Yes
browseable = No
I've also added the appropriate password to secrets.tdb by:
smbpasswd -w xxxx
slapd.conf
[root at whs1 root]# cat /usr/local/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26
17:06:18 kurt Exp $
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
database ldbm
suffix "dc=tow,dc=net"
rootdn "cn=admin,dc=tow,dc=net"
rootpw {SSHA}WhTBLrgNGnKeZYgS0bT6TfIL2jKBbOnr
#password-hash {crypt}
directory /usr/local/var/openldap-data/wareham
schemacheck on
lastmod on
# Indices to maintain
index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,sn,st pres,eq,sub
#access read
I got the latest tools from www.idealx.com and adjusted the
smbldap_conf.pm for my site.
Any suggestions? I'm so close I can taste it.
--
Kent L. Nasveschuk <kent at wareham.k12.ma.us>
More information about the samba
mailing list