[Samba] Samba/LDAP Question

Frank J. Pellegrino frank.pellegrino at sju.edu
Wed Feb 27 21:20:06 GMT 2008 

Below is a sample of a machine entry:

dn: uid=295mand01$,ou=computers,o=sju.edu
cn: 295mand01$
description: Computer
gecos: Computer
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
sambaAcctFlags: [W          ]
sambaNTPassword: 8E5BB69CD089184751166B254347DBD2
sambaPrimaryGroupSID: S-1-5-21-1948856034-3740470957-464559834-2031
sambaSID: S-1-5-21-1948856034-3740470957-464559834-2005314
sn: 295mand01$
uid: 295mand01$
uidNumber: 1002157



At 04:02 PM 2/27/2008, Hector Blanco wrote:
>Ehm... just to make sure... could anybody who has LDAP+Samba working
>send the ldif definition of what he has as a "machine"?
>
>I've got this as a machine:
>------------------------------------
>dn: uid=enano$,ou=Hosts,dc=jome
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: inetOrgPerson
>objectClass: posixAccount
>cn: enano$
>sn: enano$
>uid: enano$
>uidNumber: 1007
>gidNumber: 515
>homeDirectory: /dev/null
>loginShell: /bin/false
>description: Computer
>gecos: Computer
>structuralObjectClass: inetOrgPerson
>entryUUID: 0cd59f8e-79a9-102c-8d64-8b73cc15be28
>creatorsName: cn=admin,dc=jome
>createTimestamp: 20080227175622Z
>entryCSN: 20080227175622Z#000001#00#000000
>modifiersName: cn=admin,dc=jome
>modifyTimestamp: 20080227175622Z
>entryDN: uid=enano$,ou=Hosts,dc=jome
>subschemaSubentry: cn=Subschema
>hasSubordinates: FALSE
>-------------------------------------
>
>and I don't see any "samba" thing in here... Is that fine?
>
>Thanks!!
>
>
>
>2008/2/27, Frank J. Pellegrino <frank.pellegrino at sju.edu>:
> > If your solaris box is setup as an LDAP client you can add a search
> >  descriptor with the ldapclient command.
> >  Below is an example of what we changed to make joining the domain work on
> >  the first try.
> >
> >  NS_LDAP_SERVICE_SEARCH_DESC= passwd: 
> ou=computers,o=sju.edu;ou=People,o=sju.edu
> >
> >
> >
> >
> >  At 03:13 PM 2/27/2008, Hector Blanco wrote:
> >  >Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
> >  >to the club, mate":
> >  >
> >  >Take a look to this:
> >  >http://lists.samba.org/archive/samba/2008-February/138639.html
> >  >http://lists.samba.org/archive/samba/2008-February/138442.html
> >  >
> >  >May it be a bug??  Is the same thing that is happeing to you?
> >  >
> >  >Regards
> >  >
> >  >2008/2/4, Frank J. Pellegrino <frank.pellegrino at sju.edu>:
> >  > > We have just setup Samba 3.0.28 with LDAP support.  We are using a 
> Sun One
> >  > >  5.2 LDAP server.
> >  > >
> >  > >  We are having a problem when a new machine joins the domain.
> >  > >  Here is a snippet of our smb.conf file
> >  > >    add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
> >  > >    ldap machine suffix = ou=computers
> >  > >    ldap user suffix = ou=People
> >  > >
> >  > >  When a new machine attempts to join the domain a new entry is 
> created in
> >  > >  ou=computers as expected.  This entry has only the posixAccount
> >  > information
> >  > >  and no Samba info.  However, the machine reports that it failed to
> >  > join the
> >  > >  domain.  Log entries on both samba and LDAP tell me that after the
> >  > entry is
> >  > >  created, samba is trying to find that entry in ou=people instead of
> >  > >  ou=computers.
> >  > >
> >  > >  Attempting to add the machine again gives us an error that the 
> machine
> >  > >  already exists.
> >  > >
> >  > >  I modified smbldap-useradd to include the sambaSamAccount 
> information when
> >  > >  the entry is created.  The first attempt to join the domain still 
> fails,
> >  > >  however trying again succeeds.
> >  > >
> >  > >  In another test, I removed the modifications from smbldap-useradd and
> >  > >  modified the smbldap.conf file so that it thought the machines 
> container
> >  > >  was ou=people.  With this change the new machine was able to join the
> >  > >  domain on the first try.  The problem here is that we don't want the
> >  > >  machines mixed in with the users.
> >  > >
> >  > >  So from this I determined that after creating the new entry for the
> >  > >  machine, Samba then goes and looks for that entry in ou=people 
> instead of
> >  > >  ou=computers.  My guess is that there is a bug in the code that 
> looks at
> >  > >  the wrong configuration entry.
> >  > >
> >  > >  I have tried looking through the C code on my own.  I'm only 
> familiar with
> >  > >  C so I haven't made as much progress as I'd like.
> >  > >
> >  > >  Is this a known bug?  Is it possible that we have a configuration 
> wrong
> >  > >  somewhere?
> >  > >
> >  > >  Can anyone point me to the correct C file so I can try and fix this?
> >  > >
> >  > >  I'd appreciate any help I can get.
> >  > >
> >  > >  Thanks.
> >  > >
> >  > >
> >  > >
> >  > >  --
> >  > >  To unsubscribe from this list go to the following URL and read the
> >  > >  instructions:  https://lists.samba.org/mailman/listinfo/samba
> >  > >
> >  >--
> >  >To unsubscribe from this list go to the following URL and read the
> >  >instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
> >
> >
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list