[Samba] Samba and LDAP: Trouble adding Win XP machines to the
domain
mikelOn
mikel.santos at idom.es
Wed Jun 27 18:30:25 GMT 2007
I will install nss tomorrow I soon as I get to work and I will give feedback
of the experience. I hope the problem is there!
Thank you very much
Edmundo Valle Neto wrote:
>
> mikelOn escreveu:
>> I am using debian etch for the testing but I have had the same problem
>> with
>> gentoo 2007.0. I used smbldap-populate (the admin user is "root" so no
>> parameters at all) and I also tried with "-u 50000 and -g 50000" so that
>> user ids do not overlap.
>>
>
> Probably you didnt configured something in all the distros.
> High ids are used principally in migrations when you dont want them to
> clash with old ids (made who knows how).
>
>> Do I need anything else (nss) if I am not authenticating *nix clients?
>>
>> getent passwd does not show the machine accounts, should they be also be
>> there and not only in the ldap? I thought that was not necessary.
>>
>
> Yes, do you need NSS working. I dont know where exactly it breaks when
> you dont have it. If you dont want to use posix accounts with samba
> simply give them a null shell (set the loginShell attribute with
> /bin/false) and they will not be able to be used (if you dont have
> configured PAM, I doubt that you can use them too). (If I remember right
> smbldap-tools in debian already creates accounts with a null shell)
>
> Samba has an option called "ldap:trusted = yes", but I dont know if NSS
> is really NOT USED even if you do that in recent versions of samba.
> Maybe the developers can answer that.
>
> Anyway the system uses NSS to resolve posix account names. And samba
> need posix accounts to map samba accounts.
>
> In debian you install and configure the package libnss-ldap and set it
> to be used in /etc/nsswitch.conf.
>
> You can test NSS with "getent passwd" and "getent group", your accounts
> in ldap must be visible then.
>
>
> Regards.
>
> Edmundo Valle Neto
>
>> I user the root user to join the machines and the smb query you suggest
>> works properly. I can even list the samba shares from the windows
>> machines.
>>
>> Thanks again
>>
>>
>> Edmundo Valle Neto wrote:
>>
>>> What distro are you using?
>>> How did you populate it?
>>> I use Debian (its a little different), but how did you configured NSS?
>>> ("getent passwd" shows your machine accounts?)
>>> What user are you using to join? (if root, "smbclient -L localhost
>>> -Uroot" works on the shell to list the shares?)
>>>
>>> Regards.
>>>
>>> Edmundo Valle Neto
>>>
>>> mikelOn escreveu:
>>>
>>>> I am not running nscd :(
>>>>
>>>> Thanks for your response
>>>>
>>>>
>>>> simo-7 wrote:
>>>>
>>>>
>>>>> On Wed, 2007-06-27 at 09:45 -0700, mikelOn wrote:
>>>>>
>>>>>
>>>>>>> About the samba attributes, when you add a machine account the
>>>>>>> script
>>>>>>> "add machine" must NOT ADD SAMBA ATTRIBUTES, only posix, samba does
>>>>>>> that
>>>>>>> alone. Refer to the idealx documentation (if you really want that
>>>>>>> things
>>>>>>> work properly, reading the documentation is not an option), it was
>>>>>>> already discussed here and the documentation explains how to
>>>>>>> configure
>>>>>>> that and how it should work.
>>>>>>>
>>>>>>>
>>>>>> I did set a debug level of 4 and what I saw was a
>>>>>> NT_STATUS_NO_SUCH_USER
>>>>>> (or
>>>>>> something alike) but no more specific details. The machine account
>>>>>> (posix)
>>>>>> gets created automatically but the samba attributes are not added by
>>>>>> samba.
>>>>>>
>>>>>>
>>>>> look for nscd running, it may cache a negative response and samba
>>>>> never
>>>>> see the created posix attributes in time to add samba stuff.
>>>>>
>>>>> Simo.
>>>>>
>>>>> --
>>>>> Simo Sorce
>>>>> Samba Team GPL Compliance Officer
>>>>> email: idra at samba.org
>>>>> http://samba.org
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>>
>>>
>>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
--
View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11330033
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list