[Samba] We need help with a bug....smbldap-installer script (long)
dtrask at vcs.u52.k12.me.us
Mon Feb 7 01:42:38 GMT 2005
First of all....if you haven't heard of the smbldap-installer
script....allow me to introduce it to you. Here's the latest announcement
that Matt Oquist posted to the K12OS list (Matt and I are working on this
together....he's the scripter and I'm the tester/documenter) First the
announcement and then read on below to see what we need help with....and
some questions I have.....
Version 1.2-beta of the smbldap-installer script is available at
This version has been updated to include "shell" and "home" fields in
the input to smbldap-useradd bulk. This means that you can use
userinfo.start and 'make' to create users just as you could
previously, but if you wish you can also manipulate the input for
For example, you could use create-usernames to create your usernames,
and then use a spreadsheet (or whatever else) to add customized home
directories and/or shells. Then you could give that input to
smbldap-useradd-bulk to create your users on the system.
Both create-usernames and smbldap-useradd-bulk have inline
$ create-usernames --help
$ smbldap-useradd-bulk --help
And, as always, you can look in the Makefile to see how it's using the
This is a beta version because:
1. the roving profiles problem we've been discussing is not solved
2. the included Samba-LDAP_smbldap-installer document is not updated
to reflect the changes to smbldap-useradd-bulk
3. it has not undergone full testing
Please let me know if these changes are the "right changes", and of
course let me know about all the bugs you find. :)
Ok....now for the issues we know about. First, the script right now is
written to only work with Fedora Core 3 or K12LTSP 4.2 (we had to start
somewhere...if you'd like to alter or repackage for another
distro....PLEASE do and share with us). Now....everything works in my
test environment and in others...we can add users....Linux users can
authenticate....Windows users can authenticate.....we can join Windows
machines to the domain...BUT we're haveing a problem with roaming
profiles. The login goes fine so we know the authentication takes
place....but then Windows gives an error that it doesn't have permission
to access the profiles directory and as a result is using a TEMP directory
which will (and indeed does) disappear once the user logs off. We could
use some help finding out why this is happening. (We'd like to have it
fixed in time for Linux World in Boston next week) We are using the
latest version of smbldap-tools in this script (0.86 I believe)
Now for some questions....
There appear to be some issues with the Administrator user this time
around (I have a perfectly working Samba/LDAP server in production at my
school running version 0.84 of smbldap-tools and version 3.0.7-2 of Samba)
and I noticed that John T. had mentioned that smbldap-populate should be
run differently (See below)
Get rid of the "Administrator" account. Use the "root" account instead.
have ambiguous names that can NOT unambiguously resolve to one identity.
ie: Is uid=0 root or is it Administrator?
Does uid=0 map to the Administrator SID or to some other SID?
net rpc join -S 'PDC_Name' -Uroot%secret
PS: It is best to populate your LDAP directory using:
"smbldap-populate -a root", not just the default which creates an
- John T.
If I do it this way do I join machines to the domain using "root" as
opposed to administrator? And when I run smbpasswd -w secretpassword
will that set it for "root"?
Secondly....I noticed this....
when I run getent passwd on my current functioning Samba/LDAP
server (production box...pre smbldap-installer) I get ...
Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false
Where as on a machine I just set up with smbldap-installer....I get...
Note the difference in "home". Are you guys seeing this? I'm having
issue running programs like gedit as it wants to write to
/home/Administrator, but it isn't there. I wonder if this is
Anyway...I could really use some help trying to debug this
situation....not only for me, but for all of us. Plus I'm supposed to be
teaching a class about it in 2 weeks....(hence the panicking)....I tested
everything except roaming profiles and never would have even thought to
check if it hadn't been for Jim K. I have a functioning Samba/LDAP server
already thus I hadn't needed to try it, but I do need to fix this as I run
Windows roaming profiles and will need it to work when I upgrade this
summer. Arrrgghhh! Any help gratefully appreciated....If you go to
Linux World I'll buy you a beer. :-)
David N. Trask
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
More information about the samba