[Samba] Trouble adding to domain
Cardon Denis
denis.cardon at tranquilitsystems.com
Tue Jun 5 19:50:28 GMT 2007
Daniel Davidson a écrit :
> My problem seems to have been related to how the ldap records were set
> up. Just so everyone knows the computer entry based off my config file
> should look like:
>
> # SIRGUAIN$, computer, igb.uiuc.edu
> dn: uid=SIRGUAIN$,ou=computer,dc=igb,dc=uiuc,dc=edu
> uid: SIRGUAIN$
> sambaSID: S-none-of-yo-bidness-1000
> objectClass: sambaSamAccount
> objectClass: account
> displayName: SIRGUAIN$
> sambaAcctFlags: [W ]
> sambaPwdMustChange: 9223372036854775807
> sambaPwdCanChange: 1181057492
> sambaNTPassword: noneyobidnesseither
> sambaPwdLastSet: 1181057492
>
> Instead of:
>
> # lancelot1$, computer, igb.uiuc.edu
> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> cn: lancelot1$
> sn: lancelot1$
> uid: lancelot1$
> uidNumber: 1009
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
>
>
> However smbldap-useradd created the latter. What am I doing wrong that
> does this?
Perhaps you are missing the -a flag. Indeed, in order for
smbldap-useradd script to create a SambaSAMAccount entry, you need to
add the -a flag, whether you are running from command line or from
inside the smb.conf file. Excerpt from the smbldap-useradd help :
-a is a Windows User (otherwise, Posix stuff only)
Hope this helps,
Denis
>
> thanks,
>
> Dan
>
> On Mon, 2007-06-04 at 14:03 -0500, Daniel Davidson wrote:
>> I am having trouble adding machines to domains. I enter a proper
>> username and password on the windows end, the ldap server executes the
>> proper script, the script executes properly, resulting in the right
>> entry into ldap as shown below:
>>
>> # lancelot1$, computer, igb.uiuc.edu
>> dn: uid=lancelot1$,ou=computer,dc=igb,dc=uiuc,dc=edu
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> cn: lancelot1$
>> sn: lancelot1$
>> uid: lancelot1$
>> uidNumber: 1002
>> gidNumber: 515
>> homeDirectory: /dev/null
>> loginShell: /bin/false
>> description: Computer
>> gecos: Computer
>>
>> However, the windows system does not have it join the domain, and give
>> an error saying "the user name could not be found." Below is my config,
>> does anyone know what would cause this?
>>
>>
>> [global]
>> netbios name = arthur
>> workgroup = igbtest
>> server string = igb test domain
>> security = user
>> encrypt passwords = yes
>> local master = yes
>> os level = 65
>> domain master = yes
>> preferred master = yes
>> null passwords = no
>> hide unreadable = yes
>> hide dot files = yes
>> domain logons = yes
>> log file = /var/log/samba/log.%m
>> max log size = 50
>>
>> add user script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -m "%u"
>> add machine script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-useradd
>> -w "%u"
>> add group script
>> = /usr/share/doc/samba-3.0.24/LDAP/smbldap-tools-0.9.2/smbldap-groupadd
>> -p "%g"
>>
>> passdb backend = ldapsam:ldap://127.0.0.1/
>> ldap delete dn = Yes
>> ldap ssl = no
>>
>> ldap suffix = dc=igb,dc=uiuc,dc=edu
>> ldap admin dn = cn=ldapadmin,dc=igb,dc=uiuc,dc=edu
>> ldap group suffix = ou=group
>> ldap user suffix = ou=People
>> ldap machine suffix = ou=computer
>> ldap idmap suffix = ou=idmap
>>
>> [netlogon]
>> path = /var/lib/samba/netlogon
>> # guest ok = Yes
>> browseable = no
>> write list = root
>>
>> [homes]
>> path = /home/%U
>> browseable = no
>> valid users = %S
>> read only = no
>> create mask = 0664
>> directory mask = 0775
>>
>
--
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0) 2.41.67.56.99
http://www.tranquil-it-systems.fr
More information about the samba
mailing list