[Samba] Re: Help with user/domain Management fm Windows side

Jim C. jcllings at gmail.com
Mon Jun 6 17:40:03 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> if you don't want to bother researching what version of smbldap-tools
...
> anyone to say is there?

Actually this was a problem but not my fault.

Because of the infamous "rpm hell" and various changes in Samba and
smbldap-tools (i.e. the underlying perl libraries were a problem ) I was
unable to upgrade without upgrading my entire OS.  I had to wait until I
had a suitably large block of time available for this project.

OK, so I've finally been able to do this and I've still got the same old
trouble. I have to say that I am not sure of the perms on the
smbldap-tools.  They don't look like they did in previous releases.  As
I recall some of them belonged to to the adm group. At the same time, I
can't think of a reason why this setup wouldn't work with "other" set to
r--x.

So, anyway the new stuff is:

[root at enigma samba]# rpm -qa | grep samba; rpm -qa | grep smbldap-tools-0
samba-winbind-3.0.14a-2mdk
samba-server-3.0.14a-2mdk
samba-client-3.0.14a-2mdk
samba-swat-3.0.14a-2mdk
samba-smbldap-tools-3.0.14a-2mdk
samba-vscan-clamav-3.0.14a-2mdk
samba-common-3.0.14a-2mdk
samba-doc-3.0.14a-2mdk
smbldap-tools-0.8.7-5mdk


[root at enigma samba]# testparm | grep smbldap
Load smb config files from /etc/samba/smb.conf
Processing section "[apps]"
.
.
.
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

        add user script = /usr/sbin/smbldap-useradd -m '%u'
        delete user script = /usr/sbin/smbldap-userdel '%u'
        add group script = /usr/sbin/smbldap-groupadd '%g' &&
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'
        delete group script = /usr/sbin/smbldap-groupdel '%g'
        add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
        delete user from group script = /usr/sbin/smbldap-groupmod -x
'%u' '%g'
        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
        add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null
- -c 'Machine Account' -s /bin/false '%u'

Perms for these scripts are:

[root at enigma samba]# ls -l /usr/sbin/smbldap-useradd
/usr/sbin/smbldap-userdel /usr/sbin/smbldap-groupadd
/usr/sbin/smbldap-groupshow /usr/sbin/smbldap-groupdel
/usr/sbin/smbldap-groupmod /usr/sbin/smbldap-groupmod
/usr/sbin/smbldap-usermod /usr/sbin/smbldap-useradd
- -rwxr-xr-x  1 root root  5379 Feb 17 01:21 /usr/sbin/smbldap-groupadd*
- -rwxr-xr-x  1 root root  2473 Feb 17 01:21 /usr/sbin/smbldap-groupdel*
- -rwxr-xr-x  1 root root  8550 Feb 17 01:21 /usr/sbin/smbldap-groupmod*
- -rwxr-xr-x  1 root root  8550 Feb 17 01:21 /usr/sbin/smbldap-groupmod*
- -rwxr-xr-x  1 root root  2009 Feb 17 01:21 /usr/sbin/smbldap-groupshow*
- -rwxr-xr-x  1 root root 17900 Feb 17 01:21 /usr/sbin/smbldap-useradd*
- -rwxr-xr-x  1 root root 17900 Feb 17 01:21 /usr/sbin/smbldap-useradd*
- -rwxr-xr-x  1 root root  3244 Feb 17 01:21 /usr/sbin/smbldap-userdel*
- -rwxr-xr-x  1 root root 18928 Feb 17 01:21 /usr/sbin/smbldap-usermod*


Other things I need verified:

Do I have the right client?  I'm using Windows XP and the Active
Directory snap in for users and groups does not seem to be available.
My supposition is that it is a for-pay item. Consequently, I downloaded
the one from NT and that hasn't been working for me either. Anybody got
a clue for me here?


Jim C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCpIpzB4AhF6wVFMERAqBuAJ98g94y4GNFRmYD9MzNY73N5uUM7gCeJ/nF
MtCd6MLvm4sFtraFiEJbd6E=
=BOq/
-----END PGP SIGNATURE-----

More information about the samba mailing list