[Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]

Henrik Dige Semark hds at semark.dk
Sun Aug 16 10:46:19 MDT 2009 

  Adam Tauno WIlliams skrev:
>> I'm trying to move my existing MS-AD over to SAMBA, the place I'm 
>>     
>
> So you have an AD domain?  Samba 3.x does not provide an AD domain, it
> provides an NT domains, so your requirement of "everything keeps running
> in the same or almost the same way" cannot be met.  Unless you want to
> try Samba 4.
>   
We are not using the AD-functionalitys so what I ment was that my 
windows-clients is able to join the domain, and user-validate.
>   
>> When I try to join a Windows Vista Ultimate ore Windows XP Pro to the 
>> domain it takes 30 sec and then it says "The machine account dos not 
>> exist" but as I understand that is what
>> "add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to 
>> do right ?
>>     
>
> It is supposed to, yes.
>
>   
>>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>     
>
> Get rid of all the "socket options" stuff.  Are you using an old HOWTO
> or some crap Wiki entry from somewhere?  Setting this directive is an
> OLD habit and very obsolete.  Use only the Samba HOWTO and By-Example as
> provided on Samba docs.  Assume everything else on the Internet is
> obsolete and out-of-date, because it most likely is.
>   
It was en the example file for smbldatp-tools Domain config. I have 
removed it now, but still now differance
>   
>> [2009/08/14 18:22:24,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
>>  pdb_get_group_sid: Failed to find Unix account for DomAdmin
>> [2009/08/14 18:22:24,  1] auth/auth_util.c:make_server_info_sam(562)
>>  User DomAdmin in passdb, but getpwnam() fails!
>>     
>
> I don't know why it is looking for a "DomAdmin" account. Perhaps your
> directory is not fully initialized?  Loaded with the required users,
> etc...
>   
DomAdmin, is a Domain-administrator accaunt I have created instead of 
"admin" ore "root"
I have ran "smbldap-populate -u 10000 -g 10000 -a admin -g guest" and it 
populates LDAP with all the default users and groupes windows need to be 
able to join.
-u uidNumber  first uidNumber to allocate (default: 1000)
-g gidNumber  first uidNumber to allocate (default: 1000)
-a user       administrator login name (default: root)
-b user       guest login name (default: nobody)
>   
>> Error: modifications require authentication at 
>> /usr/share/perl5/smbldap_tools.pm line 1083.
>> [2009/08/14 18:22:48,  0] 
>> passdb/pdb_interface.c:pdb_default_create_user(336)
>>  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 
>> -w -i "hds$"' gave 127
>>     
>
> I don't use smblap-tools but this looks like they don't have sufficient
> config to authenticate to the DSA.
>   
Don't know what the problem is with smbldap-useradd, but when I run the 
command alone it creates a windows machine user:
# smbldap-useradd -w -i testcomputer
New password : 1234
Retype new password : 1234
failed to add entry: structural object class modification from 'account' 
to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd line 311, 
<STDIN> line 2.

I have the schemas that provite account and inetOrgPerson

# smbldap-useradd -?
(c) Jerome Tournier - (jtournier at gmail.com)- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
  -a    is a Windows User (otherwise, Posix stuff only)
  -b    is a AIX User
  -c    gecos
  -d    home
  -g    gid
  -i    is a trust account (Windows Workstation)
  -k    skeleton dir (with -m)
  -m    creates home directory and copies /etc/skel
  -n    do not create a group
  -o    add the user in the organizational unit (relative to the user 
suffix. Ex: 'ou=admin,ou=all')
  -u    uid
  -s    shell
  -t    time. Wait 'time' seconds before exiting (when adding Windows 
Workstation)
  -w    is a Windows Workstation (otherwise, Posix stuff only)
  -A    can change password ? 0 if no, 1 if yes
  -B    must change password ? 0 if no, 1 if yes
  -C    sambaHomePath (SMB home share, like '\\PDC-SRV\homes')
  -D    sambaHomeDrive (letter associated with home share, like 'H:')
  -E    sambaLogonScript (DOS script to execute on login)
  -F    sambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo')
  -G    supplementary comma-separated groups
  -H    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
  -M    local mailAddress (comma seperated)
  -N    given name
  -P    ends by invoking smbldap-passwd
  -S    surname (Family name)
  -T    mailToAddress (forward address) (comma seperated)
  -?    show this help message

Mike Eggleston skrev:

    I'm not at work and am unable to compare your configuration with
    my production configuration. I have a similar environment, though,
    and found for windows boxes I needed to create the account in LDAP
    first (I use smbldap-adduser ...), then I must also add my samba
    server as a WINS server to the windows box, then I can join the
    windows box to my samba pdc domain.

    Mike
      

I have now tryed to set my server as wins-server - still samme problem

-- 
Med Venlig Hilsen / Best regards
Henrik Dige Semark

More information about the samba mailing list