[Samba] PDC with NSVSD/smbpasswd ok, but MySQL backend not quite
macleajb at ednet.ns.ca
Sun Feb 20 03:57:02 GMT 2005
James MacLean wrote:
> Hi Folks,
> . Using /etc/passwd, /etc/group, smbpasswd - everything in the PDC
> world seems fine.
> . Using /etc/passwd, /etc/group, MySQL backend - I can join the domain
> but get an error about not being able to find a domain controller when
> I try to login to the domain with an mysql user. Logging in as root is
> ok, but likely that is because I use both mysql and smbpasswd backends.
> . Using the new NSS http://fssos.sourceforge.net/ works ok if I use
> . Once I switch to NSVS(NSS) and MySQL, I can not log any new users
> in, but, if I log in as user who originally got in by being in
> smbpasswd but has since been deleted from smbpasswd, I can continue to
> login successfully if they exist in the MySQL.
> . net rpc group info <smbpasswd user> gives all group info from
> . net rpc group info <mysql only user> shows none of the groups they
> belong to regardless of there existance in /etc/passwd
> Long story short... I can only get a new user logged into a PC via the
> domain for their first time if they have an entry in smbpasswd. After
> that, being in the MySQL backend appears to be enough.
> I can pass along configs if needed, but since it works accept for the
> mysql change I didn't want to confuse the problem. I don't see the
> NSS/NSVS being any influence, but wanted to show how the solution was
> meant to fit together :).
> Is this a known limitation in the MySQL backend or more likely, am I
> setting something up incorrectly?
I am getting there :). I now have :
. The MySQL user table from examples/pdb/mysql/mysql.dump loaded from a
file of users/passwords.
. The new NSS (FSSOS-NSVS) uses it to get the UID.
. Samba uses it for the MySQL backend - no smbpasswd backend.
. Using "net rpc rights" I was able to have a non-root user used to join
a computer to a domain
. Log into the domain with users from the MySQL database.
The gotcha that was occurring above was that the SIDs I had been
importing were not constructed from this Samba's local SID :
I then in haste had the wrong domain in the domain field, so one has to
remember that :).
To change my localsid I did some drastic things :
1. rm /etc/samba/secrets.tdb
2. rm -f /var/lock/samba
3. mkdir /var/lock/samba
4. net setlocalsid <newsid>
5. Check they are ok with "net groupmap list"
But 'twas a new install so I did not mind.
I also added the administrator account -500 as described at the bottom
and mapped "Domain Users/Domain Admins/Domain guests/Administrators" to
local unix accounts, which I verified with "net rpc user info <someone>"
in the groups.
But I now see that the NT tool usrmgr has a problem looking that user
accounts. The users all show up, but when I try to expand any I get :
The following error occurred accessing the properties of the user <user>
The stub received bad data.
The user properties can not be viewed or edited at this time.
Any advice :)?
More information about the samba