[Samba] UNIX accounts can create
Ryan Steele
steele at agora-net.com
Fri Jun 16 12:48:00 GMT 2006
Jorge,
Sorry, but nothing seems apparently obvious to me... I would really try
making sure that smbldap-tools has all the proper information in its
configuration files. I'm short on time, but I hope I helped at least a
little bit.
Best,
Ryan
IT wrote:
> ryan i see and review my configuration a lot of times searching a error
> but nothing... I thinking to reinstall all server in a linux box for
> test. the actual samba+ldap server is a Unix Solaris 10 X86
>
> /usr/local/samba/bin/net getlocalsid
> SID for domain NEPTUNE is: S-1-5-21-1628075765-904855948-1163074499
>
> smbldap.conf wthout "comments"
>
> SID="S-1-5-21-1628075765-904855948-1163074499"
>
> sambaDomain="XXXXL_DOM"
> slaveLDAP="localhost"
> slavePort="389"
> masterLDAP="localhost"
> masterPort="389"
> ldapTLS="0"
> verify=""
> cafile=""
> clientcert=""
> clientkey=""
> suffix="dc=mydom,dc=com,dc=ar"
> usersdn="ou=Users,${suffix}"
> computersdn="ou=Computers,${suffix}"
> groupsdn="ou=Groups,${suffix}"
> idmapdn="ou=Idmap,${suffix}"
> sambaUnixIdPooldn="sambaDomainName=XXXXXL_DOM,${suffix}"
> scope="sub"
> hash_encrypt="CRYPT"
> crypt_salt_format="%s"
> userLoginShell="/bin/bash"
> userHome="/usuarios/%U"
> userHomeDirectoryMode="700"
> userGecos="System User"
> defaultUserGid="513"
> defaultComputerGid="515"
> skeletonDir="/etc/skel"
> defaultMaxPasswordAge="45"
> userSmbHome="\\neptune\%U"
> userProfile="\\neptune\profiles\%U"
> userHomeDrive="P:"
> userScript="login1.bat"
> mailDomain=""
> with_smbpasswd="0"
> smbpasswd="/usr/local/sbin/smbpasswd"
> with_slappasswd="0"
> slappasswd="/usr/local/sbin/slappasswd"
>
>
> my smb.conf
> [global]
> workgroup = XXXXXL_DOM
> server string = NT2003
> interfaces = e1000g0
> security = user
> log level = 10
> syslog = 0
> log file = /var/log/samba/%m
> domain logons = yes
> passdb backend = ldapsam:ldap://localhost
> domain master = No
> smb ports = 139 445
> #name resolver order = hosts lmhosts wins bcast
> wins server = 10.1.1.211
> ldap suffix = dc=mydom,dc=com,dc=ar
> ldap ssl = no
> ldap timeout = 20
> domain master = no
> ldap suffix = dc=mydom,dc=com,dc=ar
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap admin dn = cn=Manager,dc=mydom,dc=com,dc=ar
> ldap idmap suffix = ou=Idmap
>
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> #delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m
> "%u" "%g"
> delete user from group script =
> /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g
> "%g" "%u"
>
> TIA
> Jorge
>
> */Ryan Steele <steele at agora-net.com>/* escribió:
>
> Ooops, I meant see what it returns and copy and paste that into
> smbldap.conf
>
> Best,
> Ryan
>
> Ryan Steele wrote:
> > Not totally sure...sounds like a problem with smbldap not having
> the
> > proper SID. Do a 'net getlocalsid' and put what it returns in
> > smbldap.conf on the line where you specify the SID for the domain.
> > It's the firs thing under General Configuration. See if that helps.
> >
> > Best,
> > Ryan
> >
> > IT wrote:
> >>
> >> Thanks ryan...
> >>
> >> First i use smbldap-useradd with "-a " flag in the smb.conf but
> the
> >> vampire process create the ldap porcion but cant create posix
> >> accounts. in the vampire process say "Cant create posix account
> info".
> >>
> >> Triying to resolve this problem. i see that populate
> >> and smbldap-useradd either create the posix part.
> >>
> >> with -a flag say:
> >>
> >> /usr/local/sbin/smbldap-useradd -a testuser
> >> Cannot confirm uidNumber 1008 is free: checking for the next one
> >> Can't call method "get_value" on an undefined value at
> >> /usr/local/sbin/smbldap-userad line 197.
> >>
> >> viewing te code near line 197
> >>
> >> 189 my $group_entry;
> >> 190 my $userGroupSID;
> >> 191 my $userRid;
> >> 192 my $user_sid;
> >> 193 if (defined $Options{'a'} or defined $Options{'i'}) {
> >> 194 # as grouprid we use the value of the sambaSID attribute for
> >> 195 # group of gidNumber=$userGidNumber
> >> 196 $group_entry = read_group_entry_gid($userGidNumber);
> >> 197 $userGroupSID =$group_entry->get_value('sambaSID');
> >> 198 unless ($userGroupSID) {
> >> 199 print "Error: SID not set for unix group $userGidNumber\n";
> >> 200 print "check if your unix group is mapped to an NT group\n";
> >> 201 exit (7);
> >> 202 }
> >>
> >>
> >> any idea?
> >>
> >> Jorge
> >>
> >> */Ryan Steele /* escribió:
> >>
> >> IT wrote:
> >> > Anybody know whats wrong when the commands
> >> >
> >> > smbldap-useradd or populate work fine with ldap but cant create
> >> > unix/linux accounts ????
> >> >
> >> >
> >> > Pelase Help.
> >> >
> >> >
> >> > Jorge
> >> >
> >> >
> >> > __________________________________________________
> >> > Correo Yahoo!
> >> > Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> >> > ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
> >> >
> >> I think you have to provide it the "-a" option if you want it to
> >> create
> >> a posix account. List, correct me if I'm wrong. Hope that helps,
> >> Jorge.
> >>
> >> Best,
> >> Ryan
> >>
> >>
> >> __________________________________________________
> >> Correo Yahoo!
> >> Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> >> ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
> >>
> >
>
>
> __________________________________________________
> Correo Yahoo!
> Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar
>
More information about the samba
mailing list