[Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines aproblem

Daniel Northam dnortham at ffpglobal.com
Fri Feb 10 19:38:03 GMT 2006


Yes, I had a similar problem when I upgraded from 3.0.9 -> 3.0.21b.
After upgrading I could not add machines. It would find the PDC and then
prompt me for a user/password, I would enter it and I got user not found
error message. If I typed the password incorrect then I would get
Username/Password incorrect error message. My logs showed that I was
authenticating OK. So only thing I could think of is that the samba ID's
are getting mangled or something along those lines. I did not have much
time to play around with it so I downgraded back to 3.0.9 and what would
you know, it started working again. 

Anybody have a fix for this? Is this a bug? Or a depreciated argument in
the conf files that have been overlooked?

-----SNIP SMB.CONF---------

[global]

interfaces = 192.168.4.14/32
workgroup = FFPW
netbios name = PDC-SRV
server string = SAMBA-LDAP PDC SERVER
encrypt passwords = true
passdb backend = ldapsam:ldap://host.domain.tld.net/
passwd program = /usr/usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password %n\n *new*password* %n\n *successfully*
unix password sync = No
ldap suffix = dc=ffplus,dc=net
ldap machine suffix = ou=Computers,ou=Users,ou=f800
ldap user suffix = ou=Staff,ou=Users,ou=f800
ldap group suffix = ou=Groups,ou=f800
ldap admin dn = "cn=directory manager"
ldap ssl = No
ldap user suffix = ou=Staff,ou=Users,ou=f800,dc=ffplus,dc=net
log file = /var/log/samba/%m.log
log level = 2
domain logons = Yes
os level = 255
preferred master = Yes
domain master = True
wins support = Yes
nt acl support = no
logon drive = U:
logon script = %U.bat
load printers = Yes
printing = cups
printcap name = /etc/samba/printers.list
use client driver = no



admin users = @"Domain Admins"


add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g 
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u


[netlogon]

path = /netlogon
public = no
writeable = no
browsable = no
guest ok = yes


[homes]

comment = Home Directories
valid users = %S
writeable = Yes
read only = No
create mask = 755
directory mask = 0775
browseable = No

[profiles]

path = \\%L\%U\profile
read only = No
writeable = Yes
browseable = no
profile acls = Yes
guest ok = yes

[tmp]

comment = Temporary file space
path = /tmp
readonly = no
guest ok = yes

[filestor]

comment = Misc User Files/Application Data
path = /net/file_stor/
valid users = @"Domain Admins", @"Domain Users"
public = no
writeable = yes
printable = no
create mask = 0700

[backups]

comment = server backup files
path = /net/backups/
valid users = @"Domain Admins"
public = no
writeable = yes
printable = no
create mask = 0765

[applications]

comment = Storage for software applications
path = /applications/
valid users = @"XP_Power_Users", @"Domain Admins"
public = no
guest ok = no
writeable = yes
printable = no
create mask = 755

[ProfileDir]

comment = Root of all Homes for admin tasks
path = /net/users
valid users = @"Domain Admins"
public = no
writeable = yes
printable = no
create mask = 0666

[printers]

comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
printer admin = @"Domain Admins", @"XP_Power_Users"

[print$]

comment = Printer Drivers
path = /etc/samba/drivers
browsable = yes
guest ok = no
read only = yes
write list = @"Domain Admins", @"XP_Power_Users"


----END SMB.CONF----

-----Original Message-----
From: samba-bounces+dnortham=ffpglobal.com at lists.samba.org
[mailto:samba-bounces+dnortham=ffpglobal.com at lists.samba.org] On Behalf
Of Dan
Sent: Friday, February 10, 2006 11:20 AM
To: samba at lists.samba.org
Subject: [Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines
aproblem

I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b 
to try and fix a browse issue with Windows 2003 Server and linux samba 
servers.  The browse issue was fixed, but now I am having problems 
adding machines to the network.  I run slackware 10.0 linux with an 
openldap backend which has worked fine until now.  I also upgraded the 
samba tools from idealx.org to the latest version.  First when I went to

add a machine it would bomb out and when I would check the ldap 
directory I noticed it had the posix machine info but not the samba 
machine info.  To add the machine I am using the command

add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'

in my smb.conf as specified in the example.  I then looked at the 
smbldap-useradd script and realized that the add_samba_machine call from

the tools.pm file was never getting called anywhere in the scripts so 
maybe this is incorrect but I added the following to the smbldap-useradd

script:

   if (defined($Options{'w'})) {
       if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
         die "$0: error while adding samba account\n";
         }
   }

right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {

   #print "About to create machine $userName:\n";

   if (!add_posix_machine 
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
     die "$0: error while adding posix account\n";
   }

so that the rest of the ldap info was getting filled in.  It still would

bomb out on me with the error "The user name could not be found" but it 
did make a difference.  Leaving the new ldap entry alone I would then 
try and add the machine again and it would work so I am not sure what is

wrong.  I checked the machine entry in ldap before and after and nothing

much seems to have changed.  I checked the samba logs and the user 
adding to the domain comes back as authenticated so I am at a loss as to

why it would fail the first time and not the second.

Now most likely I am doing something else wrong as I can't imagine I 
should have to change the scripts but I haven't come across what it is. 
  Has anyone seen this behavior before?

Any help is greatly appreciated thanks.

Dan,

Below is the global section of my smb.conf:

[global]

    workgroup=MYDOMAIN

    netbios name=MYDOMAIN_PDC

    admin users = administrator

    server string = MY PDC

    security = user

    load printers = yes
;   printcap name = /etc/printcap
;   print command = lpr -r -P%p %s
;   printing = lprng

;   printcap name = cups

;   printing = cups

;   show add printer wizard = yes

    log file = /var/log/samba/log.%m

    max log size = 10000

    ldap ssl = on
    passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636

    ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=users
    ldap suffix = dc=home,dc=mydomain,dc=org
    ldap delete dn = no
    add user script = /usr/local/sbin/smbldap-useradd -m '%u'
    delete user script = /usr/local/sbin/smbldap-userdel %u
    add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
    delete group script = /usr/local/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' 
'%g'
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
'%u' '%g'
    set primary group script = /usr/local/sbin/smbldap-usermod -g '%u'
'%g'
    add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'


    ldap passwd sync = Yes
    idmap uid = 15000-20000
    idmap gid = 15000-20000
    idmap backend = ldap:ldaps://ldap.mydomain.org:636
    username map = /etc/samba/smbusers

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    os level = 128

    domain master = yes

    domain logons = yes

    local master = yes

    preferred master = yes

    logon script = logon.bat
    encrypt passwords = yes
    unix password sync = no
    passwd program = /usr/local/sbin/smbldap-passwd -o %u
    logon path = c:\Documents and Settings\%U

    remote announce = 10.1.0.255
    remote browse sync = 10.1.0.255
    wins support = yes
    map to guest = Never
    nt acl support = true

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list