[Samba] Samba LDAP and add machine script problems
Keith Robertson
keithro at gmail.com
Thu Jan 20 21:26:39 GMT 2005
I'm trying to integrate Openldap with Samba version 3.0.10. I have populated
my LDAP server via smbldap-populate.pl and I've gotten PAM to recognize LDAP
as an authentication mechanism. Thus, I can add a user with smbldap-useradd.pl
and su to that user.
The problem I am having is when I attempt to add a computer from MS Windoze XP.
When I attempt to join my domain XP prompts me for a user ID and password. If I
enter a user ID of "root" with either my box's actual root password or the
password for the LDAP user "uid=Administrator,ou=Users,dc=somedomain,dc=org"
I get the following: "unknown user or bad password". I suppose this
makes sense
because there are only two users in ou=Users (Administrator and nobody) neither
of which is "root". Alternatively, if I attempt to join the domain
with a user ID
of "Administrator" I get "Access is denied".
So, my question is do I need to create a LDAP user in ou=Users with a user ID of
"root". If so how should I do this and wouldn't it conflict with the root
UID in /etc/passwd? I've been trying to follow the directions in "By Example"
-> "Making Users Happy" but it seems to be a little sketchy on this topic.
I can provide logs on request.
Here is my smb.conf:
# Global parameters
[global]
workgroup = PEANUTS
server string = Snoopy Samba Server
log level = 5
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %U.bat
#logon path =
#logon home =
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
#username map = /etc/samba/smbusers
# LDAP Related
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=somedomain,dc=org
ldap suffix = dc=somedomain,dc=org
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap,dc=somedomain,dc=org
# Avoid the risk of UID/GID inconsistencies across systems
# by having a common LDAP backend.
idmap backend = ldap:ldap://127.0.0.1
# These should match the values specified in smbldap_conf.pm
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes
#ldap ssl = start_tls
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl
-m '%u' '%g'
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl
-g '%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
security = user
template shell = /bin/false
winbind use default domain = no
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
root preexec = /var/lib/samba/netlogon/logon.pl %U %I
[common]
comment = Common material
path = /home/common
force group = common
read only = No
create mask = 0774
directory mask = 0775
browseable = No
More information about the samba
mailing list