[Samba] Re: Re: Re: Trying to configure a SAMBA 3 PDC with OpenLDAP
cgrote at memhosp.com
Mon Jan 12 20:36:52 GMT 2004
On Mon, 12 Jan 2004 12:32:58 -0500, Sundaram Ramasamy wrote:
> I had problem while adding windows 2000 machine to domain with
> ou=Computer. As per John advice I moved computer account to ou=People
> tree after that I was able to join 2000 machine to domain.
> My configuration:
> SuSE 8.2
> samba-3.0.2pre1-1 ( with ldapsam)
> smbtools for account management.
> Do you have any 2000 cline in your configuration?, if so can you post
> your smb.conf file
> I would like to store computer account in a separate tree
> ----- Original Message -----
> From: "Vegeta" <lord.vegeta at ica.luz.ve> To: <samba at lists.samba.org>
> Sent: Monday, January 12, 2004 11:27 AM Subject: [Samba] Re: Re: Trying
> to configure a SAMBA 3 PDC with OpenLDAP
>> Sundaram Ramasamy wrote:
>> >> On Sun, 11 Jan 2004 15:01:27 -0400
>> >> Vegeta <lord.vegeta at ica.luz.ve> wrote:
>> >>> I found in an older post in the list that there is a bug in Samba
>> >>> 3. It says that Samba 3 does not search in the ou=Computers
>> >>> (ou=Computadoras in
>> >>> my case) so one has to put the machines in the ou=People
>> >>> (ou=Personas
>> >>> my
>> >>> case) section of the LDAP server.
>> >>> I did that and smbpasswd -a -m worked.
>> >>> Does somebody know when/if this bug will be fixed?
>> >> Any links? I've used (store ws on ou=computer) without problem.
>> > What samab version your using 3.0.0 or 3.0.1
>> I am using 3.0.1
>> Fuera Chávez
>> To unsubscribe from this list go to the following URL and read the
>> instructions: http://lists.samba.org/mailman/listinfo/samba
I am using SuSE 8.2 and Samba 3.0.2pre1. I just re-populated using
smbladp-populate and tried to
add a machine account (under 'computers'). The machine account is added
OK, but the subsequent lookup is still searching under 'People'. The
machine account add function does not, however add a 'sambaSamAccount
entry, even though my machine account script line includes a '-a'. I
would also like to use 'computers' as this seems to be a lot cleaner way
to seperate entities, but I too would like some idea as to how close this
is to being fixed. The other angle I would like to pursue is if we are
experiencing some problems because of some distribution unique
configuration. Did you have to perform a 'perl -MCPAN -e 'install
Bunle::Net::LDAP' in order to get the smbldap-tools to work? I am
wondering if that what is causing me to experience some problems which
others do not seem to have.
Here are some pertinent lines from my smb.conf:
passdb backend = ldapsam:ldap://kemosabe.pmmc.com
ldap admin dn="cn=admin,dc=pmmc,dc=com"
ldap ssl = off
ldap delete dn = no
ldap passwd sync = yes
ldap suffix = dc=pmmc,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap idmap suffix = dc=pmmc,dc=com
passwd program = /home/sambaldap/smbldap-passwd.pl '%u'
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
add user script = /home/sambaldap/smbldap-useradd.pl -a -F \\%L\profiles\%u %u
delete user script = /home/sambaldap/smbldap-userdel.pl '%u'
add group script = /home/sambaldap/smbldap-groupadd.pl '%g'
delete group script = /home/sambaldap/smbldap-groupdel.pl '%g'
add user to group script = /home/sambaldap/smbldap-groupmod.pl -m '%u' '%g'
delete user from group script = /home/sambaldap/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /home/sambaldap/smbldap-usermod.pl -g '%g' '%u'
add machine script = /home/sambaldap/smbldap-useradd.pl -a -w -d /dev/null -g 553 -c 'Machine Account' -s /bin/false %m
More information about the samba