[Samba] Re: Re: Re: Trying to configure a SAMBA 3 PDC with OpenLDAP

John H Terpstra jht at samba.org
Mon Jan 12 22:16:34 GMT 2004


Curtis,

I recommend that you place all machine accounts in the People container.
At this time Samba does not correctly search the Computers container.

- John T.

On Mon, 12 Jan 2004, Curtis Grote wrote:

> On Mon, 12 Jan 2004 12:32:58 -0500, Sundaram Ramasamy wrote:
>
> > Vegeta,
> >
> > I had problem while adding windows 2000 machine to domain with
> > ou=Computer. As per John advice I moved computer account to ou=People
> > tree after that I was able to join 2000 machine to domain.
> >
> > My configuration:
> > SuSE 8.2
> > samba-3.0.2pre1-1 ( with ldapsam)
> > smbtools for account management.
> >
> >
> > Do you have any 2000 cline in your configuration?, if so can you  post
> > your smb.conf file
> >
> > I would like to store computer account in a separate tree
> >
> > Thanks
> > SR
> >
> >
> > ----- Original Message -----
> > From: "Vegeta" <lord.vegeta at ica.luz.ve> To: <samba at lists.samba.org>
> > Sent: Monday, January 12, 2004 11:27 AM Subject: [Samba] Re: Re: Trying
> > to configure a SAMBA 3 PDC with OpenLDAP
> >
> >
> >> Sundaram Ramasamy wrote:
> >>
> >> >> On Sun, 11 Jan 2004 15:01:27 -0400
> >> >> Vegeta <lord.vegeta at ica.luz.ve> wrote:
> >> >>
> >> >>> I found in an older post in the list that there is a bug in Samba
> >> >>> 3. It says that Samba 3 does not search in the ou=Computers
> >> >>> (ou=Computadoras in
> >> >>> my case) so one has to put the machines in the ou=People
> >> >>> (ou=Personas
> > in
> >> >>> my
> >> >>> case) section of the LDAP server.
> >> >>> I did that and smbpasswd -a -m worked.
> >> >>>
> >> >>> Does somebody know when/if this bug will be fixed?
> >> >>
> >> >> Any links? I've used (store ws on ou=computer) without problem.
> >> >>
> >> >>
> >> > What samab version your using 3.0.0 or 3.0.1
> >>
> >> I am using 3.0.1
> >>
> >>
> >> --
> >> Fuera Chávez
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  http://lists.samba.org/mailman/listinfo/samba
> >>
> Sundaram,
> I am using SuSE 8.2 and Samba 3.0.2pre1. I just re-populated  using
> smbladp-populate and tried to
> add a machine account (under 'computers'). The machine account is added
> OK, but the subsequent lookup is still searching under 'People'.  The
> machine account add function does not, however add a 'sambaSamAccount
> entry, even though my machine account script line includes a '-a'.  I
> would also like to use 'computers' as this seems to be a lot cleaner way
> to seperate entities, but I too would like some idea as to how close this
> is to being fixed. The other angle I would like to pursue is if we are
> experiencing some problems because of some distribution unique
> configuration. Did you have to perform a 'perl -MCPAN -e 'install
> Bunle::Net::LDAP' in order to get the smbldap-tools to work? I am
> wondering if that what is causing me to experience some problems which
> others do not seem to have.
> Here are some pertinent lines from my smb.conf:
>
> passdb backend = ldapsam:ldap://kemosabe.pmmc.com
> ldap admin dn="cn=admin,dc=pmmc,dc=com"
> ldap ssl = off
> ldap delete dn = no
> ldap passwd sync = yes
> ldap suffix = dc=pmmc,dc=com
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
> ldap idmap suffix = dc=pmmc,dc=com
>
> passwd program = /home/sambaldap/smbldap-passwd.pl '%u'
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
>
> add user script = /home/sambaldap/smbldap-useradd.pl -a -F \\%L\profiles\%u %u
> delete user script = /home/sambaldap/smbldap-userdel.pl '%u'
> add group script = /home/sambaldap/smbldap-groupadd.pl '%g'
> delete group script = /home/sambaldap/smbldap-groupdel.pl '%g'
> add user to group script = /home/sambaldap/smbldap-groupmod.pl -m '%u' '%g'
> delete user from group script = /home/sambaldap/smbldap-groupmod.pl -x '%u' '%g'
> set primary group script = /home/sambaldap/smbldap-usermod.pl -g '%g' '%u'
> add machine script = /home/sambaldap/smbldap-useradd.pl -a -w -d /dev/null -g 553 -c 'Machine Account' -s /bin/false %m
>
> Curtis Grote
> Memorial Hospital
>
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list