[Samba] We need help with a bug....smbldap-installer script (long)
Steve Simeonidis
SSimeonidis at computerpower.edu.au
Mon Feb 7 01:59:52 GMT 2005
Can you send a copy of your smb.conf file?
Have you checked the permissions on the "profiles" directory you've created?
If I'm not mistaken the directory permissions should be 1777.
What is "net groupmap list" reporting?
Thanks
-----Original Message-----
From: samba-bounces+ssimeonidis=computerpower.edu.au at lists.samba.org [mailto:samba-bounces+ssimeonidis=computerpower.edu.au at lists.samba.org] On Behalf Of David Trask
Sent: Monday, 7 February 2005 12:43 PM
To: samba at lists.samba.org
Subject: [Samba] We need help with a bug....smbldap-installer script (long)
Hi all!
First of all....if you haven't heard of the smbldap-installer script....allow me to introduce it to you. Here's the latest announcement that Matt Oquist posted to the K12OS list (Matt and I are working on this together....he's the scripter and I'm the tester/documenter) First the announcement and then read on below to see what we need help with....and some questions I have.....
######################
Version 1.2-beta of the smbldap-installer script is available at http://majen.net/smbldap-installer-1.2-beta.tgz
This version has been updated to include "shell" and "home" fields in the input to smbldap-useradd bulk. This means that you can use userinfo.start and 'make' to create users just as you could previously, but if you wish you can also manipulate the input for smbldap-useradd-bulk yourself.
For example, you could use create-usernames to create your usernames, and then use a spreadsheet (or whatever else) to add customized home directories and/or shells. Then you could give that input to smbldap-useradd-bulk to create your users on the system.
Both create-usernames and smbldap-useradd-bulk have inline
documentation:
$ create-usernames --help
$ smbldap-useradd-bulk --help
And, as always, you can look in the Makefile to see how it's using the two scripts.
This is a beta version because:
1. the roving profiles problem we've been discussing is not solved 2. the included Samba-LDAP_smbldap-installer document is not updated
to reflect the changes to smbldap-useradd-bulk
3. it has not undergone full testing
Please let me know if these changes are the "right changes", and of course let me know about all the bugs you find. :)
--matt
#####################
Ok....now for the issues we know about. First, the script right now is written to only work with Fedora Core 3 or K12LTSP 4.2 (we had to start somewhere...if you'd like to alter or repackage for another distro....PLEASE do and share with us). Now....everything works in my test environment and in others...we can add users....Linux users can authenticate....Windows users can authenticate.....we can join Windows machines to the domain...BUT we're haveing a problem with roaming profiles. The login goes fine so we know the authentication takes place....but then Windows gives an error that it doesn't have permission to access the profiles directory and as a result is using a TEMP directory which will (and indeed does) disappear once the user logs off. We could use some help finding out why this is happening. (We'd like to have it fixed in time for Linux World in Boston next week) We are using the latest version of smbldap-tools in this script (0.86 I believe)
Now for some questions....
There appear to be some issues with the Administrator user this time around (I have a perfectly working Samba/LDAP server in production at my school running version 0.84 of smbldap-tools and version 3.0.7-2 of Samba) and I noticed that John T. had mentioned that smbldap-populate should be run differently (See below) ################# Get rid of the "Administrator" account. Use the "root" account instead. You
have ambiguous names that can NOT unambiguously resolve to one identity.
ie: Is uid=0 root or is it Administrator?
Does uid=0 map to the Administrator SID or to some other SID?
Also, use:
net rpc join -S 'PDC_Name' -Uroot%secret
PS: It is best to populate your LDAP directory using:
"smbldap-populate -a root", not just the default which creates an
"Administrator" account.
- John T.
################
If I do it this way do I join machines to the domain using "root" as opposed to administrator? And when I run smbpasswd -w secretpassword
will that set it for "root"?
Secondly....I noticed this....
when I run getent passwd on my current functioning Samba/LDAP
server (production box...pre smbldap-installer) I get ...
Administrator:x:0:512:Netbios Domain Administrator:/home/:/bin/false
Where as on a machine I just set up with smbldap-installer....I get...
Administrator:x:0:512:Netbios Domain Administrator:/home/Administrator:/bin/false
Note the difference in "home". Are you guys seeing this? I'm having issue running programs like gedit as it wants to write to
/home/Administrator, but it isn't there. I wonder if this is
contributing?
Anyway...I could really use some help trying to debug this situation....not only for me, but for all of us. Plus I'm supposed to be teaching a class about it in 2 weeks....(hence the panicking)....I tested everything except roaming profiles and never would have even thought to check if it hadn't been for Jim K. I have a functioning Samba/LDAP server already thus I hadn't needed to try it, but I do need to fix this as I run Windows roaming profiles and will need it to work when I upgrade this
summer. Arrrgghhh! Any help gratefully appreciated....If you go to
Linux World I'll buy you a beer. :-)
David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
(207)923-3100
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list