[Samba] samba ldap domain join
lenny at edpausa.com
lenny at edpausa.com
Wed May 17 14:08:07 GMT 2006
still haven't found any resolution for this problem. I tried using a "-t"
parameter with smbldap-passwd, but that didn't make any difference. The
debug output still shows that it simply can't find the created computer
account, eventhough it creates it the right ou.
I wish there was a way to no have to deal with computer accounts at all.
here's the relevant part of debug output. machine name is cia.
Finding user cia$
Trying _Get_Pwnam(), username as lowercase is cia$
Checking combinations of 0 uppercase letters in cia$
Get_Pwnam_internals didn't find user [cia$]!
_samr_create_user: Running the command
`/usr/local/samba/sbin/smbldap-useradd -t 5 -n -d /dev/null -s
/bin/false -w "cia"' gave 0
Finding user cia$
Trying _Get_Pwnam(), username as lowercase is cia$
Checking combinations of 0 uppercase letters in cia$
Get_Pwnam_internals didn't find user [cia$]!
cia (192.168.1.94) closed connection to service IPC$
some other relevant config parts. ( the actual config files have correct
dns) ).
Domain Admins (S-1-5-21-572523613-314456280-397268875-512) -> sambaadmins
Domain Users (S-1-5-21-572523613-314456280-397268875-513) -> admins
Domain Guests (S-1-5-21-572523613-314456280-397268875-514) -> users
Domain Computers (S-1-5-21-572523613-314456280-397268875-515) -> guests
----
init_sam_from_ldap: Entry found for user: administrator
Home server: brutus
Home server: brutus
---------------
Unix username: administrator
NT username: administrator
Account Flags: [U ]
User SID: S-1-5-21-572523613-314456280-397268875-500
Primary Group SID: S-1-5-21-572523613-314456280-397268875-1041
Full Name: administrator
Home Directory: \\brutus\administrator
HomeDir Drive:
Logon Script:
Profile Path: \\brutus\administrator\profile
Domain: LDAPAUTH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 22:14:07 EST
Kickoff time: Mon, 18 Jan 2038 22:14:07 EST
Password last set: Mon, 15 May 2006 10:00:52 EDT
Password can change: Mon, 08 May 2006 14:39:02 EDT
Password must change: Mon, 18 Jan 2038 22:14:07 EST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
------------------
>
>
> smb.conf
>
> add user script = /usr/local/samba/sbin/smbldap-useradd -n "%u"
> add machine script = /usr/local/samba/sbin/smbldap-useradd -n -d
> /dev/null -s /bin/false -w "%m"
>
ldap suffix = dc=mydomain,dc=com
> ldap admin dn = "cn=Directory Manager"
> ldap group suffix = ou=groups,dc=mydomain,dc=com
> ldap idmap suffix = ou=idmap,dc=mydomain,dc=com
> ldap machine suffix =ou=computers,dc=mydomain,dc=com
> ldap ssl = no
> ldap user suffix = ou=people
> idmap backend = ldapsam:ldap://myldapserver
> idmap uid = 10000-30000
> idmap gid = 10000-30000
> smb-ldap.conf
>
> suffix="dc=mydomain,dc=com"
>
> usersdn="ou=People,${suffix}"
> computersdn="ou=computers,${suffix}"
> groupsdn="ou=Groups,${suffix}"
> idmapdn="ou=idmap,${suffix}"
> sambaUnixIdPooldn="sambaDomainName=LDAPAUTH,${suffix}"
More information about the samba
mailing list