[Samba] Samba3 & LDAP Can't join domain with Win2k Pro
Nicko
nicko at free.fr
Thu Oct 23 19:12:15 GMT 2003
Bonjour,
> use pdbedit -a username to add samba attribute to the user ( the user
> must exist in the backend - ldap for me ).
smbldap-useradd.pl is not supposed to do that for me ?
> Have a look at http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
I read it a lot of time, but it's a bit confused... This how-to don't start
from nothing (like i do) and i'd never used Samba before so ...
> In the [SAMBA_3_0] and [HEAD] only a few basic entries are required:
[snip]
> The root/administrator (uidNumber=0) SHOULD be present in the NT's
> Admins group (rid=512).
> """
I removed all normal / test users from LDAP and /etc/passwd
I created Administrator Account with :
smbldap-useradd.pl -a Administrator
I change password for Administrator (different from root password) with:
smbldap-passwd.pl Administrator
I changed uid for Administrator with :
smbldap-usermod.pl Administrator -u 0
I put Administrator in "Domain Admins" Group (Domains Admin has gid = 512) :
smbldap-groupmod.pl -m Administrator "Domain Admins"
I can open a session with Administrator account on my linux box.
I tried to join Samba Domain with a Windows 2000 Server :
with Administrator : unknown user or bad password
with root : unknown user or bad password
I created Administrator account in /etc/passwd with WebMin (Users & Groups
Module).
I tried again to join Domain :
with Administrator : unknown user or bad password
I created root account in LDAP with smbldap-useradd.pl and put it in Domain
Admins Group
I tried again to join Domain :
with Administrator : unknown user or bad password
with root : unknown user or bad password
Btw i'll try with pdbedit later (but at this time pdbedit -L show me
Administrator and root so...)
Any log that i could check ?
Any info ?
Nobody here installed Samba 3 + LDAP on a fresh Linux Box ?
Thanks
Nicko
My LDAP Schema :
[root at ostri sbin]# ldapsearch -x -b 'dc=ERIOS,dc=FR' '(objectclass=*)'
version: 2
#
# filter: (objectclass=*)
# requesting: ALL
#
# ERIOS, FR
dn: dc=ERIOS,dc=FR
objectClass: dcObject
objectClass: organization
dc: ERIOS
o: ERIOS
# Users, ERIOS, FR
dn: ou=Users,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Users
# Groups, ERIOS, FR
dn: ou=Groups,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Groups
# Computers, ERIOS, FR
dn: ou=Computers,dc=ERIOS,dc=FR
objectClass: organizationalUnit
ou: Computers
# Domain Admins, Groups, ERIOS, FR
dn: cn=Domain Admins,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
memberUid: root
description: Netbios Domain Administrators (need smb.conf configuration)
# Domain Users, Groups, ERIOS, FR
dn: cn=Domain Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users (not implemented yet)
memberUid: Administrator
memberUid: root
# Domain Guests, Groups, ERIOS, FR
dn: cn=Domain Guests,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users (not implemented yet)
# Administrators, Groups, ERIOS, FR
dn: cn=Administrators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName (not implemented yet)
memberUid: Administrator
# Users, Groups, ERIOS, FR
dn: cn=Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 545
cn: Users
description: Netbios Domain Ordinary users (not implemented yet)
# Guests, Groups, ERIOS, FR
dn: cn=Guests,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 546
cn: Guests
memberUid: nobody
description: Netbios Domain Users granted guest access to the
computer/sambaDo
mainName (not implemented yet)
# Power Users, Groups, ERIOS, FR
dn: cn=Power Users,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers (not
im
plemented yet)
# Account Operators, Groups, ERIOS, FR
dn: cn=Account Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts (not
implemente
d yet)
# Server Operators, Groups, ERIOS, FR
dn: cn=Server Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 549
cn: Server Operators
description: Netbios Domain Server Operators (need smb.conf configuration)
# Print Operators, Groups, ERIOS, FR
dn: cn=Print Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators (need smb.conf configuration)
# Backup Operators, Groups, ERIOS, FR
dn: cn=Backup Operators,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
(not implemented yet)
# Replicator, Groups, ERIOS, FR
dn: cn=Replicator,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 552
cn: Replicator
description: Netbios Domain Supports file replication in a sambaDomainName
(no
t implemented yet)
# Domain Computers, Groups, ERIOS, FR
dn: cn=Domain Computers,ou=Groups,dc=ERIOS,dc=FR
objectClass: posixGroup
gidNumber: 553
cn: Domain Computers
description: Netbios Domain Computers accounts
# ERIOS-NT, ERIOS, FR
dn: sambaDomainName=ERIOS-NT,dc=ERIOS,dc=FR
sambaDomainName: ERIOS-NT
sambaSID: S-1-5-21-1048156053-414258101-3478167740
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
# Administrator, Users, ERIOS, FR
dn: uid=Administrator,ou=Users,dc=ERIOS,dc=FR
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSAMAccount
cn: Administrator
sn: Administrator
uid: Administrator
uidNumber: 1000
gidNumber: 513
homeDirectory: /home//Administrator
loginShell: /bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-1048156053-414258101-3478167740-3000
sambaPrimaryGroupSID: S-1-5-21-1048156053-414258101-3478167740-2027
sambaHomeDrive: H:
sambaHomePath: \\ERIOS-PDC\homes
sambaProfilePath: \\ERIOS-PDC\profiles\Administrator
sambaLogonScript: Administrator.cmd
sambaLMPassword: C7E65E1008C34E6AAAD3B435B51404EE
sambaNTPassword: F0D2FA9C08D26A9C148EB11C65AE93B1
sambaPwdLastSet: 1066935343
userPassword:: e1NTSEF9YkVIdEFQT280ZGd6blJkdjI4UVVha21FZXB5Qi83cjQ=
# root, Users, ERIOS, FR
dn: uid=root,ou=Users,dc=ERIOS,dc=FR
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSAMAccount
cn: root
sn: root
uid: root
uidNumber: 1001
gidNumber: 513
homeDirectory: /home//root
loginShell: /bin/bash
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-1048156053-414258101-3478167740-3002
sambaPrimaryGroupSID: S-1-5-21-1048156053-414258101-3478167740-2027
sambaHomeDrive: H:
sambaHomePath: \\ERIOS-PDC\homes
sambaProfilePath: \\ERIOS-PDC\profiles\root
sambaLogonScript: root.cmd
sambaLMPassword: A59E8392548F4F4B7584248B8D2C9F9E
sambaNTPassword: 4F1A990DE86FC87C1972F99C71E0A261
sambaPwdLastSet: 1066935953
userPassword:: e1NTSEF9TDBGRHlTdkhJQno2eEVvZnVPNXcyNUovWkxta2YwYTU=
# search result
search: 2
result: 0 Success
More information about the samba
mailing list