[Samba] Samba/LDAP Question
Hector Blanco
white.lists at gmail.com
Tue Mar 18 09:46:48 GMT 2008
Hello!
A few days ago, two users of this list sent me examples of a working
"machine" account in Samba, beause the one I get when I try to add a
machine with smbldap doesn't work very well (as I explained in
http://lists.samba.org/archive/samba/2008-February/138639.html) and I
found that in my account some fields didn't appear (as shown in
http://lists.samba.org/archive/samba/2008-February/138860.html)
I'm thinking in adding the missing fields by hand. I guess that the
most important fields are:
---------------------------
objectClass: sambaSamAccount
[. . .]
sambaNTPassword:
sambaPrimaryGroupSID:
sambaSID:
---------------------------
I suppose I know how to set the sambaNTPassword with smbpasswd but I
don't know what I should write as sambaPrimaryGroupSID and sambaSID. I
think I remember reading somewhere that the sambaSID can be calculated
somehow, but I don't remember now, and I certainly don't know what to
do with the sambaPrimaryGroupSID. Does any of you know how to
calculate them?
Alternatively, I've beenthinking that maybe I can add a machine (or at
least these samba fields) with other commands, besides the
smbldap-tools,I mean... maybe I could get something with the "normal"
samba commands (smbpasswd, and so on). Is it possible? Any
recommendations?
Any hint will be deeply appreciated :)
2008/2/27, Frank J. Pellegrino <frank.pellegrino at sju.edu>:
> Below is a sample of a machine entry:
>
> dn: uid=295mand01$,ou=computers,o=sju.edu
> cn: 295mand01$
> description: Computer
> gecos: Computer
>
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
>
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
>
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
>
> sambaAcctFlags: [W ]
> sambaNTPassword: 8E5BB69CD089184751166B254347DBD2
> sambaPrimaryGroupSID: S-1-5-21-1948856034-3740470957-464559834-2031
> sambaSID: S-1-5-21-1948856034-3740470957-464559834-2005314
> sn: 295mand01$
> uid: 295mand01$
> uidNumber: 1002157
>
>
>
>
> At 04:02 PM 2/27/2008, Hector Blanco wrote:
> >Ehm... just to make sure... could anybody who has LDAP+Samba working
> >send the ldif definition of what he has as a "machine"?
> >
> >I've got this as a machine:
> >------------------------------------
> >dn: uid=enano$,ou=Hosts,dc=jome
> >objectClass: top
> >objectClass: person
> >objectClass: organizationalPerson
> >objectClass: inetOrgPerson
> >objectClass: posixAccount
> >cn: enano$
> >sn: enano$
> >uid: enano$
> >uidNumber: 1007
> >gidNumber: 515
> >homeDirectory: /dev/null
> >loginShell: /bin/false
> >description: Computer
> >gecos: Computer
> >structuralObjectClass: inetOrgPerson
> >entryUUID: 0cd59f8e-79a9-102c-8d64-8b73cc15be28
> >creatorsName: cn=admin,dc=jome
> >createTimestamp: 20080227175622Z
> >entryCSN: 20080227175622Z#000001#00#000000
> >modifiersName: cn=admin,dc=jome
> >modifyTimestamp: 20080227175622Z
> >entryDN: uid=enano$,ou=Hosts,dc=jome
> >subschemaSubentry: cn=Subschema
> >hasSubordinates: FALSE
> >-------------------------------------
> >
> >and I don't see any "samba" thing in here... Is that fine?
> >
> >Thanks!!
> >
> >
> >
> >2008/2/27, Frank J. Pellegrino <frank.pellegrino at sju.edu>:
> > > If your solaris box is setup as an LDAP client you can add a search
> > > descriptor with the ldapclient command.
> > > Below is an example of what we changed to make joining the domain work on
> > > the first try.
> > >
> > > NS_LDAP_SERVICE_SEARCH_DESC= passwd:
> > ou=computers,o=sju.edu;ou=People,o=sju.edu
> > >
> > >
> > >
> > >
> > > At 03:13 PM 2/27/2008, Hector Blanco wrote:
> > > >Mmmm..If I understood properly, I'm afraid I can just say... "Welcome
> > > >to the club, mate":
> > > >
> > > >Take a look to this:
> > > >http://lists.samba.org/archive/samba/2008-February/138639.html
> > > >http://lists.samba.org/archive/samba/2008-February/138442.html
> > > >
> > > >May it be a bug?? Is the same thing that is happeing to you?
> > > >
> > > >Regards
> > > >
> > > >2008/2/4, Frank J. Pellegrino <frank.pellegrino at sju.edu>:
> > > > > We have just setup Samba 3.0.28 with LDAP support. We are using a
> > Sun One
> > > > > 5.2 LDAP server.
> > > > >
> > > > > We are having a problem when a new machine joins the domain.
> > > > > Here is a snippet of our smb.conf file
> > > > > add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
> > > > > ldap machine suffix = ou=computers
> > > > > ldap user suffix = ou=People
> > > > >
> > > > > When a new machine attempts to join the domain a new entry is
> > created in
> > > > > ou=computers as expected. This entry has only the posixAccount
> > > > information
> > > > > and no Samba info. However, the machine reports that it failed to
> > > > join the
> > > > > domain. Log entries on both samba and LDAP tell me that after the
> > > > entry is
> > > > > created, samba is trying to find that entry in ou=people instead of
> > > > > ou=computers.
> > > > >
> > > > > Attempting to add the machine again gives us an error that the
> > machine
> > > > > already exists.
> > > > >
> > > > > I modified smbldap-useradd to include the sambaSamAccount
> > information when
> > > > > the entry is created. The first attempt to join the domain still
> > fails,
> > > > > however trying again succeeds.
> > > > >
> > > > > In another test, I removed the modifications from smbldap-useradd and
> > > > > modified the smbldap.conf file so that it thought the machines
> > container
> > > > > was ou=people. With this change the new machine was able to join the
> > > > > domain on the first try. The problem here is that we don't want the
> > > > > machines mixed in with the users.
> > > > >
> > > > > So from this I determined that after creating the new entry for the
> > > > > machine, Samba then goes and looks for that entry in ou=people
> > instead of
> > > > > ou=computers. My guess is that there is a bug in the code that
> > looks at
> > > > > the wrong configuration entry.
> > > > >
> > > > > I have tried looking through the C code on my own. I'm only
> > familiar with
> > > > > C so I haven't made as much progress as I'd like.
> > > > >
> > > > > Is this a known bug? Is it possible that we have a configuration
> > wrong
> > > > > somewhere?
> > > > >
> > > > > Can anyone point me to the correct C file so I can try and fix this?
> > > > >
> > > > > I'd appreciate any help I can get.
> > > > >
> > > > > Thanks.
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe from this list go to the following URL and read the
> > > > > instructions: https://lists.samba.org/mailman/listinfo/samba
> > > > >
> > > >--
> > > >To unsubscribe from this list go to the following URL and read the
> > > >instructions: https://lists.samba.org/mailman/listinfo/samba
> > >
> > >
> > >
> > >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
>
>
More information about the samba
mailing list