[Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines a
problem
Dan
samba at the-rusty-nail.com
Fri Feb 10 19:20:09 GMT 2006
I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b
to try and fix a browse issue with Windows 2003 Server and linux samba
servers. The browse issue was fixed, but now I am having problems
adding machines to the network. I run slackware 10.0 linux with an
openldap backend which has worked fine until now. I also upgraded the
samba tools from idealx.org to the latest version. First when I went to
add a machine it would bomb out and when I would check the ldap
directory I noticed it had the posix machine info but not the samba
machine info. To add the machine I am using the command
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
in my smb.conf as specified in the example. I then looked at the
smbldap-useradd script and realized that the add_samba_machine call from
the tools.pm file was never getting called anywhere in the scripts so
maybe this is incorrect but I added the following to the smbldap-useradd
script:
if (defined($Options{'w'})) {
if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
die "$0: error while adding samba account\n";
}
}
right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print "About to create machine $userName:\n";
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die "$0: error while adding posix account\n";
}
so that the rest of the ldap info was getting filled in. It still would
bomb out on me with the error "The user name could not be found" but it
did make a difference. Leaving the new ldap entry alone I would then
try and add the machine again and it would work so I am not sure what is
wrong. I checked the machine entry in ldap before and after and nothing
much seems to have changed. I checked the samba logs and the user
adding to the domain comes back as authenticated so I am at a loss as to
why it would fail the first time and not the second.
Now most likely I am doing something else wrong as I can't imagine I
should have to change the scripts but I haven't come across what it is.
Has anyone seen this behavior before?
Any help is greatly appreciated thanks.
Dan,
Below is the global section of my smb.conf:
[global]
workgroup=MYDOMAIN
netbios name=MYDOMAIN_PDC
admin users = administrator
server string = MY PDC
security = user
load printers = yes
; printcap name = /etc/printcap
; print command = lpr -r -P%p %s
; printing = lprng
; printcap name = cups
; printing = cups
; show add printer wizard = yes
log file = /var/log/samba/log.%m
max log size = 10000
ldap ssl = on
passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636
ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=users
ldap suffix = dc=home,dc=mydomain,dc=org
ldap delete dn = no
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%u' '%g'
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
idmap backend = ldap:ldaps://ldap.mydomain.org:636
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 128
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
logon script = logon.bat
encrypt passwords = yes
unix password sync = no
passwd program = /usr/local/sbin/smbldap-passwd -o %u
logon path = c:\Documents and Settings\%U
remote announce = 10.1.0.255
remote browse sync = 10.1.0.255
wins support = yes
map to guest = Never
nt acl support = true
More information about the samba
mailing list