[Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines
aproblem
Daniel Northam
dnortham at ffpglobal.com
Fri Feb 10 19:38:03 GMT 2006
Yes, I had a similar problem when I upgraded from 3.0.9 -> 3.0.21b.
After upgrading I could not add machines. It would find the PDC and then
prompt me for a user/password, I would enter it and I got user not found
error message. If I typed the password incorrect then I would get
Username/Password incorrect error message. My logs showed that I was
authenticating OK. So only thing I could think of is that the samba ID's
are getting mangled or something along those lines. I did not have much
time to play around with it so I downgraded back to 3.0.9 and what would
you know, it started working again.
Anybody have a fix for this? Is this a bug? Or a depreciated argument in
the conf files that have been overlooked?
-----SNIP SMB.CONF---------
[global]
interfaces = 192.168.4.14/32
workgroup = FFPW
netbios name = PDC-SRV
server string = SAMBA-LDAP PDC SERVER
encrypt passwords = true
passdb backend = ldapsam:ldap://host.domain.tld.net/
passwd program = /usr/usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password %n\n *new*password* %n\n *successfully*
unix password sync = No
ldap suffix = dc=ffplus,dc=net
ldap machine suffix = ou=Computers,ou=Users,ou=f800
ldap user suffix = ou=Staff,ou=Users,ou=f800
ldap group suffix = ou=Groups,ou=f800
ldap admin dn = "cn=directory manager"
ldap ssl = No
ldap user suffix = ou=Staff,ou=Users,ou=f800,dc=ffplus,dc=net
log file = /var/log/samba/%m.log
log level = 2
domain logons = Yes
os level = 255
preferred master = Yes
domain master = True
wins support = Yes
nt acl support = no
logon drive = U:
logon script = %U.bat
load printers = Yes
printing = cups
printcap name = /etc/samba/printers.list
use client driver = no
admin users = @"Domain Admins"
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
[netlogon]
path = /netlogon
public = no
writeable = no
browsable = no
guest ok = yes
[homes]
comment = Home Directories
valid users = %S
writeable = Yes
read only = No
create mask = 755
directory mask = 0775
browseable = No
[profiles]
path = \\%L\%U\profile
read only = No
writeable = Yes
browseable = no
profile acls = Yes
guest ok = yes
[tmp]
comment = Temporary file space
path = /tmp
readonly = no
guest ok = yes
[filestor]
comment = Misc User Files/Application Data
path = /net/file_stor/
valid users = @"Domain Admins", @"Domain Users"
public = no
writeable = yes
printable = no
create mask = 0700
[backups]
comment = server backup files
path = /net/backups/
valid users = @"Domain Admins"
public = no
writeable = yes
printable = no
create mask = 0765
[applications]
comment = Storage for software applications
path = /applications/
valid users = @"XP_Power_Users", @"Domain Admins"
public = no
guest ok = no
writeable = yes
printable = no
create mask = 755
[ProfileDir]
comment = Root of all Homes for admin tasks
path = /net/users
valid users = @"Domain Admins"
public = no
writeable = yes
printable = no
create mask = 0666
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
printer admin = @"Domain Admins", @"XP_Power_Users"
[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browsable = yes
guest ok = no
read only = yes
write list = @"Domain Admins", @"XP_Power_Users"
----END SMB.CONF----
-----Original Message-----
From: samba-bounces+dnortham=ffpglobal.com at lists.samba.org
[mailto:samba-bounces+dnortham=ffpglobal.com at lists.samba.org] On Behalf
Of Dan
Sent: Friday, February 10, 2006 11:20 AM
To: samba at lists.samba.org
Subject: [Samba] Upgraded from 3.0.9 -> 3.0.21b - Now adding machines
aproblem
I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b
to try and fix a browse issue with Windows 2003 Server and linux samba
servers. The browse issue was fixed, but now I am having problems
adding machines to the network. I run slackware 10.0 linux with an
openldap backend which has worked fine until now. I also upgraded the
samba tools from idealx.org to the latest version. First when I went to
add a machine it would bomb out and when I would check the ldap
directory I noticed it had the posix machine info but not the samba
machine info. To add the machine I am using the command
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
in my smb.conf as specified in the example. I then looked at the
smbldap-useradd script and realized that the add_samba_machine call from
the tools.pm file was never getting called anywhere in the scripts so
maybe this is incorrect but I added the following to the smbldap-useradd
script:
if (defined($Options{'w'})) {
if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
die "$0: error while adding samba account\n";
}
}
right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print "About to create machine $userName:\n";
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die "$0: error while adding posix account\n";
}
so that the rest of the ldap info was getting filled in. It still would
bomb out on me with the error "The user name could not be found" but it
did make a difference. Leaving the new ldap entry alone I would then
try and add the machine again and it would work so I am not sure what is
wrong. I checked the machine entry in ldap before and after and nothing
much seems to have changed. I checked the samba logs and the user
adding to the domain comes back as authenticated so I am at a loss as to
why it would fail the first time and not the second.
Now most likely I am doing something else wrong as I can't imagine I
should have to change the scripts but I haven't come across what it is.
Has anyone seen this behavior before?
Any help is greatly appreciated thanks.
Dan,
Below is the global section of my smb.conf:
[global]
workgroup=MYDOMAIN
netbios name=MYDOMAIN_PDC
admin users = administrator
server string = MY PDC
security = user
load printers = yes
; printcap name = /etc/printcap
; print command = lpr -r -P%p %s
; printing = lprng
; printcap name = cups
; printing = cups
; show add printer wizard = yes
log file = /var/log/samba/log.%m
max log size = 10000
ldap ssl = on
passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636
ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=users
ldap suffix = dc=home,dc=mydomain,dc=org
ldap delete dn = no
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%u'
'%g'
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
ldap passwd sync = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
idmap backend = ldap:ldaps://ldap.mydomain.org:636
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 128
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
logon script = logon.bat
encrypt passwords = yes
unix password sync = no
passwd program = /usr/local/sbin/smbldap-passwd -o %u
logon path = c:\Documents and Settings\%U
remote announce = 10.1.0.255
remote browse sync = 10.1.0.255
wins support = yes
map to guest = Never
nt acl support = true
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list