[Samba] add machine script wont add Posix account

Stéphane Purnelle stephane.purnelle at tiscali.be
Wed Apr 14 17:42:40 GMT 2004


Hi,

I repeat that I have the same problem.
I found a connex problem :

If a computer is added succesfully, the next SambaSID isn't correctly 
computed, because
the uidNumber is not changed.

Why, because samba has converted the posixAccount to account schema.
And the account schema don't have uid attribute..



Samba 3.0.2a
OpenLDAP 2.1.25
RedHat 8.0

Other information, I analysed the log file when I try to add on-fly a 
computer,
The script is correcly executed, but samba try to add a new entry, but 
he must add sambaSamAccount only.

I ask the question, why samba try to add a account (created by the 
smbldap-useradd) ?

I anyone have some information or help me



	Stéphane






Stagiair a écrit :

> He Guys,
>
> When we add a client pc (win2k) to our domain everything goes well 
> except that the add machine script wont run.
> A computer will be created within the lDAP directory but not with the 
> add machine script.
> The following is our situation.
>
> Fedora Core1
> |-samba-3.0.2-7.FC1
> |-openldap-2.1.22-8
>
> smb.conf
> --------------
> # Global parameters
> [global]
>        workgroup = T3E
>        server string = domeinserver
>        bind interfaces only = Yes
>        passwd program = /usr/sbin/smbldap-passwd.pl %u
>        passwd chat = *new*password* %n *new*password* %n *successfully*
>        passwd chat debug = Yes
>        passdb backend = ldapsam:ldap://localhost
>        #unix password sync = Yes
>        log level = 2
>        log file = /var/log/samba/samba.log.%m
>        time server = Yes
>        socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>        add user script = /usr/sbin/smbldap-useradd.pl -a -m %u
>        add machine script = /usr/sbin/smbldap-useradd.pl -w %u
>        delete user script = /usr/sbin/smbldap-userdel.pl -r %u
>        add group script = /usr/sbin/smbldap-groupadd.pl %g
>        delete group script = /usr/sbin/smbldap-groupdel.pl %g
>        add user to group script = /usr/sbin/smbldap-usermod.pl -G %g %u
>        domain logons = Yes
>        os level = 34
>        preferred master = Yes
>        domain master = Yes
>        wins support = Yes
>        ldap suffix = o=T3E,c=nl
>        ldap admin dn = cn=Manager,o=T3E,c=nl
>        ldap group suffix = ou=groups
>        ldap machine suffix = ou=computers
>        ldap user suffix = ou=people
>        ldap ssl = no
>        admin users = root
>        hide unreadable = Yes
>        logon path = \\%N\%U\.winprofile
>        logon script = netwerk.bat
>        encrypt passwords = Yes
>        username map = /etc/samba/smbusers
> --------------
> As you see we use the smbldap-tools to execute when a client logins to 
> the domain.
> After login the following entry will be made in LDAP:
>
> uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
> --------------
> dn: uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
> uid: tmc-ontwikkelpc$
> sambaSID: S-1-5-21-1973588340-308753574-2243378783-3006
> sambaPrimaryGroupSID: S-1-5-21-1973588340-308753574-2243378783-3007
> objectClass: sambaSamAccount
> objectClass: account
> displayName: TMC-ONTWIKKELPC$
> sambaPwdCanChange: 1080312437
> sambaPwdMustChange: 2147483647
> sambaLMPassword: F64C97556FCFA59023753BB150C8A535
> sambaNTPassword: E5C3C09DB2CAD5D92CBE5054CCBB7A27
> sambaPwdLastSet: 1080312437
> sambaAcctFlags: [W          ]
> --------------
>
> If we do a client add by hand (/usr/sbin/smbldap-useradd.pl -w %u) we 
> get the following entry in the LDAP dir:
>
> uid=tmc-ontwikkelpc$,ou=computers,o=T3E,c=nl
> --------------
> dn: uid=test$,ou=computers,o=T3E,c=nl
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: test$
> sn: test$
> uid: test$
> uidNumber: 1000
> gidNumber: 10012
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> --------------
>
> This is a really different schema, and this is the one that we need.
> Anyone  sees what were doing wrong?
>
>


-- 
Stéphane Purnelle <stephane.purnelle at tiscali.be>
Site Web : http://www.linuxplusvalue.be




More information about the samba mailing list