[Samba] SAMBA3 + LDAP

mallapadi niranjan niranjan.ashok at gmail.com
Sat Dec 17 07:49:14 GMT 2005 

Hi all

I have samb3 with LDAP , My query is

1. My clients are windows 2000 professional, and the clients are not able to
join the domain
but if add the computer name in /etc/passwd
ie computername$:x:110:200::/bin/false:/dev/null
and then do smbpasswd -a -m computername , the computer is able to join the
domain
but i have mentioned the add machine script in smb.conf file

2. After Joining the domain, i am unable to login as Administrator, but able
to login as root
if i give command getent passwd | grep Administrator , there is no output

3. How do i create groups , and add users to the groups, it is not taking
system groups,
when i do smbldap-populate, it adds people,group, Domain Admins, Domain
Users, etc and root, but not system groups
so how to add system groups ,

4. in have smbldap-tool 0.9 , in that there is no mkntpasswd , is it ok, or
this should be there, when i downloaded from the IDEALX website, it was not
there int the TAR.gz file.



my smb.conf file is as follows
################################################
[global]

  workgroup = testdomain.com
  server string = Samba Server
  interfaces = eth0, lo
  bind interfaces only = yes
  passdb backend = ldapsam:ldap://testdomain.com
  min passwd length = 8
  hosts allow = 192.168.129. 192.168.130. 127.
  printcap name = /etc/printcap
  load printers = yes
  cups options = raw
  log file = /var/log/samba/%m.log
  max log size = 50
  security = user
  encrypt passwords = yes
  unix password sync = Yes
  passwd program = /usr/local/sbin/smbldap-passwd -u %u
  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
  add user script = /usr/local/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  local master = no
  os level = 65
  domain master = yes
  preferred master = yes
  domain logons = yes
  logon script = %U.bat
  logon path = \\%L\Profiles\%U
  wins support = yes
  dns proxy = no
  ldap suffix = dc=msdpl,dc=com
  ldap machine suffix = ou=Computers
  ldap user suffix = ou=People
  ldap group suffix = ou=Groups

#============================ Share Definitions
==============================
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=manager,dc=msdpl,dc=com
   idmap backend = ldap:ldap://testdomain.com
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   map acl inherit = yes
   template shell = /bin/false
   winbind use default domain = no

#============================ Share Definitions
==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
    path = /home/profiles
    browseable = no


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   read only = yes
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all
files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In
this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
##############################################################################
slapcat output of my LDAP Database
#############################################################################
dn: dc=msdpl,dc=com
objectClass: dcObject
objectClass: organization
o: msdpl
dc: msdpl
structuralObjectClass: organization
entryUUID: 05229ea4-0313-102a-8c6c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=People,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 05260012-0313-102a-8c6d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Groups,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit
entryUUID: 05289b92-0313-102a-8c6e-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Computers,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Computers
structuralObjectClass: organizationalUnit
entryUUID: 052b98e2-0313-102a-8c6f-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000004#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: ou=Idmap,dc=msdpl,dc=com
objectClass: organizationalUnit
ou: Idmap
structuralObjectClass: organizationalUnit
entryUUID: 052cc0f0-0313-102a-8c70-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000005#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: uid=root,ou=People,dc=msdpl,dc=com
cn: root
sn: root
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 0
uid: root
uidNumber: 0
homeDirectory: /home/root
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaHomePath: \\medhapdc\root
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\root
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaSID: S-1-5-21-733529158-2951540498-1078206000-500
loginShell: /bin/false
gecos: Netbios Domain Administrator
structuralObjectClass: inetOrgPerson
entryUUID: 052f6cd8-0313-102a-8c71-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
sambaLMPassword: 570CE399DA1412ABAAD3B435B51404EE
sambaNTPassword: B9D2D4955B330B503CC792EB6A55BB1F
userPassword:: e01ENX00bm1LOFNwNkQwOXd0TmFlKzhKZlRRPT0=
sambaPwdMustChange: 2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaAcctFlags: [U          ]
sambaPwdCanChange: 1134804146
sambaPwdLastSet: 1134804146
entryCSN: 20051217072226Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072226Z

dn: uid=nobody,ou=People,dc=msdpl,dc=com
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
gidNumber: 514
uid: nobody
uidNumber: 999
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\medhapdc\nobody
sambaHomeDrive: X:
sambaProfilePath: \\%L\profiles\nobody
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
sambaAcctFlags: [NUD        ]
sambaSID: S-1-5-21-733529158-2951540498-1078206000-2998
loginShell: /bin/false
structuralObjectClass: inetOrgPerson
entryUUID: 0536d040-0313-102a-8c72-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000007#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Admins,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: root
description: Netbios Domain Administrators
sambaSID: S-1-5-21-733529158-2951540498-1078206000-512
sambaGroupType: 2
displayName: Domain Admins
structuralObjectClass: posixGroup
entryUUID: 05396d64-0313-102a-8c73-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000008#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Users,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaGroupType: 2
displayName: Domain Users
structuralObjectClass: posixGroup
entryUUID: 053c775c-0313-102a-8c74-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
memberUid: nir
memberUid: administrator
memberUid: test
entryCSN: 20051217065939Z#000003#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217065939Z

dn: cn=Domain Guests,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-733529158-2951540498-1078206000-514
sambaGroupType: 2
displayName: Domain Guests
structuralObjectClass: posixGroup
entryUUID: 053ec534-0313-102a-8c75-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000a#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Domain Computers,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-733529158-2951540498-1078206000-515
sambaGroupType: 2
displayName: Domain Computers
structuralObjectClass: posixGroup
entryUUID: 05416aa0-0313-102a-8c76-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000b#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Administrators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
 ainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
structuralObjectClass: posixGroup
entryUUID: 0545b024-0313-102a-8c77-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000c#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Account Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
structuralObjectClass: posixGroup
entryUUID: 054771a2-0313-102a-8c78-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000d#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Print Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
structuralObjectClass: posixGroup
entryUUID: 0549871c-0313-102a-8c79-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000e#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Backup Operators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up
files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
structuralObjectClass: posixGroup
entryUUID: 054bf2b8-0313-102a-8c7a-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#00000f#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: cn=Replicators,ou=Groups,dc=msdpl,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
structuralObjectClass: posixGroup
entryUUID: 054d366e-0313-102a-8c7b-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
entryCSN: 20051217063512Z#000010#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217063512Z

dn: sambaDomainName=testdomain.com,dc=msdpl,dc=com
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: testdomain.com
sambaSID: S-1-5-21-733529158-2951540498-1078206000
gidNumber: 1000
structuralObjectClass: sambaDomain
entryUUID: 054e7f7e-0313-102a-8c7c-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217063512Z
uidNumber: 1005
entryCSN: 20051217070029Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070029Z

dn: uid=nir,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: nir
sn: nir
uid: nir
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/nir
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: bff5d9d0-0313-102a-8c7d-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217064025Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3000
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\nir
sambaHomePath: \\medhapdc\nir
sambaHomeDrive: X:
sambaLMPassword: D2FEEB4DBDDFD0B3AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 8595B41B79E65B25B9A79DDFB96616F5
sambaPwdLastSet: 1134801635
sambaPwdMustChange: 1136097635
userPassword:: e01ENX10TURlbUFQUVh1QUhObUFwMHFmUFlnPT0=
entryCSN: 20051217064035Z#000002#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217064035Z

dn: uid=test,ou=People,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: test
sn: test
uid: test
uidNumber: 1003
gidNumber: 513
homeDirectory: /home/test
loginShell: /bin/bash
gecos: System User
description: System User
structuralObjectClass: inetOrgPerson
entryUUID: 6f6edfc2-0316-102a-8c80-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217065939Z
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
displayName: System User
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3006
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\test
sambaHomePath: \\medhapdc\test
sambaHomeDrive: X:
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
sambaPwdCanChange: 1134802809
sambaPwdMustChange: 2147483647
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaPwdLastSet: 1134802809
sambaAcctFlags: [U          ]
entryCSN: 20051217070009Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217070009Z

dn: uid=testing$,ou=Computers,dc=msdpl,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: testing$
sn: testing$
uid: testing$
uidNumber: 1004
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
structuralObjectClass: inetOrgPerson
entryUUID: 8d5fede6-0316-102a-8c81-af84211c8b74
creatorsName: cn=manager,dc=msdpl,dc=com
createTimestamp: 20051217070029Z
sambaSID: S-1-5-21-733529158-2951540498-1078206000-3362
sambaPrimaryGroupSID: S-1-5-21-733529158-2951540498-1078206000-3365
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W          ]
sambaPwdCanChange: 1134804365
sambaNTPassword: EC1097FD6D0B4969885C587BAE1E0AA7
sambaPwdLastSet: 1134804365
entryCSN: 20051217072605Z#000001#00#000000
modifiersName: cn=manager,dc=msdpl,dc=com
modifyTimestamp: 20051217072605Z
#######################################################################################


Regards
Niranjan

More information about the samba mailing list